Ubuntu
strongswan package

strongswan 5.6.1-2ubuntu1 source package in Ubuntu

Changelog

strongswan (5.6.1-2ubuntu1) bionic; urgency=medium

  * Merge with Debian unstable (LP: #1717343).
    Also fixes and issue with multiple psk's (LP: #1734207). Remaining changes:
    + Clean up d/strongswan-starter.postinst: section about runlevel changes
    + Clean up d/strongswan-starter.postinst: Removed entire section on
      opportunistic encryption disabling - this was never in strongSwan and
      won't be see upstream issue #2160.
    + Ubuntu is not using the debconf triggered private key generation
      - d/rules: Removed patching ipsec.conf on build (not using the
        debconf-managed config.)
      - d/ipsec.secrets.proto: Removed ipsec.secrets.inc reference (was
        used for debconf-managed include of private key).
    + Mass enablement of extra plugins and features to allow a user to use
      strongswan for a variety of extra use cases without having to rebuild.
      - d/control: Add required additional build-deps
      - d/control: Mention addtionally enabled plugins
      - d/rules: Enable features at configure stage
      - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf)
      - d/libstrongswan.install: Add plugins (so, conf)
    + d/strongswan-starter.install: Install pool feature, which is useful since
      we have attr-sql plugin enabled as well using it.
    + Add plugin kernel-libipsec to allow the use of strongswan in containers
      via this userspace implementation (please do note that this is still
      considered experimental by upstream).
      - d/libcharon-extra-plugins.install: Add kernel-libipsec components
      - d/control: List kernel-libipsec plugin at extra plugins description
      - d/p/dont-load-kernel-libipsec-plugin-by-default.patch: As
        upstream recommends to not load kernel-libipsec by default.
    + Relocate tnc plugin
     - debian/libcharon-extra-plugins.install: Drop tnc from extra plugins
     - Add new subpackage for TNC in d/strongswan-tnc-* and d/control
    + d/libstrongswan.install: Reorder conf and .so alphabetically
    + d/libstrongswan.install: Add kernel-netlink configuration files
    + Complete the disabling of libfast; This was partially accepted in Debian,
        it is no more packaging medcli and medsrv, but still builds and
        mentions it.
      - d/rules: Add --disable-fast to avoid build time and dependencies
      - d/control: Remove medcli, medsrv from package description
    + d/control: Mention mgf1 plugin which is in libstrongswan now
    + Add now built (since 5.5.1) libraries libtpmtss and nttfft to
      libstrongswan-extra-plugins (no deps from default plugins).
    + Add rm_conffile for /etc/init.d/ipsec (transition from precies had
      missed that, droppable after 18.04)
    + d/control, d/libcharon-{extras,standard}-plugins.install: Move charon
      plugins for the most common use cases from extra-plugins into a new
      standard-plugins package. This will allow those use cases without pulling
      in too much more plugins (a bit like the tnc package). Recommend that
      package from strongswan-libcharon.
  * Added changes:
    + d/strongswan-tnc-client.install (relocate tnc) swidtag creation changed
      in 5.6
    + d/strongswan-tnc-server.install (relocate tnc) pacman no more needed
    + d/control: bump breaks/replaces from libstrongswan-extra-plugins to
      libstrongswan as we dropped relocating ccm and test-vectors.
      (droppable >18.04).
    - d/control: add breaks/replace from libstrongswan to
      libstrongswan-extra-plugins for the move of mgf1 to libstrongswan.
      (droppable >18.04).
  * Dropped changes:
    + Update init/service handling (debian default matches Ubuntu past now)
      Dropping this fixes (LP: #1734886)
      - d/rules: Change init/systemd program name to strongswan
      - d/strongswan-starter.strongswan.service: Add new systemd file instead of
        patching upstream
      - d/strongswan-starter.links: Removed, use Ubuntu systemd file instead of
        linking to upstream
    + d/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call
      (this is a never failing no-op for us, no need for Delta).
    + d/strongswan-starter.prerm: Stop strongswan service on package removal
      (ipsec now maps to strongswan service, so this works as-is).
    + Clean up d/strongswan-starter.postinst: rename service ipsec to
      strongswan (ipsec now maps to strongswan service, so this works as-is)
    + Clean up d/strongswan-starter.postinst: daemon enable/disable (the
      whole section is disabled, so no need for delta)
    + (is upstream) CVE-2017-11185 patches
    + (is upstream) FTBFS upstream fix for changed include files
    + (is upstream) debian/patches/increase-bliss-test-timeout.patch: Under
       QEMU/KVM autopkgtest the bliss test takes longer than the default
    + (in Debian) add now built (since 5.5.1) mgf1 plugin to
      libstrongswan-extra-plugins.
    + (in Debian) d/strongswan-starter.install: install stroke apparmor profile
    + (this was enabled as part of the former delta, squash changes to no-up)
      d/rules: Disable duplicheck.
    + (not needed) Relocate plugins test-vectors from extra-plugins to
      libstrongswan
      - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles
      - d/libstrongswan.install: Add plugins/confiles
      - d/control: move package descriptions and add required breaks/replaces
    + (not needed) Relocate plugins ccm from extra-plugins to libstrongswan
      - d/libstrongswan-extra-plugins.install: Remove plugins/conffiles
      - d/libstrongswan.install: Add plugins/confiles
      - d/control: move package descriptions and add required breaks/replaces
    + (while using it requires special kernel, it does not hurt to be
      available in the package) Remove ha plugin
      - d/libcharon-extra-plugins.install: Stop installing ha (so, conf)
      - d/rules: Do not enable ha plugin
      - d/control: Drop listing the ha plugin in the package description

