Semi-automatic update. These checks were performed:
- built on NixOS
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/pki -h` got 0 exit code
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/pki --help` got 0 exit code
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/pki -h` and found version 5.6.2
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/pki --help` and found version 5.6.2
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/charon-cmd --help` got 0 exit code
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/charon-cmd --version` and found version 5.6.2
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/charon-cmd --help` and found version 5.6.2
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/ipsec --help` got 0 exit code
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/ipsec --version` and found version 5.6.2
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/ipsec version` and found version 5.6.2
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/swanctl -h` got 0 exit code
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/swanctl --help` got 0 exit code
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/swanctl -h` and found version 5.6.2
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/swanctl --help` and found version 5.6.2
- found 5.6.2 with grep in /nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2
- found 5.6.2 in filename of file in /nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2
Added the boolean option:
networking.networkmanager.enableStrongSwan
which enables the networkmanager_strongswan plugin and adds
strongswanNM to the dbus packages.
This was contributed by @wucke13, @eqyiel and @globin.
Fixes: #29873
The NIST elliptic curve groups (ecp192 etc.) are only available if the
OpenSSL plugin is enabled, and these groups are currently the only EC
groups supported on iOS and macOS devices.
Strongswan fails to compile on armv7l-linux with `--enable-aesni` and `--enable-rdrand` enabled. Errors are thrown about impossible constraints in asm (`--enable-rdrand`) or about gcc getting unknown command line parameters about aes (`--enable-aesni`). The options only makes sense on X86_64 processors.
The rdrand plugin is designed for Ivy Bridge processors:
> High quality / high performance random source using the Intel rdrand instruction found on Ivy Bridge processors
The aes-ni plugin also only exists on X86 processors (which have the AES instruction set)
Tested with a local override. The change triggers a (successful) rebuild on my X86_64 system. On armv7-linux this change fixes build errors.
See:
https://wiki.strongswan.org/issues/337
