strongswan — Commit History

Changelog:
https://github.com/strongswan/strongswan/releases/tag/6.0.6

PR:		294718
Approved by:	blanket (fix CVEs)
Security:	CVE-2026-35328
Security:	CVE-2026-35329
Security:	CVE-2026-35330
Security:	CVE-2026-35331
Security:	CVE-2026-35332
Security:	CVE-2026-35333
Security:	CVE-2026-35334
Sponsored by:	UNIS Labs
MFH:		2026Q2

Currently ML-DSA (used for Digital Signatures) is a draft in strongswan
(ETA Version 6.1.0 or later). So CNSA 2.0 cannot be fully supported yet.
https://linux-ipsec.org/slides/2025/steffen-pqc-auth-for-ikev2.pdf
But most firewalls (Palo Alto / Fortigate) already support ML-KEM Key
Exchange in addition to standard proposals.
E.g. aes128gcm16-ecp256-ke1_mlkem512.

More details:
https://docs.strongswan.org/docs/latest/config/proposals.html

PR:		294305
Approved by:	strongswan@Nanoteq.com (maintainer, timeout 2 weeks)
Sponsored by:	UNIS Labs

Changelog:
https://github.com/strongswan/strongswan/releases/tag/6.0.5

While here:
- Switch from post-install + "if PORT_OPTIONS:MVICI" to
  post-install-VICI-on.
- Add option FIPS_PRF - software implementation plugin.
- Improve plist.
- Refresh patches.

Reported by:	Mike Bressem <mike@bressem.com> (via email)
Approved by:	blanket (fix CVE)
Security:	CVE-2026-25075
Sponsored by:	UNIS Labs
MFH:		2026Q2

Changelog:
https://github.com/strongswan/strongswan/releases/tag/6.0.4

PR:		293003
Approved by:	strongswan@Nanoteq.com (maintainer, timeout > 3 weeks)
MFH:		2026Q1

Error: Orphaned: %%ETCDIR%%.d/iptfs.conf.sample
Error: Orphaned: %%DATADIR%%/templates/config/strongswan.d/iptfs.conf

PR:		290828
Approved by:	blanket, just fix it

ChangeLog:
https://github.com/strongswan/strongswan/releases/tag/6.0.3

PR:		290578
Reviewed by:	brd
MFH:		2025Q4
Security:	CVE-2025-62291
Sponsored by:	Rubicon Communications, LLC ("Netgate")

PR:		286928
Changes:	https://github.com/strongswan/strongswan/releases/tag/6.0.1
Approved by:	strongswan@Nanoteq.com (maintainer timeout)

Note that strongSwan has deprecated the stroke management interface for
years, and it is recommended to migrate the configuration to vici before
it is removed.

PR:	285049

Changelog:
https://github.com/strongswan/strongswan/releases/tag/6.0.0

Remove GNU_CONFIGURE_MANPREFIX.

PR:	284947

Backport upstream commit a7f617ab3328153939cb757a5cf9001071ef8720

PR:		280435
Approved by:	kwf@nanoteq.com (maintainer)

ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.14

PR:		278137
Reported by:	jlduran@gmail.com
Approved by:	strongswan@Nanoteq.com (maintainer, timeout > 2 weeks)

Approved by:    portmgr (blanket)

ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.13

PR:		275620
Reported by:	jlduran@gmail.com
MFH:		2023Q4 (security fix)
Security:	CVE-2023-41913

This is urgent change adding official patch
https://download.strongswan.org/security/CVE-2023-41913/strongswan-5.9.7-5.9.11_charon_tkm_dh_len.patch
that is identical to the change made for strongswan-5.9.12:
https://github.com/strongswan/strongswan/commit/96d793718955820dfe5e6d8aa6127a34795ae39e

It is upto port maintainer to review and maybe upgrade the port to 5.9.12

Obtained from:	strongSwan
Security:	CVE-2023-41913

This allows for proper substitution in manual pages.

PR:		273138
Reported by:	jlduran@gmail.com
Reviewed by:	strongswan@Nanoteq.com (maintainer timeout > 2 weeks)

cherry-pick upstream commit a619356 to fix route installation on FreeBSD

PR:		272841
Reported by:	matteo@FreeBSD.org
Approved by:	strongswan@Nanoteq.com (maintainer)

ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.11

PR:		272739
Reported by:	matteo@FreeBSD.org
Approved by:	strongswan@Nanoteq.com (maintainer)

Cherry pick commit from upstream.

