Autoconf options for strongSwan 4.1 releases¶
strongSwan can be built with the following ./configure options:
--dir options¶
--prefix=PREFIX
where to put installation [ /usr/local ]. Most Linux distributions use "/usr".
--libexecdir=LIBEXECDIR
program executables [ PREFIX/libexec ]
--sysconfdir=SYSCONFDIR
where to put configuration files [ PREFIX/etc ]. We strongly recommend "/etc".
--enable options¶
--enable-cisco-quirks
enable support of Cisco VPN client [ no ].
--enable-dumm
build the new UML test framework [ no ]. See DUMM.
--enable-eap-aka
build AKA authentication module for EAP [ no ].
--enable-eap-md5
build MD5 (CHAP) authentication module for EAP [ no ].
--enable-eap-identity
build EAP module providing EAP-Identity helper [ no ].
--enable-eap-sim
build SIM authentication module for EAP [ no ].
--enable-http
enable CURL fetcher plugin to fetch files (CRLs/OCSP) via libcurl [ no ]. Requires libcurl.
--enable-integrity-test
enable the integrity test of the crypto library [ no ].
--enable-ldap
enable LDAP fetcher to fetch files (CRLs) from an LDAP server [ no ]. Requires OpenLDAP.
--enable-leak-detective
enable malloc hooks to find memory leaks [ no ].
--enable-manager
build the strongSwan manager web application [ no ]. See Manager.
--enable-nat-transport
enable NAT traversal with IPsec transport mode [ no ].
--enable-p2p
enable IKEv2 Mediation Extension [ no ].
--enable-smartcard
enable smartcard support [ no ].
--enable-sqlite
enable SQLite database support [ no ]. Requires libsqlite3.
--enable-xml
enable XML configuration and control interface [ no ]. Requires libxml. See SMP.
--disable options¶
--disable-charon
disable the build of the IKEv2 keying daemon charon [ no ].
You should set charonstart=no in ipsec.conf to prevent starter from launching charon.
--disable-pluto
disable the build of the IKEv1 keying daemon pluto [ no ]. The IKEv2 keying daemon
charon does not use a RAW socket, as only one daemon is running.
You should set plutostart=no in ipsec.conf to prevent starter from launching pluto.
--disable-self-test
disable the self-test of the crypto library [ no ].
--disable-tools
disable the build of additional ipsec utilites (currently scepclient and openac) [ no ].
--disable-vendor-id
disable the sending of the strongSwan vendor ID [ no ].
--disable-xauth-vid
disable the sending of the XAUTH vendor ID [ no ].
--with options¶
--with-backenddir=DIR
path for pluggable configuration backend modules [ PLUGINDIR/backends ]
--with-default-pkcs11=LIB
set the default PKCS11 library [ /usr/lib/opensc-pkcs11.so ]
--with-eapdir=DIR
path for pluggable EAP modules [ PLUGINDIR/eap ]
--with-gid=GID
change group of the daemons to GID after startup [ 0 ]
--with-interfacedir=DIR
path for pluggable control interface modules [ PLUGINDIR/interfaces ]
--with-ipsecdir=IPSECDIR
installation path for ipsec tools [ LIBEXECDIR/ipsec ]
--with-linux-headers=DIR
linux header files to be used [ ../include ]
--with-piddir=DIR
path for PID and UNIX socket files [ /var/run ]
--with-plugindir=PLUGINDIR
installation path for plugins [ IPSECDIR/plugins ]
--with-random-device=DEV
set the device for true random data [ /dev/random ]
-with-resolv-conf=FILE
set the file to store DNS server information [ SYSCONFDIR/resolv.conf ]
--with-routing-table=NUM
routing table for IPsec source routes [ 220 ]
--with-routing-table-prio=PRIO
priority for IPsec routing table [ 220 ]
--with-sim-reader=LIB
library containing the sim_run_alg()/sim_get_triplet() function for EAP-SIM []
--with-uid=UID
change user of the daemons to UID after startup [ 0 ]
--with-urandom-device=DEV
set the device for pseudo random data [ /dev/urandom ]
--with-xauth-module=LIB
set the path to the XAUTH module []