-Please refer to the [developer documentation](https://wiki.strongswan.org/projects/strongswan/wiki/DeveloperDocumentation)
-on our wiki for details regarding **code style** and [**contribution requirements**](https://wiki.strongswan.org/projects/strongswan/wiki/Contributions).
+Please refer to the [developer documentation](https://docs.strongswan.org/docs/5.9/devs/devs.html)
+in our documentation for details regarding **code style** and
+[**contribution requirements**](https://docs.strongswan.org/docs/5.9/devs/contributions.html).
A summary of changes is available in the NEWS file. For a more
-detailed Changelog, refer to the completed versions on the project's roadmap
-(https://wiki.strongswan.org/projects/strongswan/roadmap) or use the Git
-repository (see HACKING) or its web interface available at
-https://git.strongswan.org.
+detailed changelog, refer to the releases on GitHub
+(https://github.com/strongswan/strongswan/releases) or use the Git repository
+(see HACKING) or its web interface available at
+https://github.com/strongswan/strongswan.
------------------------
Git repository
----------------------
+--------------
For interested developers, we have a public repository. To check out and compile
the code, you need the following tools:
- Git
- - a recent GNU C compiler (>= 3.x)
+ - gcc/clang
- automake
- autoconf
- libtool
- lcov/genhtml
- Doxygen
-To check out the master branch, use:
+Check out the repository:
- git clone git://git.strongswan.org/strongswan.git
+ git clone https://github.com/strongswan/strongswan.git
-or using HTTP:
-
- git clone https://git.strongswan.org/strongswan.git
-
-After a successful check out, give the autotools a try:
+After a successful check out, run autotools to generate configure etc.:
cd strongswan/
./autogen.sh
-Then you're in, start the build as usual:
+Finally, start the build as usual:
./configure [options]
make
API documentation
-----------------
-Charon and libstrongswan contain inline code documentation. These comments can
-be extracted using doxygen. It is built using 'make apidoc', which creates an
-'apidoc' folder containing the HTML files.
-
-strongSwan wiki
----------------
+All header files contain inline code documentation. These comments can be
+extracted using Doxygen via 'make apidoc', which creates an 'apidoc' folder
+containing the HTML files.
-A wiki for users and developers, including ticket system and source browser
-is available at
+strongSwan Documentation
+------------------------
- https://wiki.strongswan.org
+Documentation for users and developers is available at
+ https://docs.strongswan.org
To check if your kernel fulfills the requirements, see section 4.
- Next add your connections to "/etc/ipsec.conf" and your secrets to
- "/etc/ipsec.secrets".
-
- At last start strongSwan with
-
- ipsec start
+ Refer to README for configuration examples.
2. Required packages
In order to be able to build strongSwan you'll need one of the following
cryptographic libraries:
+ * The OpenSSL Cryptographic Library (libcrypto)
+ https://www.openssl.org
+ * The wolfSSL Embedded TLS Library (libwolfssl)
+ https://www.wolfssl.com
+ * The Botan Crypto Library (libbotan)
+ https://botan.randombit.net
* The GNU Multiprecision Arithmetic Library (GMP, libgmp)
- http://www.gmplib.org
- * The OpenSSL cryptographic library (libcrypto)
- http://www.openssl.org
- * The GNU cryptographic library (libgcrypt)
- http://www.gnupg.org
+ https://gmplib.org
+ * The GNU Cryptographic Library (libgcrypt)
+ https://www.gnupg.org
If no other options are specified during ./configure libgmp will be used.
following libraries:
* The cURL library (libcurl)
- http://curl.haxx.se/libcurl/
+ https://curl.se/libcurl/
* The LibSoup library (libsoup)
https://live.gnome.org/LibSoup
If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
from an LDAP server then you will need the libldap library available
- from http://www.openldap.org/.
+ from https://www.openldap.org/.
OpenLDAP is usually included with your Linux distribution. You will need
both the run-time and development environments (SuSE: openldap2,
There are many other optional plugins that, for instance, provide support
for PKCS#11 or SQL databases.