PR:		270380
Reported by:	dronmbi@gtn.ru
Approved by:	strongswan@Nanoteq.com (maintainer)

See also:
  https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html

PR:		269976
Approved-by:	Francois ten Krooden <strongswan@Nanoteq.com> (maintainer)
Changelog:	https://github.com/strongswan/strongswan/releases/tag/5.9.10

This is urgent change adding official patch
https://download.strongswan.org/security/CVE-2023-26463/strongswan-5.9.8-5.9.9_tls_auth_bypass_exp_pointer.patch

It is upto port maintainer to review and maybe upgrade
the port to 5.9.10.

Obtained from:	strongSwan
Security:	CVE-2023-26463

Convert the USE_LDAP=yes to USES=ldap and adds the following features:

- Adds the argument USES=ldap:server to add openldap2{4|5|6}-server as
  RUN_DEPENDS
- Adds the argument USES=ldap<version> and replaces WANT_OPENLDAP_VER
- Adds OPENLDAP versions in bsd.default-versions.mk
- Adds USE_OPENLDAP/WANT_OPENLDAP_VER in Mk/bsd.sanity.mk
- Changes consumers to use the features

Reviewed by:	delphij
Approved by:	portmgr
Differential Revision: https://reviews.freebsd.org/D38233

Remove flag already in the default option.

PR:		268918
Reported by:	jlduran@gmail.com
Approved by:	strongswan@Nanoteq.com (maintainer, implicit in PR)

ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.9

PR:		268918 262743
Reported by:	jlduran@gmail.com
Approved by:	strongswan@Nanoteq.com (maintainer)

Avoid the message:

 "plugin 'gcm': failed to load - gcm_plugin_create not found and no
 plugin file available"

 According to strongSwan's 5.9.8 release notes[1]:

 The gcm plugin has been enabled by default, so that the TLS 1.3 unit
 tests (now indirectly enabled if the pki tool is built due to the
 implementation of EST) can be completed successfully with just the
 default plugins.

 Let's also enable it by default.

 [1]: https://github.com/strongswan/strongswan/releases/tag/5.9.8

PR:		267352

ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.8

Fixes CVE-2022-40617.

PR:		267037
Reported by:	franco@opnsense.org
Approved by:	strongswan@Nanoteq.com (maintainer, implicit)
MFH:		2022Q4	(security update)
Security:	CVE-2022-40617 DoS attack vulnerability

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

This commit implements such a proposal and moves one of the WWW: entries
of each pkg-descr file into the respective port's Makefile. A heuristic
attempts to identify the most relevant URL in case there is more than
one WWW: entry in some pkg-descr file. URLs that are not moved into the
Makefile are prefixed with "See also:" instead of "WWW:" in the pkg-descr
files in order to preserve them.

There are 1256 ports that had no WWW: entries in pkg-descr files. These
ports will not be touched in this commit.

The portlint port has been adjusted to expect a WWW entry in each port
Makefile, and to flag any remaining "WWW:" lines in pkg-descr files as
deprecated.

Approved by:		portmgr (tcberner)

An issue in the upstream port causes key derivation to fail in version 5.9.6.
A work around is to enable the KDF pluging by default.

PR:	264667
Reported by:	strongswan@Nanoteq.com (maintainer)

PR:		264354
Approved by:	Francois ten Krooden (maintainer)

Changes:	https://github.com/strongswan/strongswan/releases/tag/5.9.6

PR:		263748
Approved by:	Francois ten Krooden (maintainer)

Changes:	https://github.com/strongswan/strongswan/releases/tag/5.9.5
PR:		261462
Approved by:	Francois ten Krooden <strongswan@Nanoteq.com> (maintainer)
MFH:		2022Q1
Security:	CVE-2021-45079

Security & Bugfix Update to 5.9.4:
- Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.4
- While here change repos to https
- Fix CVE-2021-41990: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html
- Fix CVE-2021-41991: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html

PR:		259267
Approved by:	strongswan@Nanoteq.com (maintainer)
MFH:		2021Q4

Changelog:	https://github.com/strongswan/strongswan/releases/tag/5.9.3

PR:		257564
Approved by:	strongswan@Nanoteq.com (maintainer)

Fix default control-interface in rc.d script and also
make it user-selectable at build time, defaulting to VICI.

Also mention this change in pkg-message, as previously the
default was "stroke" and it was changed to "vici" with
only a short notice in UPDATING, that was not displayed
when using binary upgrades.

Committing a portfmt'd version.

PR:		255952
Approved by:	strongswan@Nanoteq.com (maintainer)

Add UPDATING entry with migration instruction.

