openswan_2.6.37-3+deb7u1_amd64.deb


Advertisement

Description

openswan - Internet Key Exchange daemon

Distribution: Debian 7 (Wheezy)
Repository: Debian Main amd64
Package name: openswan
Package version: 2.6.37
Package release: 3+deb7u1
Package architecture: amd64
Package type: deb
Installed size: 2.84 KB
Download size: 1.17 MB
Official Mirror: ftp.br.debian.org
Openswan is an IPsec based VPN solution for the Linux kernel. It can use the native IPsec stack as well as the KLIPS kernel module. Both IKEv1 and IKEv2 protocols are supported. The Openswan IKE daemon is named pluto. It was inherited from the FreeS/WAN project, but provides improved X.509 certificate support and other features. In order to use the KLIPS IPsec code instead of the native version, you will need to either install openswan-modules-source and build the appropriate module for your kernel or use openswan-modules-dkms which automates this task.

Alternatives

Provides

  • ike-server

Conflicts

  • ike-server

Replaces

  • ike-server

    Download

    Source package: openswan

    Install Howto

    1. Update the package index:
      # sudo apt-get update
    2. Install openswan deb package:
      # sudo apt-get install openswan

    Files

    • /etc/ipsec.conf
    • /etc/ipsec.secrets
    • /etc/init.d/ipsec
    • /etc/ipsec.d/examples/hub-spoke.conf
    • /etc/ipsec.d/examples/ipv6.conf
    • /etc/ipsec.d/examples/l2tp-cert.conf
    • /etc/ipsec.d/examples/l2tp-psk.conf
    • /etc/ipsec.d/examples/linux-linux.conf
    • /etc/ipsec.d/examples/mast-l2tp-psk.conf
    • /etc/ipsec.d/examples/oe-exclude-dns.conf
    • /etc/ipsec.d/examples/sysctl.conf
    • /etc/ipsec.d/examples/xauth.conf
    • /etc/ipsec.d/policies/block
    • /etc/ipsec.d/policies/clear
    • /etc/ipsec.d/policies/clear-or-private
    • /etc/ipsec.d/policies/private
    • /etc/ipsec.d/policies/private-or-clear
    • /etc/logcheck/ignore.d.paranoid/openswan
    • /etc/logcheck/ignore.d.server/openswan
    • /etc/logcheck/ignore.d.workstation/openswan
    • /etc/logcheck/violations.ignore.d/openswan
    • /usr/lib/ipsec/_copyright
    • /usr/lib/ipsec/_include
    • /usr/lib/ipsec/_keycensor
    • /usr/lib/ipsec/_pluto_adns
    • /usr/lib/ipsec/_plutoload
    • /usr/lib/ipsec/_plutorun
    • /usr/lib/ipsec/_realsetup
    • /usr/lib/ipsec/_secretcensor
    • /usr/lib/ipsec/_startklips
    • /usr/lib/ipsec/_startnetkey
    • /usr/lib/ipsec/_updown
    • /usr/lib/ipsec/_updown.klips
    • /usr/lib/ipsec/_updown.mast
    • /usr/lib/ipsec/_updown.netkey
    • /usr/lib/ipsec/addconn
    • /usr/lib/ipsec/auto
    • /usr/lib/ipsec/barf
    • /usr/lib/ipsec/eroute
    • /usr/lib/ipsec/ikeping
    • /usr/lib/ipsec/klipsdebug
    • /usr/lib/ipsec/look
    • /usr/lib/ipsec/newhostkey
    • /usr/lib/ipsec/pf_key
