Openswan is available in the Stable (aka "Sarge"), Testing (aka "Etch"), and Unstable (aka "Sid") branches and users of FreeS/WAN should migrate.
FreeS/WAN is the only available alternative in the old Stable (aka "Woody") branch.
More info is provided at http://packages.debian.org/openswan and http://packages.debian.org/freeswan.
To install the userspace programs:
apt-get install openswan
Both 2.4 and 2.6 in Stable (sarge), Testing (etch), and Unstable (sid) include the 26sec IPSec stack. In other words you don't have to patch the kernel if you run a stock debian kernel. In woody, the kernel has to be patched to include KLIPS. See "alternative ipsec stack" below.
Linux 2.6 includes a new ipsec stack called "26sec" by the Openswan people. Linux 2.4.24(?) and later include a backport of the Linux 2.6 IPSec stack.
With an older, 2.4 series kernel you also need to install either the source for the Openswan modules or, when building a non-modular kernel or compiling IPSec non-modular, a patch for your kernel:
apt-get install openswan-modules-source or with non-modular approach: apt-get install kernel-patch-openswan
The FreeS/WAN ipsec stack, called KLIPS, is also available for both 2.4 and 2.6 but needs manual patching if you prefer it over 26sec.
Debian-specific mailinglist for Openswan: https://www.gibraltar.at/mailman/listinfo/debian-openswan
The Hardened Debian project provides fully functional updated kernels with the latest OpenSwan code and IPSec stack, also with other important security enhancements. Their sources can be located at: http://cvs.debian-hardened.org/cgi-bin/viewcvs/debian-hardened/, for cvs , and https://sourceforge.net/projects/debianhardened , for direct download.
More info about building on Debian Woody here:
Building from tarballs for 2.4