PR:		249865
Submitted by:	driesm.michiels@gmail.com
Approved by:	strongswan@nanoteq.com (maintainer)

ChangeLog: https://wiki.strongswan.org/versions/80

While here, pet linters

PR:	254047
Submitted by:	jlduran@gmail.com
Approved by:	strongswan@Nanoteq.com (maintainer)

Changelog: https://wiki.strongswan.org/versions/79

PR:		252202
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@nanoteq.com (maintainer)

- Also link the tpm2-tss package for testing with the TPM plugin:
  https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin

PR:		249470
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@Nanoteq.com (maintainer)
Relnotes:	https://wiki.strongswan.org/versions/78

make test passes OK

PR:	246535
Submitted by:	jlduran@gmail.com
Reviewed by:	strongswan@Nanoteq.com (maintainer)

PR:		245199
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@Nanoteq.com (maintainer)
Sponsored by:	Rubicon Communications, LLC (Netgate)

PR:		245087
Sponsored by:	Netzkommune GmbH

PR:		243254
Submitted by:	Dries Michiels <driesm.michiels@gmail.com>
Approved by:	maintainer
Event:		Brussels DevSummit 2020

From the following discussion: https://reviews.freebsd.org/D20163
It makes sense to add ipsec as required module for the rc script
of strongSwan.

PR:		243316
Submitted by:	Dries Michiels <driesm.michiels@gmail.com>
Approved by:	maintainer

PR:		242687
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications, LLC (Netgate)

PR:		240684
Approved by:	strongswan@Nanoteq.com (maintainer)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications, LLC (Netgate)

PR:		240316
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@Nanoteq.com (maintainer)

PR:		239458
Submitted by:	Evgeny <mojolicious@yandex.com> (initial revision)
		strongswan@Nanoteq.com (maintainer, brushed-up revision)
Approved by:	strongswan@Nanoteq.com (maintainer)

based on discussion at ports@ [1]. As VPN softwares are put in different
physical category net and security. This is a little bit confusing. Let's
give them new virtual category net-vpn.

[1] https://lists.freebsd.org/pipermail/freebsd-ports/2019-April/115915.html

PR:		239395
Submitted by:	myself
Approved by:	portmgr (mat)
Differential Revision:	https://reviews.freebsd.org/D21174

PR:		238173
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications, LLC (Netgate)

The rc script is modified to allow both a legacy (ipsec.conf-based)
startup or a new (swanctl.conf-based) config. Default is the legacy.

The new setup is based on vici, the Versatile IKE Configuration Interface.

For more details, see:

https://wiki.strongswan.org/projects/strongswan/wiki/Vici

PR:		234648
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Reviewed by:	Sam Chen <sc.gear@one.caeon.com>
Approved by:	strongswan@Nanoteq.com (maintainer)
Differential Revision:	D19367

PR:		236218
Submitted by:	Franco Fichtner <franco@opnsense.org>
Approved by:	strongswan@Nanoteq.com (maintainer)

- Follow the same patching logic for swanctl.conf as the other config
  files.
- Silence warning: $strongswan_enable not properly set.

PR:		235340
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@Nanoteq.com (maintainer)

PR:		234882
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@Nanoteq.com (maintainer)

PR:		231862
Approved by:	maintainer
Obtained from:	pfSense
MFH:		2018Q4
Security:	CVE-2018-16151 CVE-2018-16152
Sponsored by:	Rubicon Communications, LLC (Netgate)

Do not bump version since I'll commit the upgrade to 5.7.1 just after it

PR:		211108
Submitted by:	Dmitry Wagin <dmitry.wagin@ya.ru>
Approved by:	maintainer
Sponsored by:	Rubicon Communications, LLC (Netgate)

PR:		231720
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications, LLC (Netgate)

Fixes:
 - Denial-of-Service Vulnerability in the IKEv2 key derivation
   (CVE-2018-10811)
 - Denial-of-Service Vulnerability in the stroke plugin
   (CVE-2018-5388)
 - Crash on FreeBSD that was present in 5.6.2
 - The kernel-pfkey plugin optionally installs routes via internal
   interface (one with an IP in the local traffic selector). On
   FreeBSD, enabling this selects the correct source IP when sending
   packets from the gateway itself.

PR:		228631
Submitted by:	maintainer

While here, added LICENSE_FILE.