    • /usr/lib/ipsec/pluto
    • /usr/lib/ipsec/policy
    • /usr/lib/ipsec/ranbits
    • /usr/lib/ipsec/rsasigkey
    • /usr/lib/ipsec/secrets
    • /usr/lib/ipsec/setup
    • /usr/lib/ipsec/showdefaults
    • /usr/lib/ipsec/showhostkey
    • /usr/lib/ipsec/spi
    • /usr/lib/ipsec/spigrp
    • /usr/lib/ipsec/tncfg
    • /usr/lib/ipsec/verify
    • /usr/lib/ipsec/whack
    • /usr/sbin/ipsec
    • /usr/share/doc/openswan/CREDITS
    • /usr/share/doc/openswan/NEWS.Debian.gz
    • /usr/share/doc/openswan/README.Debian.gz
    • /usr/share/doc/openswan/changelog.Debian.gz
    • /usr/share/doc/openswan/changelog.gz
    • /usr/share/doc/openswan/copyright
    • /usr/share/lintian/overrides/openswan
    • /usr/share/man/man3/ipsec_addrbytesof.3.gz
    • /usr/share/man/man3/ipsec_addrbytesptr.3.gz
    • /usr/share/man/man3/ipsec_addrcmp.3.gz
    • /usr/share/man/man3/ipsec_addrinsubnet.3.gz
    • /usr/share/man/man3/ipsec_addrlenof.3.gz
    • /usr/share/man/man3/ipsec_addrtoa.3.gz
    • /usr/share/man/man3/ipsec_addrtosubnet.3.gz
    • /usr/share/man/man3/ipsec_addrtot.3.gz
    • /usr/share/man/man3/ipsec_addrtypeof.3.gz
    • /usr/share/man/man3/ipsec_anyaddr.3.gz
    • /usr/share/man/man3/ipsec_atoaddr.3.gz
    • /usr/share/man/man3/ipsec_atoasr.3.gz
    • /usr/share/man/man3/ipsec_atosubnet.3.gz
    • /usr/share/man/man3/ipsec_atoul.3.gz
    • /usr/share/man/man3/ipsec_bitstomask.3.gz
    • /usr/share/man/man3/ipsec_broadcastof.3.gz
    • /usr/share/man/man3/ipsec_copyright_notice.3.gz
    • /usr/share/man/man3/ipsec_goodmask.3.gz
    • /usr/share/man/man3/ipsec_hostof.3.gz
    • /usr/share/man/man3/ipsec_initaddr.3.gz
    • /usr/share/man/man3/ipsec_initsaid.3.gz
    • /usr/share/man/man3/ipsec_initsubnet.3.gz
    • /usr/share/man/man3/ipsec_isanyaddr.3.gz
    • /usr/share/man/man3/ipsec_isloopbackaddr.3.gz
    • /usr/share/man/man3/ipsec_isunspecaddr.3.gz
    • /usr/share/man/man3/ipsec_loopbackaddr.3.gz
    • /usr/share/man/man3/ipsec_maskof.3.gz
    • /usr/share/man/man3/ipsec_masktobits.3.gz
    • /usr/share/man/man3/ipsec_masktocount.3.gz
    • /usr/share/man/man3/ipsec_networkof.3.gz
    • /usr/share/man/man3/ipsec_optionsfrom.3.gz
    • /usr/share/man/man3/ipsec_portof.3.gz
    • /usr/share/man/man3/ipsec_rangetoa.3.gz
    • /usr/share/man/man3/ipsec_rangetosubnet.3.gz
    • /usr/share/man/man3/ipsec_sameaddr.3.gz
    • /usr/share/man/man3/ipsec_sameaddrtype.3.gz
    • /usr/share/man/man3/ipsec_samesaid.3.gz
    • /usr/share/man/man3/ipsec_samesubnet.3.gz
    • /usr/share/man/man3/ipsec_samesubnettype.3.gz
    • /usr/share/man/man3/ipsec_satot.3.gz
    • /usr/share/man/man3/ipsec_setportof.3.gz
    • /usr/share/man/man3/ipsec_sockaddrlenof.3.gz
    • /usr/share/man/man3/ipsec_sockaddrof.3.gz
    • /usr/share/man/man3/ipsec_subnetinsubnet.3.gz