strongswan (5.6.1-2) unstable; urgency=medium

  * move counters plugin from -starter to -libcharon. closes: #882431

strongswan (5.6.1-1) unstable; urgency=medium

  * debian/control:
    - remove strongswan-ike{,v1,v2} packages.                   closes: #878979
  * New upstream version 5.6.1
    - fix FTBFS with glibc 2.26+.                               closes: #880561
  * debian/rules: explicitly enable tpm plugin
  * debian/strongswan-starter.install: install counters plugin
  * debian/libstrongswan.install: install MGF1 plugin
  * debian/libstrongswan-extra-plugins.install: install tpm plugin
  * debian/control:
    - update standards version to 4.1.1
    - replace dh-systemd build-dep by updated build-dep on debhelper

strongswan (5.6.0-2) unstable; urgency=medium

  * debian/rules:
    - only use dh_missing --fail-missing when doing an architecture dependent
    packages.                                                   closes: #874152

strongswan (5.6.0-1) unstable; urgency=medium

  * New upstream release.
    - fix insufficient input validation in gmp plugin, which can cause a
    denial of service vulnerability (CVE-2017-11185)            closes: #872155
  * debian/rules:
    - remove .la files before install
    - don't call dh_install with --fail-missing
    - override dh_missing with --fail-missing to catch uninstalled files
    - apply patch from Gerald Turner to restrict permissions on swanctl folder
      containing private material.
    - replace DEB_BUILD_* by DEB_HOST_* when needed, fix FTCBFS, for example
      when building for ppc64el on x86. Thanks Helmut Grohne.   closes: #866669
  * debian/strongswan-swanctl.install:
    - install the whole /etc/swanctl folder, including (empty) subfolders.
                                                                closes: #866324
  * debian/charon-systemd.install:
    - install charon-systemd.conf files, thanks Gerald Turner.  closes: #866325
  * Add AppArmor profiles for swanctl and charon-system, thanks Gerald Turner.
                                                                closes: #866327
  * debian/libcharon-extra-plugins.install:
    - install pt-tls-client in /u/b and also install its manpage.
  * debian/strongswan-swanctl.lintian-overrides:
    - add lintian overrides for private keys directories using 700
    permissions.

strongswan (5.5.3-2) unstable; urgency=medium

  * debian/control:
    - fix typo in libstrongswan-extra-plugins long description.
  * move curve25519 plugin from libcharon-extra-plugins to
    libstrongswan-extra-plugins

strongswan (5.5.3-1) unstable; urgency=medium

  * New upstream release.
  * debian/control:
    - update standards version to 4.0.0

strongswan (5.5.2-1) experimental; urgency=medium

  * New upstream release.
  * debian/patches/03_systemd-service refreshed.
  * debian/libcharon-extra-plugins.install:
    - include curve25519 plugin.
  * debian/libstrongswan-extra-plugins.install:
    - install libtpmtss library.