- For a more detailed description of these refer to our wiki:
+ For a more detailed description of these refer to our documentation:
- * http://wiki.strongswan.org
+ * https://docs.strongswan.org
4. Kernel configuration
--------------------
- Since version 4.x strongSwan only supports 2.6.x and 3.x kernels and its
- native NETKEY IPsec stack. Please make sure that the following IPsec kernel
- modules are available:
+ Please make sure that the following IPsec-related Linux kernel modules are
+ available:
- * af_key
- * ah4
* esp4
- * ipcomp
+ * esp6
* xfrm_user
+
+ And for older kernels, mode-specific modules such as:
+
* xfrm4_tunnel
+ * xfrm4_mode_tunnel
- These may be built into the kernel or as modules. Modules get loaded
- automatically at strongSwan startup.
+ These may be built into the kernel or as modules. Modules should get loaded
+ automatically if necessary.
- Also the built-in kernel Cryptoapi modules with selected encryption and
- hash algorithms should be available.
+ The built-in kernel Cryptoapi modules with selected encryption and
+ hash algorithms should also be available.
Support for multiple routing tables is also recommended.
For a more up-to-date list of recommended modules refer to:
- * http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
-
+ * https://docs.strongswan.org/docs/5.9/install/kernelModules.html
keying protocols. The feature-set of IKEv1 in charon is almost on par with
pluto, but currently does not support AH or bundled AH+ESP SAs. Beside
RSA/ECDSA, PSK and XAuth, charon also supports the Hybrid authentication
- mode. Information for interoperability and migration is available at
- https://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1.
+ mode.
- Charon's bus_t has been refactored so that loggers and other listeners are
now handled separately. The single lock was previously cause for deadlocks
- The IKEv2 High Availability plugin has been integrated. It provides
load sharing and failover capabilities in a cluster of currently two nodes,
- based on an extend ClusterIP kernel module. More information is available at
- https://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability.
+ based on an extend ClusterIP kernel module.
The development of the High Availability functionality was sponsored by
secunet Security Networks AG.
----------------
- IKEv2 charon daemon ported to FreeBSD and Mac OS X. Installation details can
- be found on wiki.strongswan.org.
+ be found in the documentation.
- ipsec statusall shows the number of bytes transmitted and received over
ESP connections configured by the IKEv2 charon daemon.
simulate a NAT situation and trick the other peer into NAT mode (IKEv2 only).
- Preview of strongSwan Manager, a web based configuration and monitoring
- application. It uses a new XML control interface to query the IKEv2 daemon
- (see https://wiki.strongswan.org/wiki/Manager).
+ application. It uses a new XML control interface to query the IKEv2 daemon.
- Experimental SQLite configuration backend which will provide the configuration
interface for strongSwan Manager in future releases.
As an alternative a **TPM 2.0** *Trusted Platform Module* available on every
recent Intel platform could be used as a virtual smartcard to securely store an
RSA or ECDSA private key. For details, refer to the TPM 2.0
-[HOWTO](https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin).
+[HOWTO](https://docs.strongswan.org/docs/5.9/tpm/tpm2.html).
In a next step the command
strongSwan - TODO
----------------------
-A roadmap of the strongSwan project is available online at:
-
- https://wiki.strongswan.org/projects/strongswan/roadmap
-
+Please refer to our project on GitHub (https://github.com/strongswan/strongswan).
<li>VPN Profile können von Dateien importiert werden</li>
</ul>
-Details und ein Changelog sind auf unserem Wiki zu finden: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient
+Details und ein Changelog sind in unserer Dokumentation zu finden: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html
# PERMISSIONS #
# BEISPIEL-SERVERKONFIGURATION #
-Sie finden in unserem Wiki Beispiel-Serverkonfigurationen: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient#Server-Configuration
+Sie finden in unserer Dokumentation Beispiel-Serverkonfigurationen: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration
Beachten Sie bitte, dass der im VPN Profil konfigurierte Hostname (bzw. die IP-Adresse) *zwingend* als subjectAltName-Extension im Server-Zertifikat vorhanden sein muss.
<li>VPN profiles may be imported from files</li>
</ul>
-Details and a changelog can be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient
+Details and a changelog can be found in our documentation: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html
# PERMISSIONS #
# EXAMPLE SERVER CONFIGURATION #
-Example server configurations may be found on our wiki: https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClient#Server-Configuration
+Example server configurations may be found in our documentation: https://docs.strongswan.org/docs/5.9/os/androidVpnClient.html#_server_configuration
Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension.