    • /usr/share/man/man3/ipsec_subnetishost.3.gz
    • /usr/share/man/man3/ipsec_subnetof.3.gz
    • /usr/share/man/man3/ipsec_subnettoa.3.gz
    • /usr/share/man/man3/ipsec_subnettot.3.gz
    • /usr/share/man/man3/ipsec_subnettypeof.3.gz
    • /usr/share/man/man3/ipsec_tnatoaddr.3.gz
    • /usr/share/man/man3/ipsec_ttoaddr.3.gz
    • /usr/share/man/man3/ipsec_ttodata.3.gz
    • /usr/share/man/man3/ipsec_ttosa.3.gz
    • /usr/share/man/man3/ipsec_ttosubnet.3.gz
    • /usr/share/man/man3/ipsec_ttoul.3.gz
    • /usr/share/man/man3/ipsec_unspecaddr.3.gz
    • /usr/share/man/man3/ipsec_version.3.gz
    • /usr/share/man/man3/ipsec_version_code.3.gz
    • /usr/share/man/man3/ipsec_version_string.3.gz
    • /usr/share/man/man5/ipsec.conf.5.gz
    • /usr/share/man/man5/ipsec.secrets.5.gz
    • /usr/share/man/man5/ipsec_eroute.5.gz
    • /usr/share/man/man5/ipsec_klipsdebug.5.gz
    • /usr/share/man/man5/ipsec_pf_key.5.gz
    • /usr/share/man/man5/ipsec_spi.5.gz
    • /usr/share/man/man5/ipsec_spigrp.5.gz
    • /usr/share/man/man5/ipsec_tncfg.5.gz
    • /usr/share/man/man5/ipsec_trap_count.5.gz
    • /usr/share/man/man5/ipsec_trap_sendcount.5.gz
    • /usr/share/man/man5/ipsec_version.5.gz
    • /usr/share/man/man8/ipsec.8.gz
    • /usr/share/man/man8/ipsec__copyright.8.gz
    • /usr/share/man/man8/ipsec__include.8.gz
    • /usr/share/man/man8/ipsec__keycensor.8.gz
    • /usr/share/man/man8/ipsec__plutoload.8.gz
    • /usr/share/man/man8/ipsec__plutorun.8.gz
    • /usr/share/man/man8/ipsec__realsetup.8.gz
    • /usr/share/man/man8/ipsec__secretcensor.8.gz
    • /usr/share/man/man8/ipsec__startklips.8.gz
    • /usr/share/man/man8/ipsec__startnetkey.8.gz
    • /usr/share/man/man8/ipsec__updown.8.gz
    • /usr/share/man/man8/ipsec__updown.klips.8.gz
    • /usr/share/man/man8/ipsec__updown.mast.8.gz
    • /usr/share/man/man8/ipsec__updown.netkey.8.gz
    • /usr/share/man/man8/ipsec_addconn.8.gz
    • /usr/share/man/man8/ipsec_auto.8.gz
    • /usr/share/man/man8/ipsec_barf.8.gz
    • /usr/share/man/man8/ipsec_eroute.8.gz
    • /usr/share/man/man8/ipsec_ikeping.8.gz
    • /usr/share/man/man8/ipsec_klipsdebug.8.gz
    • /usr/share/man/man8/ipsec_look.8.gz
    • /usr/share/man/man8/ipsec_newhostkey.8.gz
    • /usr/share/man/man8/ipsec_pf_key.8.gz
    • /usr/share/man/man8/ipsec_pluto.8.gz
    • /usr/share/man/man8/ipsec_policy.8.gz
    • /usr/share/man/man8/ipsec_ranbits.8.gz
    • /usr/share/man/man8/ipsec_rsasigkey.8.gz
    • /usr/share/man/man8/ipsec_secrets.8.gz
    • /usr/share/man/man8/ipsec_showdefaults.8.gz
    • /usr/share/man/man8/ipsec_showhostkey.8.gz
    • /usr/share/man/man8/ipsec_spi.8.gz
    • /usr/share/man/man8/ipsec_spigrp.8.gz
    • /usr/share/man/man8/ipsec_tncfg.8.gz
    • /usr/share/man/man8/ipsec_verify.8.gz