 -- Christian Ehrhardt <email address hidden>  Wed, 29 Nov 2017 15:55:18 +0100

Upload details

Uploaded by:
Christian Ehrhardt 
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
strongswan_5.6.1.orig.tar.bz2 4.7 MiB e0c282d8ad418609c5dfb5e8efa01b28b95ef3678070ed47bf2a229f55f4ab53
strongswan_5.6.1-2ubuntu1.debian.tar.xz 131.8 KiB 3e4b80e102eed83cb9d684d68a6db44f54c2d9fe9c4d036230b801f9f6a9e222
strongswan_5.6.1-2ubuntu1.dsc 4.0 KiB c2327e7ce249dd781705431e2d15811bd9d543f56b8a7a40f88380a1342b7cac

Available diffs

View changes file

Binary packages built by this source

charon-cmd: standalone IPsec client

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package contains the charon-cmd command, which can be used as a client to
 connect to a remote IKE daemon.

charon-cmd-dbgsym: debug symbols for charon-cmd
charon-systemd: strongSwan IPsec client, systemd support

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package contains the charon-systemd files.

charon-systemd-dbgsym: debug symbols for charon-systemd
libcharon-extra-plugins: strongSwan charon library (extra plugins)

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides extra plugins for the charon library:
  - addrblock (Narrow traffic selectors to RFC 3779 address blocks in X.509
    certificates)
  - dhcp (Forwarding of DHCP requests for virtual IPs to DHCP server)
  - certexpire (Export expiration dates of used certificates)
  - eap-aka (Generic EAP-AKA protocol handler using different backends)
  - eap-gtc (EAP-GTC protocol handler authenticating with XAuth backends)
  - eap-identity (EAP-Identity identity exchange algorithm, to use with other
    EAP protocols)
  - eap-md5 (EAP-MD5 protocol handler using passwords)
  - eap-radius (EAP server proxy plugin forwarding EAP conversations to a
    RADIUS server)
  - eap-tls (EAP-TLS protocol handler, to authenticate with certificates in
    EAP)
  - eap-tnc (EAP-TNC protocol handler, Trusted Network Connect in a TLS tunnel)
  - eap-ttls (EAP-TTLS protocol handler, wraps other EAP methods securely)
  - error-notify (Notification about errors via UNIX socket)
  - farp (fake ARP responses for requests to virtual IP address)
  - ha (High-Availability clustering)
  - kernel-libipsec (Userspace IPsec Backend with TUN devices)
  - led (Let Linux LED subsystem LEDs blink on IKE activity)
  - lookip (Virtual IP lookup facility using a UNIX socket)
  - tnc (Trusted Network Connect)
  - unity (Cisco Unity extensions for IKEv1)
  - xauth-eap (XAuth backend that uses EAP methods to verify passwords)
  - xauth-pam (XAuth backend that uses PAM modules to verify passwords)
  - eap-aka-3gpp2 (EAP-AKA backend implementing standard 3GPP2 algorithm in software)
  - eap-dynamic (EAP proxy plugin that dynamically selects an EAP method requested/supported by the client (since 5.0.1))
  - eap-peap (EAP-PEAP protocol handler, wraps other EAP methods securely)
  - eap-sim (Generic EAP-SIM protocol handler using different backends)
  - eap-sim-file (EAP-SIM backend reading triplets from a file)
  - eap-sim-pcsc (EAP-SIM backend based on a PC/SC smartcard reader)
  - eap-simaka-pseudonym (EAP-SIM/AKA in-memory pseudonym identity database)
  - eap-simaka-reauth (EAP-SIM/AKA in-memory reauthentication identity database)
  - eap-simaka-sql (EAP-SIM/AKA backend reading triplets/quintuplets from a SQL database)
  - xauth-noauth (XAuth backend that does not do any authentication (since 5.0.3))

libcharon-extra-plugins-dbgsym: debug symbols for libcharon-extra-plugins
libcharon-standard-plugins: strongSwan charon library (standard plugins)

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides standard plugins for the charon library:
  - eap-mschapv2 (EAP-MSCHAPv2 protocol handler using passwords/NT hashes)
  - xauth-generic (Generic XAuth backend that provides passwords from
    ipsec.secrets and other credential sets)

libcharon-standard-plugins-dbgsym: debug symbols for libcharon-standard-plugins
libstrongswan: strongSwan utility and crypto library