<string name="profile_select_one_app">Eine App ausgewählt</string>
<string name="profile_select_x_apps">%1$d Apps ausgewählt</string>
<string name="profile_proposals_label">Algorithmen</string>
- <string name="profile_proposals_intro">Optionale spezifische Algorithmen für IKEv2 und/oder IPsec/ESP die statt der Standardwerte verwendet werden sollen. Eine <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites">Liste gültiger Algorithmen</a> kann unserem Wiki entnommen werden (nicht alle werden von dieser App unterstützt). Beide Felder erwarten eine Liste von Algorithmen, jeweils mit einem Bindestrich getrennt.</string>
+ <string name="profile_proposals_intro">Optionale spezifische Algorithmen für IKEv2 und/oder IPsec/ESP die statt der Standardwerte verwendet werden sollen. Eine <a href="https://docs.strongswan.org/docs/5.9/config/IKEv2CipherSuites.html">Liste gültiger Algorithmen</a> kann unserem Wiki entnommen werden (nicht alle werden von dieser App unterstützt). Beide Felder erwarten eine Liste von Algorithmen, jeweils mit einem Bindestrich getrennt.</string>
<string name="profile_proposals_ike_label">IKEv2 Algorithmen</string>
<string name="profile_proposals_ike_hint">Für non-AEAD/klassische Verschlüsselungsalgorithmen wird ein Integritätsalgorithmus, eine pseudozufällige Funktion (PRF, optional, ansonsten wird eine auf dem Integritätsalgorithmus basierende verwendet) und eine Diffie-Hellman Gruppe benötigt (z.B. aes256-sha256-ecp256). Für kombinierte/AEAD Algorithmen wird der Integritätsalgorithmus weggelassen aber eine PRF wird benötigt (z.B. aes256gcm16-prfsha256-ecp256).</string>
<string name="profile_proposals_esp_label">IPsec/ESP Algorithmen</string>
<string name="profile_select_one_app">One application selected</string>
<string name="profile_select_x_apps">%1$d applications selected</string>
<string name="profile_proposals_label">Algorithms</string>
- <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
+ <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://docs.strongswan.org/docs/5.9/config/IKEv2CipherSuites.html">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
<string name="profile_proposals_ike_label">IKEv2 Algorithms</string>
<string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
<string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
<string name="profile_select_one_app">One application selected</string>
<string name="profile_select_x_apps">%1$d applications selected</string>
<string name="profile_proposals_label">Algorithms</string>
- <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
+ <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://docs.strongswan.org/docs/5.9/config/IKEv2CipherSuites.html">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
<string name="profile_proposals_ike_label">IKEv2 Algorithms</string>
<string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
<string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
<string name="profile_select_one_app">One application selected</string>
<string name="profile_select_x_apps">%1$d applications selected</string>
<string name="profile_proposals_label">Algorithms</string>
- <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
+ <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://docs.strongswan.org/docs/5.9/config/IKEv2CipherSuites.html">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
<string name="profile_proposals_ike_label">IKEv2 Algorithms</string>
<string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
<string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
<string name="profile_select_one_app">已选择一个应用程序</string>
<string name="profile_select_x_apps">%1$d 应用程序被选择</string>
<string name="profile_proposals_label">算法</string>
- <string name="profile_proposals_intro">(可选)配置用于IKEv2和/或IPsec/ESP的特定算法,而不是默认算法。请参阅我们的wiki以了解<a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites">算法标识符列表</a>(请注意,此应用程序并不支持所有标识符)。这两个字段都包含一个算法列表,每个算法用连字符分隔。</string>
+ <string name="profile_proposals_intro">(可选)配置用于IKEv2和/或IPsec/ESP的特定算法,而不是默认算法。请参阅我们的wiki以了解<a href="https://docs.strongswan.org/docs/5.9/config/IKEv2CipherSuites.html">算法标识符列表</a>(请注意,此应用程序并不支持所有标识符)。这两个字段都包含一个算法列表,每个算法用连字符分隔。</string>