PR:		226404
Submitted by:	strongswan@Nanoteq.com (maintainer)
Approved by:	tcberner (mentor, implicit)

PR:		226043 [1], 220488 [2]
Submitted by:	strongswan@Nanoteq.com (maintainer) [1]
		karl@denninger.net [2]
Approved by:	maintainer [2]
MFH:		2018Q1
Security:	CVE-2018-6459
Sponsored by:	Rubicon Communications, LLC (Netgate)

PR:		220271
Submitted by:	mat (review), Yasuhiro KIMURA (PR)
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D11488

- the gmp plugin responsible for CVE-2017-11185 is not enabled
  in the FreeBSD build

PR:		221716
Relnotes:	https://wiki.strongswan.org/versions/66
Reported by:	i.dani@outlook.com
Approved by:	strongswan@nanoteq.com (maintainer)

PR:		220823
Submitted by:	strongswan@Nanoteq.com (maintainer)
Reported by:	i.dani@outlook.com

Approved by:	strongswan@nanoteq.com (maintainer)
Sponsored by:	Orange

PR:		218430
Approved by:	maintainer
Sponsored by:	Rubicon Communications (Netgate)

PR:		217495

PR:		213844
Approved by:	strongswan@Nanoteq.com (maintainer)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)

Approved by:	SSL blanket

PR:		211095
Submitted by:	strongswan@Nanoteq.com (maintainer)

- Add patch to include sys/endian.h header

PR:		208446
Submitted by:	strongswan@Nanoteq.com (maintainer)
MFH:		2016Q2 (build fix blanket)

With hat:	portmgr
Sponsored by:	Absolight

PR:		208219
Approved by:	swan@nanoteq.com (maintainer)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)

PR:		207948
Submitted by:	jaap@NLnetLabs.nl (maintainer)

- Enable PKI, SWANCTL, and VICI options (no external dependencies)
- Document IMPLIES dependency on VICI for SWANCTL; mention in SWANCTL_DESC
- Bump PORTREVISION

PR:		205438
Reported by:	Nick B <nicblais@clkroot.net>
Submitted by:	strongswan@Nanoteq.com (maintainer)

Some Upgrade Notes:

This release fixes a validation failure for nodata with wildcards and
emptynonterminals. Fixes OpenSSL Library compability. Fixes correct
response for malformed EDNS queries. For crypto in libunbound there is
libnettle support.

Qname minimisation is implemented. Use qname-minimisation: yes to
enable it. This version sends the full query name when an error is
found for intermediate names. It should therefore not fail for names
on nonconformant servers. It combines well with
harden-below-nxdomain: yes because those nxdomains are probed by the
qname minimisation, and that will both stop privacy sensitive traffic
and reduce nonsense traffic to authority servers. So consider
enabling both. In this implementation IPv6 reverse lookups add
several labels per increment, because otherwise those lookups would be
very slow. [ Reference
https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08 ]

More details at <http://unbound.net>

PR:		206347
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>
Approved by:	maintainer timeout
Sponsored by:	DK Hostmaster A/S

Submitted by:	Jose Luis Duran
Obtained from:	https://github.com/pfsense/FreeBSD-ports/pull/2

PR:		204959
Approved by:	strongswan@Nanoteq.com (maintainer)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)

PR:		204597
Submitted by:	strongswan@nanoteq.com (maintainer)
MFH:		2015Q4
Security:	CVE 2015-8023
Security:	https://github.com/strongswan/strongswan/commit/453e204ac40dfff2e0978e8f84a5f8ff0cbc45e2
Sponsored by:	Rubicon Communications (Netgate)

- dff2d05bb9 [1]: kernel-pfKey: Enable AES-CTR
- 04f22cdabc [2]: VICI: add NAT information

Bump PORTREVISION

[1] https://github.com/strongswan/strongswan/commit/dff2d05bb9bec684b3b2efdafc9a47219550bbe1
[2] https://github.com/strongswan/strongswan/commit/04f22cdabc1c97d38692f95392429839f0fa90d1

PR:		204398
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)

PR:		204098
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)

PR:		204090
Approved by:	maintainer

pfSense users reported memory leaks on strongSwan [2] [3] and a it was
reported to upstream [1].

Add a single option and let user choose which printf hook to use, and
change default to use builtin. Bump PORTREVISION due to default change

[1] https://wiki.strongswan.org/issues/1106
[2] https://forum.pfsense.org/index.php?topic=96767.0
[3] https://redmine.pfsense.org/issues/5149

PR:		204051
Approved by:	maintainer
Obtained from:	pfSense
MFH:		2015Q4
Sponsored by:	Rubicon Communications (Netgate)

Spotted by:	Jim Thompson <jim@netgate.com>
Approved by:	strongswan@Nanoteq.com (maintainer)
Sponsored by:	Rubicon Communications (Netgate)

PR:		203178
Approved by:	strongswan@Nanoteq.com (maintainer)
Sponsored by:	Rubicon Communications (Netgate)

PR:		200721
Approved by:	strongswan@Nanoteq.com (maintainer)
MFH:		2015Q2
Security:	CVE-2015-3991
Sponsored by:	Netgate

PR:		199652
Approved by:	stronswan@Nanoteq.com (maintainer)
Sponsored by:	Netgate

Approved by:	portmgr blanket

SMP is an XML control interface for Strongswan used by pfSense and
Opnsense. SMP has been deprecated by upstream since 5.2.0 in favor of a
newer IPC mechanism called VICI. As a result upstream is not motivated
to take patches for SMP, and this uses non-portable strlcpy anyway.