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides the underlying libraries of charon and other strongSwan
 components. It is built in a modular way and is extendable through various
 plugins.
 .
 Some default (as specified by the strongSwan projet) plugins are included.
 For libstrongswan (cryptographic backends, URI fetchers and database layers):
  - aes (AES-128/192/256 cipher software implementation)
  - constraints (X.509 certificate advanced constraint checking)
  - dnskey (Parse RFC 4034 public keys)
  - fips-prf (PRF specified by FIPS, used by EAP-SIM/AKA algorithms)
  - gmp (RSA/DH crypto backend based on libgmp)
  - hmac (HMAC wrapper using various hashers)
  - md4 (MD4 hasher software implementation)
  - md5 (MD5 hasher software implementation)
  - mgf1 (Mask Generation Functions based on the SHA-1, SHA-256 and SHA-512)
  - nonce (Default nonce generation plugin)
  - pem (PEM encoding/decoding routines)
  - pgp (PGP encoding/decoding routines)
  - pkcs1 (PKCS#1 encoding/decoding routines)
  - pkcs8 (PKCS#8 decoding routines)
  - pkcs12 (PKCS#12 decoding routines)
  - pubkey (Wrapper to handle raw public keys as trusted certificates)
  - random (RNG reading from /dev/[u]random)
  - rc2 (RC2 cipher software implementation)
  - revocation (X.509 CRL/OCSP revocation checking)
  - sha1 (SHA1 hasher software implementation)
  - sha2 (SHA256/SHA384/SHA512 hasher software implementation)
  - sshkey (SSH key decoding routines)
  - x509 (Advanced X.509 plugin for parsing/generating X.509 certificates/CRLs
    and OCSP messages)
  - xcbc (XCBC wrapper using various ciphers)
  - attr (Provides IKE attributes configured in strongswan.conf)
  - kernel-netlink [linux] (IPsec/Networking kernel interface using Linux
    Netlink)
  - kernel-pfkey [kfreebsd] (IPsec kernel interface using PF_KEY)
  - kernel-pfroute [kfreebsd] (Networking kernel interface using PF_ROUTE)
  - resolve (Writes name servers received via IKE to a resolv.conf file or
    installs them via resolvconf(8))
  .
  Also included is the libtpmtss library adding support for TPM plugin
  (https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin)

libstrongswan-dbgsym: debug symbols for libstrongswan
libstrongswan-extra-plugins: strongSwan utility and crypto library (extra plugins)

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides extra plugins for the strongSwan utility and
 cryptographic library.
 .
 Included plugins are:
  - acert (Support of X.509 attribute certificates (since 5.1.3))
  - af-alg [linux] (AF_ALG Linux crypto API interface, provides
    ciphers/hashers/hmac/xcbc)
  - attr-sql (provide IKE attributes read from a database to peers)
  - bliss (Bimodal Lattice Signature Scheme (BLISS) post-quantum computer
    signature scheme)
  - ccm (CCM cipher mode wrapper)
  - chapoly (ChaCha20/Poly1305 AEAD implementation)
  - cmac (CMAC cipher mode wrapper)
  - ctr (CTR cipher mode wrapper)
  - coupling (Permanent peer certificate coupling)
  - curl (libcurl based HTTP/FTP fetcher)
  - curve25519 (support for Diffie-Hellman group 31 using Curve25519 and
    support for the Ed25519 digital signature algorithm for IKEv2)
  - dnscert (authentication via CERT RRs protected by DNSSEC)
  - gcrypt (Crypto backend based on libgcrypt, provides
    RSA/DH/ciphers/hashers/rng)
  - ipseckey (authentication via IPSECKEY RRs protected by DNSSEC)
  - ldap (LDAP fetching plugin based on libldap)
  - load-tester (perform IKE load tests against self or gateway)
  - mysql (database backend)
  - ntru (key exchanged based on post-quantum computer NTRU)
  - nttfft (Number Theoretic Transform via the FFT algorithm)
  - padlock (VIA padlock crypto backend, provides AES128/SHA1)
  - pkcs11 (PKCS#11 smartcard backend)
  - radattr (inject and process custom RADIUS attributes as IKEv2 client)
  - sql (SQL configuration and creds engine)
  - sqlite (SQLite database backend)
  - soup (libsoup based HTTP fetcher)
  - tpmtss (TPM 1.2 and TPM 2.0 Trusted Platform Modules)
  - rdrand (High quality / high performance random source using the Intel
    rdrand instruction found on Ivy Bridge processors)
  - test-vectors (Set of test vectors for various algorithms)
  - unbound (DNSSEC enabled resolver using libunbound)
  - whitelist (peer verification against a whitelist)

libstrongswan-extra-plugins-dbgsym: debug symbols for libstrongswan-extra-plugins
libstrongswan-standard-plugins: strongSwan utility and crypto library (standard plugins)