<string name="profile_proposals_ike_label">IKEv2算法</string>
<string name="profile_proposals_ike_hint">对于非AEAD/经典加密算法,需要完整性算法、伪随机函数(可选,默认为基于完整性算法的函数)和Diffie-Hellman组(例如aes256-sha256-ecp256)。对于组合模式/AEAD算法,省略完整性算法,但需要PRF(例如aes256gcm16-prfsha256-ecp256)。</string>
<string name="profile_proposals_esp_label">IPsec/ESP 算法</string>
<string name="profile_select_one_app">One application selected</string>
<string name="profile_select_x_apps">%1$d applications selected</string>
<string name="profile_proposals_label">Algorithms</string>
- <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
+ <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://docs.strongswan.org/docs/5.9/config/IKEv2CipherSuites.html">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
<string name="profile_proposals_ike_label">IKEv2 Algorithms</string>
<string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
<string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
<string name="profile_select_one_app">One application selected</string>
<string name="profile_select_x_apps">%1$d applications selected</string>
<string name="profile_proposals_label">Algorithms</string>
- <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
+ <string name="profile_proposals_intro">Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a <a href="https://docs.strongswan.org/docs/5.9/config/IKEv2CipherSuites.html">list of algorithm identifiers</a> (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen.</string>
<string name="profile_proposals_ike_label">IKEv2 Algorithms</string>
<string name="profile_proposals_ike_hint">For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256).</string>
<string name="profile_proposals_esp_label">IPsec/ESP Algorithms</string>
</screenshot>
</screenshots>
- <url type="homepage">https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager</url>
- <url type="bugtracker">https://wiki.strongswan.org/projects/strongswan/wiki/FlawReporting</url>
+ <url type="homepage">https://docs.strongswan.org/docs/5.9/features/networkManager.html</url>
+ <url type="bugtracker">https://github.com/strongswan/strongswan/issues</url>
<url type="help">https://www.strongswan.org/support.html</url>
<update_contact>info_AT_strongswan.org</update_contact>
<translation type="gettext">NetworkManager-strongswan</translation>
=head1 SEE ALSO
-strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici
-
-strongSwan Mailing list: users@lists.strongswan.org
+strongSwan Documentation: https://docs.strongswan.org/docs/5.9/plugins/vici.html
=head1 AUTHOR
=head1 SEE ALSO
-strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici
-
-strongSwan Mailing list: users@lists.strongswan.org
+strongSwan Documentation: https://docs.strongswan.org/docs/5.9/plugins/vici.html
=head1 AUTHOR
=head1 SEE ALSO
-strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici
-
-strongSwan Mailing list: users@lists.strongswan.org
+strongSwan Documentation: https://docs.strongswan.org/docs/5.9/plugins/vici.html
=head1 AUTHOR
=head1 SEE ALSO
-strongSwan Wiki: https://wiki.strongswan.org/projects/strongswan/wiki/Vici
-
-strongSwan Mailing list: users@lists.strongswan.org
+strongSwan Documentation: https://docs.strongswan.org/docs/5.9/plugins/vici.html
=head1 AUTHOR
long_description=long_description,
author="strongSwan Project",
author_email="info@strongswan.org",
- url="https://wiki.strongswan.org/projects/strongswan/wiki/Vici",
+ url="https://docs.strongswan.org/docs/5.9/plugins/vici.html",
license="MIT",
packages=["vici"],
include_package_data=True,
script automated tasks in a reliable way.
}
s.summary = "Native Ruby interface for strongSwan VICI"
- s.homepage = "https://wiki.strongswan.org/projects/strongswan/wiki/Vici"
+ s.homepage = "https://docs.strongswan.org/docs/5.9/plugins/vici.html"
s.license = "MIT"
s.files = "lib/vici.rb"
end
{
DBG1(DBG_APP, "!! Your strongswan.conf contains manual plugin load options for charon.");
DBG1(DBG_APP, "!! This is recommended for experts only, see");
- DBG1(DBG_APP, "!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad");
+ DBG1(DBG_APP, "!! https://docs.strongswan.org/docs/5.9/plugins/pluginLoad.html");
}
}