patrick@gentoo.org Patrick Lauer StrongSwan is direct descendant of the discontinued FreeS/WAN project. As an IPsec based VPN solution which is focused on security and ease of use, it fully implements the IKEv1/IKEv2 protocols, MOBIKE, NAT-Traversal via UDP encapsulation (incl. port floating) and Dead Peer Detection. It also fully supports the Linux 2.6 IPsec stack, IPv6, certificates/keys on Smartcards and virtual IP address pools. Enable advanced X.509 constraint checking plugin Enable server support for querying virtual IP addresses for clients from a DHCP server. (IKEv2 only) Enable support for the different EAP modules that are supported Enable faking of ARP responses for virtual IP addresses assigned to clients (IKEv2 only) Enable dev-libs/libgcrypt plugin which provides 3DES, AES, Blowfish, Camellia, CAST, DES, Serpent and Twofish ciphers along with MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+). Also includes a software random number generator. Force IKEv1/IKEv2 daemons to normal user privileges. This might impose some restrictions mainly to the IKEv1 daemon. Disable only if you really require superuser privileges. Enable dev-libs/openssl plugin which is required for Elliptic Curve Cryptography (DH groups 19-21,25,26) and ECDSA. Also provides 3DES, AES, Blowfish, Camellia, CAST, DES, IDEA and RC5 ciphers along with MD2, MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+) dev-libs/openssl has to be compiled with USE="-bindist". Enable pkcs11 support Enable support for Intel AES-NI crypto plugin Enable ChaCha20/Poly1305 AEAD implementation and ChaCha20 XOF plugin Enable multicast and broadcast forwarding plugin Enable support for the led plugin Enable support for the lookip plugin Enable support for the systime-fix plugin Enable support for the unity plugin Enable support for the vici plugin Enable support for the blowfish plugin Enable support for the ccm plugin Enable support for the ctr plugin Enable support for the gcm plugin Enable support for the ha plugin Enable support for the ipseckey plugin Enable plugin that allows key exchange based on post-quantum computer New Hope algorithm Enable support for the ntru plugin Enable support for the padlock plugin Enable support for the rdrand plugin Enable plugin that saves IKE and/or ESP keys to files compatible with Wireshark (for debugging) Enable support for the unbound plugin Enable support for the whitelist plugin cpe:/a:strongswan:strongswan