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides some common plugins for the strongSwan utility and
 cryptograhic library.
 .
 Included plugins are:
  - agent (RSA/ECDSA private key backend connecting to SSH-Agent)
  - gcm (GCM cipher mode wrapper)
  - openssl (Crypto backend based on OpenSSL, provides
    RSA/ECDSA/DH/ECDH/ciphers/hashers/HMAC/X.509/CRL/RNG)

libstrongswan-standard-plugins-dbgsym: debug symbols for libstrongswan-standard-plugins
strongswan: IPsec VPN solution metapackage

 The strongSwan VPN suite uses the native IPsec stack in the standard Linux
 kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This metapackage installs the packages required to maintain IKEv1 and IKEv2
 connections via ipsec.conf or ipsec.secrets.

strongswan-charon: strongSwan Internet Key Exchange daemon

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 charon is an IPsec IKEv2 daemon which can act as an initiator or a responder.
 It is written from scratch using a fully multi-threaded design and a modular
 architecture. Various plugins can provide additional functionality.

strongswan-charon-dbgsym: debug symbols for strongswan-charon
strongswan-libcharon: strongSwan charon library

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package contains the charon library, used by IKE client like
 strongswan-charon, strongswan-charon-cmd or strongswan-nm as well as standard
 plugins:
   - socket-default
   - counters
   - bypass-lan (disabled by default)

strongswan-libcharon-dbgsym: debug symbols for strongswan-libcharon
strongswan-nm: strongSwan plugin to interact with NetworkManager

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This plugin provides an interface which allows NetworkManager to configure
 and control the IKEv2 daemon directly through D-Bus. It is designed to work
 in conjunction with the network-manager-strongswan package, providing
 a simple graphical frontend to configure IPsec based VPNs.

strongswan-nm-dbgsym: debug symbols for strongswan-nm
strongswan-pki: strongSwan IPsec client, pki command

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package contains the pki tool which allows on to run a simple public key
 infrastructure.

strongswan-pki-dbgsym: debug symbols for strongswan-pki
strongswan-scepclient: strongSwan IPsec client, SCEP client

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package contains the SCEP client, an implementation of the Cisco System's
 Simple Certificate Enrollment Protocol (SCEP).

strongswan-scepclient-dbgsym: debug symbols for strongswan-scepclient
strongswan-starter: strongSwan daemon starter and configuration file parser

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 The starter and the associated "ipsec" script control the charon daemon from
 the command line. It parses ipsec.conf and loads the configurations to the
 daemon.

strongswan-starter-dbgsym: debug symbols for strongswan-starter
strongswan-swanctl: strongSwan IPsec client, swanctl command

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package contains the swanctl interface, used to configure a running
 charon daemon

strongswan-swanctl-dbgsym: debug symbols for strongswan-swanctl
strongswan-tnc-base: strongSwan Trusted Network Connect's (TNC) - base files

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides the base files for strongSwan's Trusted Network
 Connect's (TNC) functionality.
 .
 strongSwan's IMC/IMV dynamic libraries can be used by any third party TNC
 client/server implementation possessing a standard IF-IMC/IMV interface.

strongswan-tnc-base-dbgsym: debug symbols for strongswan-tnc-base
strongswan-tnc-client: strongSwan Trusted Network Connect's (TNC) - client files

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides the client functionality for strongSwan's Trusted Network
 Connect's (TNC) features.
 .
 It includes the OS, scanner, test, SWID, and attestation IMCs.

strongswan-tnc-client-dbgsym: debug symbols for strongswan-tnc-client
strongswan-tnc-ifmap: strongSwan plugin for Trusted Network Connect's (TNC) IF-MAP client

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides Trusted Network Connect's (TNC) IF-MAP 2.0 client.

strongswan-tnc-ifmap-dbgsym: debug symbols for strongswan-tnc-ifmap
strongswan-tnc-pdp: strongSwan plugin for Trusted Network Connect's (TNC) PDP

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides Trusted Network Connect's (TNC) Policy Decision Point
 (PDP) with RADIUS server interface.

strongswan-tnc-pdp-dbgsym: debug symbols for strongswan-tnc-pdp
strongswan-tnc-server: strongSwan Trusted Network Connect's (TNC) - server files

 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides the server functionality for strongSwan's Trusted Network
 Connect's (TNC) features.

strongswan-tnc-server-dbgsym: debug symbols for strongswan-tnc-server