    Changelog

    2014-03-23 - Yves-Alexis Perez <corsac@debian.org> openswan (1:2.6.37-3+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * debian/patches: - CVE-2013-2053 added, fix pre-authentication buffer overflow in atodn() / atoid() (CVE-2013-2053). closes: #709144 - CVE-2013-6466 added, fix pre-authentication remote denial of service in IKEv2 daemon (CVE-2013-6466) closes: #737406

    2012-05-27 - Rene Mayrhofer <rmayr@debian.org> openswan (1:2.6.37-3) unstable; urgency=low * Actually need to pass CPPFLAGS to CFLAGS for the openswan Makefiles to use the hardening options. Thanks to Simon Ruderich for pointing this out. Really Closes: #655139 * Remove Build-Deps on man2html and htmldoc, they have not been used for a while now by the openswan Makefiles.

    2012-05-14 - Harald Jenny <harald@a-little-linux-box.at> openswan (1:2.6.37-2) unstable; urgency=low [Harald Jenny] * Finally migrated all patches to quilt, cleaned up debian rules file a little bit, removed build depedency on dpatch and corresponding lintian override. * Integrated patches for hardening build flags and missing format strings (thanks to Moritz Muehlenhoff for his patches), added required versioned build depedency on dpkg-dev and enabled all hardening options. Closes: #655139: Please enabled hardened build flags

    2012-04-28 - Christian Perrier <bubulle@debian.org> openswan (1:2.6.37-1.1) unstable; urgency=low * Non-maintainer upload. * Fix pending l10n issues. Debconf translations: - Turkish (Atila KOÇ). Closes: #660192 - Danish (Joe Hansen). Closes: #660263 - Italian (Beatrice Torracca). Closes: #660758 - Polish (Michał Kułach). Closes: #669711

    2011-12-05 - Harald Jenny <harald@a-little-linux-box.at> openswan (1:2.6.37-1) unstable; urgency=HIGH [Harald Jenny] * New upstream release. Fixed pluto crypto helper handler vulnerability (CVE-2011-4073). Closes: #650674: [CVE-2011-4073] Openswan crypto helper crasher

    2011-10-16 - Harald Jenny <harald@a-little-linux-box.at> openswan (1:2.6.36-1) UNRELEASED; urgency=medium [Harald Jenny] * New upstream release. * Adjusted one of the manpage patches for line break problems. * Removed pluto Makefile patch by Jari Aalto (fixed upstream). * Incorporated translation updates. Closes: #625277: openswan: [INTL:ja] Update po-debconf template translation (ja.po) Closes: #633831: openswan: [INTL:nl] Dutch translation of debconf templates * Removed obsolete build depedency on libopensc2-dev (code already removed by upstream). Closes: #632449: openswan: obsolete build-dependency: libopensc2-dev

    2011-08-21 - Harald Jenny <harald@a-little-linux-box.at> openswan (1:2.6.35-1) UNRELEASED; urgency=medium [Harald Jenny] * New upstream release. Closes: #639299: openswan: IP compression doesn't work * Adjusted one of the manpage patches for line break problems. * Removed some old documentation handling code from debian/rules. * Modified openswan-doc to cope with changes in upstream documentation directory structure and file list. * Bumped Standards for all packages to 3.9.2 (no changes needed). * Added build-arch and build-indep targets to please lintian.

    2011-06-08 - Harald Jenny <harald@a-little-linux-box.at> openswan (1:2.6.34-1) UNRELEASED; urgency=medium [Harald Jenny] * New upstream release. Closes: #520671: openswan: Unable to specify a specific MTU on a vpn tunnel Closes: #626790: openswan-modules-dkms: Kernel modules doesn't compile LP: #733382: package openswan-modules-dkms 1:2.6.28 dfsg-5 failed to build

    Advertisement
    Advertisement