libstrongswan - strongSwan utility and crypto library

Property Value
Distribution Debian 10 (Buster)
Repository Debian Main i386
Package filename libstrongswan_5.7.2-1_i386.deb
Package name libstrongswan
Package version 5.7.2
Package release 1
Package architecture i386
Package type deb
Category net network::vpn role::shared-lib security::cryptography
License -
Maintainer strongSwan Maintainers <>
Download size 432.83 KB
Installed size 1.38 MB
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
This package provides the underlying libraries of charon and other strongSwan
components. It is built in a modular way and is extendable through various
Some default (as specified by the strongSwan projet) plugins are included.
For libstrongswan (cryptographic backends, URI fetchers and database layers):
- aes (AES-128/192/256 cipher software implementation)
- constraints (X.509 certificate advanced constraint checking)
- dnskey (Parse RFC 4034 public keys)
- fips-prf (PRF specified by FIPS, used by EAP-SIM/AKA algorithms)
- gmp (RSA/DH crypto backend based on libgmp)
- hmac (HMAC wrapper using various hashers)
- md5 (MD5 hasher software implementation)
- nonce (Default nonce generation plugin)
- pem (PEM encoding/decoding routines)
- pgp (PGP encoding/decoding routines)
- pkcs1 (PKCS#1 encoding/decoding routines)
- pkcs8 (PKCS#8 decoding routines)
- pkcs12 (PKCS#12 decoding routines)
- pubkey (Wrapper to handle raw public keys as trusted certificates)
- random (RNG reading from /dev/[u]random)
- rc2 (RC2 cipher software implementation)
- revocation (X.509 CRL/OCSP revocation checking)
- sha1 (SHA1 hasher software implementation)
- sha2 (SHA256/SHA384/SHA512 hasher software implementation)
- sshkey (SSH key decoding routines)
- x509 (Advanced X.509 plugin for parsing/generating X.509 certificates/CRLs
and OCSP messages)
- xcbc (XCBC wrapper using various ciphers)
- attr (Provides IKE attributes configured in strongswan.conf)
- kernel-netlink [linux] (IPsec/Networking kernel interface using Linux
- kernel-pfkey [kfreebsd] (IPsec kernel interface using PF_KEY)
- kernel-pfroute [kfreebsd] (Networking kernel interface using PF_ROUTE)
- resolve (Writes name servers received via IKE to a resolv.conf file or
installs them via resolvconf(8))
Also included is the libtpmtss library adding support for TPM plugin


Package Version Architecture Repository
libstrongswan_5.7.2-1_amd64.deb 5.7.2 amd64 Debian Main
libstrongswan - - -


Name Value
libc6 >= 2.28
libcap2 >= 1:2.10
libgmp10 -
libsystemd0 >= 227


Name Value
strongswan-starter << 5.3.5-2


Type URL
Binary Package libstrongswan_5.7.2-1_i386.deb
Source Package strongswan

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install libstrongswan deb package:
    # sudo apt-get install libstrongswan