The code has not been deleted from the project and if we can bludgeon it
into a working state I see no harm.

PR:		199442

PR:		199064
Approved by:	maintainer
Sponsored by:	Netgate

PR:		197824
Submitted by:	Franco Fichtner <franco@lastsummer.de> (based on)
Reworked by:	strongswan@Nanoteq.com (maintainer)
Approved by:	strongswan@Nanoteq.com (maintainer)

PR:		196615
Approved by:	strongswan@Nanoteq.com (maintainer)
Security:	CVE-2014-9221

PR:		195580 [1]
Submitted by:	maintainer [1]

Notified by:	antoine

Approved by:	portmgr blanket

While here, including missing library files and use install-strip
target.  Maintainer added a crash fix patch while reviewing.

PR:		192366
Submitted by:	dewayne (heruristicssystems.com.au)
Approved by:	maintainer (strongswan nanoteq.com)

databases/glom:
- Drop :keepla
- Add INSTALL_TARGET=install-strip

databases/libgda4* databases/libgda5*:
- Convert to USES=libtool and bump dependent ports
- USES=tar:xz
- Use INSTALL_TARGET=install-strip
- Use @sample

databases/libgdamm:
- Drop :keepla
- USES=tar:bzip2
- Use INSTALL_TARGET=install-strip

databases/libgdamm5:
- Add INSTALL_TARGET=install-strip
- Drop --enable-static (inherited from old repocopy)

devel/anjuta x11-toolkits/py-gnome-extras:
- Drop :keepla

dns/powerdns dns/powerdns-devel:
- Convert to USES=libtool
- Add INSTALL_TARGET=install-strip
- Disable static modules
- Stop creating library symlinks with .0 suffix, not needed for dynamically
  opened modules

mail/dovecot2:
- Add USES=libtool

mail/dovecot2-pigeonhole:
- Drop CONFIGURE_TARGET (incorrect for Dragonfly)
- Add USES=libtool and INSTALL_TARGET=install-strip

math/gnumeric:
- USES=libtool tar:xz

Approved by:	portmgr (implicit, bump unstaged ports)

Approved by:	portmgr (myself)

- Update strongSwan port to 5.1.3 to resolve CVE 2014-2338
- Fixed rcvar issue with FreeBSD 10 (ports/186865)
- Added building of additional tools included in strongswan (ports/186867)
- libtool fix
- pkg-plist updated

PR:             ports/189132, ports/186865, ports/186867
Submitted by:   Robert Sevat, Dewayne Geraghty, Francois ten Krooden (maintainer)
Approved by:    jadawin (mentor)

Thanks to:	garga@

PR:		ports/186264
Submitted by:	HASHI Hiroaki <hashiz@meridiani.jp>
Approved by:	strongswan <strongswan@Nanoteq.com> (maintainer)

PR:		ports/185535
Submitted by:	Francois ten Krooden <strongswan@nanoteq.com> (maintainer)
Security:	CVE-2013-5018
Security:	CVE-2013-6075
Security:	CVE-2013-6076

Changes:	http://curl.haxx.se/changes.html
PR:		ports/172325 (-exp run), ports/177369 (based on) [1]
Submitted by:	Hirohisa Yamaguchi <umq@ueo.co.jp> [1], hrs (via email) [2]
Exp run by:	miwi

while I'm here remove .sh from rc script

PR:		ports/178266
Submitted by:	David Shane Holden <dpejesh@yahoo.com>
Approved by:	strongswan@nanoteq.com (maintainer)

PR:		ports/173860 (based on)
Submitted by:	Riaan Kruger (maintainer)

In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.

PR:		ports/160401
Submitted by:	Riaan Kruger <riaank@gmail.com> maintainer

PR:		ports/156711 [1]
Submitted by:	Riaan Kruger <riaank@gmail.com> (maintainer)

WWW: http://www.strongswan.org

PR:		ports/147431
Submitted by:	Riaan Kruger <riaank@gmail.com>