strongswan - IPsec VPN solution metapackage

Property Value
Distribution Debian 9 (Stretch)
Repository Debian Main i386
Package name strongswan
Package version 5.5.1
Package release 4+deb9u2
Package architecture all
Package type deb
Installed size 165 B
Download size 90.35 KB
Official Mirror
The strongSwan VPN suite uses the native IPsec stack in the standard Linux
kernel. It supports both the IKEv1 and IKEv2 protocols.
This metapackage installs the packages required to maintain IKEv1 and IKEv2
connections via ipsec.conf or ipsec.secrets.


Package Version Architecture Repository
strongswan_5.5.1-4+deb9u2_all.deb 5.5.1 all Debian Main
strongswan - - -


Name Value
strongswan-charon -
strongswan-starter -


Type URL
Binary Package strongswan_5.5.1-4+deb9u2_all.deb
Source Package strongswan

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install strongswan deb package:
    # sudo apt-get install strongswan




2018-06-04 - Yves-Alexis Perez <>
strongswan (5.5.1-4+deb9u2) stretch-security; urgency=medium
* debian/patches:
- CVE-2018-10811 added, fix missing initialization of a variable in IKEv2
key derivation (CVE-2018-10811)
- CVE-2018-5388 added, fix insufficient validation in the stroke plugin
2017-08-03 - Yves-Alexis Perez <>
strongswan (5.5.1-4+deb9u1) stretch-security; urgency=medium
* debian/patches:
- CVE-2017-11185 added, fix insufficient input validation in gmp plugin
which could lead to denial of service (CVE-2017-11185)
- convert CVE-2017-9022_insufficient_input_validation_gmp_plugin and
CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser to the
UNIX file format. 
2017-05-29 - Yves-Alexis Perez <>
strongswan (5.5.1-4) unstable; urgency=high
* Urgency=high for the security fix.
* debian/patches:
- CVE-2017-9022_insufficient_input_validation_gmp_plugin added, fix
insufficient input validation in gmp plugin which could lead to denial of
service (CVE-2017-9022).
- CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser added,
fix incorrect handling of CHOICE types in ASN.1 parser and x509 plugin
whch could lead to an infinite loop and a denial of service
2017-01-16 - Yves-Alexis Perez <>
strongswan (5.5.1-3) unstable; urgency=medium
[ Christian Ehrhardt ]
* d/rules: Reorganize to ease maintenance
- one enable option per line
- sort enable options
* Add and install strongswan apparmor profiles
- d/rules install AppArmor profiles
- d/control add dh-apparmor as build-dep
- d/usr.lib.ipsec.{charon, lookip, stroke} add latest AppArmor profiles
for charon, lookip and stroke
* Add basic DEP8 tests
- d/tests/* add DEP8 tests
- d/control enable autotestpkg
* Add updated logcheck rules to match recent strongswan output
- debian/libstrongswan.strongswan.logcheck.* Remove outdated logcheck files
- debian/{rules,strongswan.logcheck}: Add updated logcheck rules
- this does no more provide different logcheck levels, but marks all
common output to be acceptable
[ Yves-Alexis Perez ]
* debian/rules:
- re-enable mediation (but not medcli/medsrv)               closes: #851507
2016-12-07 - Yves-Alexis Perez <>
strongswan (5.5.1-2) unstable; urgency=medium
* debian/control:
- make the systemd build-dep linux-only.
2016-10-22 - Yves-Alexis Perez <>
strongswan (5.5.1-1) unstable; urgency=medium
* New upstream bugfix release.
* debian/patches:
- 05_network-manager-strongswan-1.4 dropped, included upstream.
* debian/strongswan-starter.install:
- install the new,empty /etc/ipsec.secrets
* debian/strongswan-nm.install:
- install /etc/dbus-1/system.d/nm-strongswan-service.conf
* debian/control:
- add a Replaces on n-m-strongswan because it used to ship the Dbus service.
- add dependency on lsb-base to strongswan-starter because the init script
uses /lib/lsb/init-functions 
2016-10-02 - Yves-Alexis Perez <>
strongswan (5.5.0-3) unstable; urgency=medium
* debian/control:
- add build-dep on tzdata, fix FTBFS when absent.           closes: #839459
2016-09-18 - Yves-Alexis Perez <>
strongswan (5.5.0-2) unstable; urgency=medium
* debian/rules:
- add patch from Raphaƫl Geissert to use /etc/ssl/certs instead of
/usr/share/ca-certificates for strongswan-nm.             closes: #835095
- update argument name for dh_strip dbgsym migration
* debian/control:
- update debhelper dependency to a version which supports dbgsym
* debian/patches:
- 05_network-manager-strongswan-1.4 added, backport two upstream patches
to support network-manager-strongswan 1.4 in charon-nm.   closes: #838194

See Also

Package Description
structure-synth_1.5.0-3+b1_i386.deb application for creating 3D structures
stterm_0.6-1_i386.deb suckless tools simple terminal for windowed system
stumpwm_0.9.9-3_all.deb tiling, keyboard driven Common Lisp window manager
stun-client_0.97~dfsg-2.1+b1_i386.deb Test client for STUN
stun-server_0.97~dfsg-2.1+b1_i386.deb Server daemon for STUN
stunnel4_5.39-2_i386.deb Universal SSL tunnel for network daemons
stuntman-client_1.2.7-1.1_i386.deb Test client for STUN
stuntman-server_1.2.7-1.1_i386.deb Server daemon for STUN
stx-btree-demo_0.9-2+b2_i386.deb b+tree implementation in c++, demo program
stx-btree-dev_0.9-2_all.deb b+tree implementation in c++
stx-btree-doc_0.9-2_all.deb b+tree implementation in c++, doxygen documentation
stx2any_1.56-2.1_all.deb Converter from structured plain text to other formats
stylish-haskell_0.6.1.0-1+b1_i386.deb Haskell code prettifier
stymulator_0.21a~dfsg-1+b2_i386.deb Curses based player and converter for the YM chiptune format
styx-dev_2.0.1-1+b1_i386.deb combined parser/scanner generator development files