2019-01-02 - Yves-Alexis Perez <>
strongswan (5.7.2-1) unstable; urgency=medium
* d/control: remove Rene from Uploaders, thanks!
* d/copyright: fix typos
* d/watch: use HTTPS protocol
* d/control: update standards version to 4.2.1
* drop unused debconf template
* use a clean export for upstream signing key
* d/copyright update
* New upstream version 5.7.2
* d/copyright updated
* d/control: update standards version to 4.3.0
* d/libstrongswan.dirs: drop lintian overrides dir
* d/u/signing-key.asc: strip signatures from upstream signing key
* d/patches: import patches in gbp pq
2018-10-01 - Yves-Alexis Perez <>
strongswan (5.7.1-1) unstable; urgency=medium
[ Ondřej Nový ]
* d/copyright: Use https protocol in Format field
* d/changelog: Remove trailing whitespaces
* d/rules: Remove trailing whitespaces
* d/control: Remove XS-Testsuite field, not needed anymore
[ Yves-Alexis Perez ]
* enable chapoly plugin (closes: #814927)
* remove unused lintian overrides
* New upstream version 5.7.1
- fix an integer underflow and subsequent heap buffer overflow in the gmp
plugin triggered by crafted certificates with RSA keys with very small
moduli (CVE-2018-17540)
2018-09-24 - Yves-Alexis Perez <>
strongswan (5.7.0-1) unstable; urgency=medium
* update AppArmor templates to handle usr merge (closes: #905082)
* d/gbp.conf added, following DEP-14
* New upstream version 5.7.0
- include fixes for CVE-2018-16151 and CVE-2018-16152, potential
Bleichenbacher-style low-exponent attacks leading to RSA signature forgery
in gmp plugin.
* d/control: fix typo in libstrongswan long description
2018-06-04 - Yves-Alexis Perez <>
strongswan (5.6.3-1) unstable; urgency=medium
* New upstream version 5.6.2
* update charon-systemd AppArmor profile (closes: #896813)
* New upstream version 5.6.3
- fix a DoS vulnerability in the IKEv2 key derivation if the openssl
plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF
- fix a vulnerability in the stroke plugin, which did not check the
received length before reading a message from the control socket
* d/p/05_charon-nm-Fix-building-list-of-DNS-MDNS-servers-with removed
2018-04-13 - Yves-Alexis Perez <>
strongswan (5.6.2-2) unstable; urgency=medium
* charon-nm: Fix building list of DNS/MDNS servers with libnm
* d/control: drop b-d on n-m-dev and make libnm-dev linux-any
(closes: #895434)
* d/compat bumped to 10
* d/rules: drop parallel and autoreconf from dh, done with compat 10
2018-02-20 - Yves-Alexis Perez <>
strongswan (5.6.2-1) unstable; urgency=medium
* d/NEWS: add information about disabled algorithms (closes: #883072)
* d/control: remove Romain Françoise from uploaders
* strongswan-libcharon: add bypass-lan plugin
* New upstream version 5.6.2
- Fix denial of service vulnerability in the parser for PKCS#1 RSASSA-PSS
signatures (CVE-2018-6459)
* d/control: move Vcs to salsa
* d/control: update build-deps for libnm port (closes: #862885)
* install tpm_extendpcr binary in libstrongswan-extra-plugins
2017-12-17 - Yves-Alexis Perez <>
strongswan (5.6.1-3) unstable; urgency=medium
* move updown plugin from -starter to -libcharon.             closes: #884578
* debian/control:
- update standards version to 4.1.2.
2017-11-23 - Yves-Alexis Perez <>
strongswan (5.6.1-2) unstable; urgency=medium
* move counters plugin from -starter to -libcharon. closes: #882431

See Also

Package Description
libstrophe-dev_0.9.2-2_i386.deb Library for writing XMPP clients - development files
libstrophe0_0.9.2-2_i386.deb Library for writing XMPP clients - shared library
libstruct-compare-perl_1.0.1-4_all.deb Perl module providing recursive diff for perl structures
libstruct-dumb-perl_0.09-1_all.deb module to create simple lightweight record-like structures
libstxxl-dev_1.4.1-3_i386.deb Development libraries for STXXL
libstxxl-doc_1.4.1-3_all.deb Documentation for STXXL
libstxxl1-bin_1.4.1-3_i386.deb STXXL File creation and benchmark tool
libstxxl1v5_1.4.1-3_i386.deb C++ Standard Template Library for extra large datasets
libstylebook-java_1.0~b3~svn20061109-7_all.deb XML application for authoring web site content
libstyx2_2.0.1-1+b1_i386.deb runtime libraries for styx
libsub-delete-perl_1.00002-2_all.deb Perl module to delete subroutines
libsub-exporter-formethods-perl_0.100052-1_all.deb Sub::Exporter extension for handling methods
libsub-exporter-globexporter-perl_0.005-1_all.deb module for exporting shared globs
libsub-exporter-perl_0.987-1_all.deb sophisticated exporter for custom-built routines
libsub-exporter-progressive-perl_0.001013-1_all.deb module for using Sub::Exporter only if needed