Autoconf options for strongSwan 4.2 releases¶
strongSwan can be built with the following ./configure options:
--dir options¶
--prefix=PREFIX
where to put installation [ /usr/local ]. Most Linux distributions use "/usr".
--libexecdir=LIBEXECDIR
program executables [ PREFIX/libexec ]
--sysconfdir=SYSCONFDIR
where to put configuration files [ PREFIX/etc ]. We strongly recommend "/etc".
--enable options¶
--enable-agent
enables the ssh-agent signing plugin [ no ].
--enable-cisco-quirks
enable support of Cisco VPN client [ no ].
--enable-curl
enable plugin to fetch files (CRL/OCSP) via libcurl [ no ]. Requires libcurl.
--enable-dumm
build the new UML test framework [ no ]. See DUMM.
--enable-eap-aka
build AKA authentication module for EAP [ no ].
--enable-eap-gtc
build PAM-based GTC authenication module for EAP [ no ]
--enable-eap-identity
build EAP module providing EAP-Identity helper [ no ].
--enable-eap-md5
build MD5 (CHAP) authentication module for EAP [ no ].
--enable-eap-mschapv2
build Microsoft CHAP version 2 authentication module for EAP [ no ].
--enable-eap-radius
build RADIUS proxy authentication module for EAP [ no ].
--enable-eap-sim
build SIM authentication module for EAP [ no ].
--enable-eap-sim-file
build EAP-SIM back end based on a triplets file [ no ]
--enable-fast
build libfast (FastCGI Application Server w/ templates [ no ]. See libfast.
--enable-integrity-test
enable the integrity test of the crypto library [ no ].
--enable-kernel-klips
enable the PFKEYv2 KLIPS kernel interface [ no ].
--enable-kernel-pfkey
enable the PFKEYv2 NETKEY kernel interface [ no ].
--enable-ldap
enable LDAP fetcher to fetch files (CRLs) from an LDAP server [ no ]. Requires OpenLDAP.
--enable-leak-detective
enable malloc hooks to find memory leaks [ no ].
--enable-load-tests
enable load testing plugin for IKEv2 daemon [ no ].
--enable-lock-profiler
enable lock/mutex profiling code [ no ].
--enable-manager
build the strongSwan manager web application [ no ]. See Manager.
--enable-medcli
enable mediation client web front end and daemon plugin [ no ]
--enable-mediation
enable IKEv2 Mediation Extension [ no ].
--enable-medsrv
enable mediation server web front end and daemon plugin [ no ]
--enable-md4
enable MD4 software implementation plugin. Required for eap-mschapv2 plugin [ no ]
--enable-mysql
enable MySQL database support [ no ]. Requires libmysqlclient_r.
--enable-nat-transport
enable NAT traversal with IPsec transport mode [ no ].
--enable-nm
enable the NetworkManager plugin [ no ].
--enable-openssl
enable the OpenSSL crypto plugin [ no ]. Requires libcrypto.so.0.9.8.
--enable-padlock
enable the padlock crypto plugin [ no ]. Requires a VIA Padlock crypto engine.
--enable-smartcard
enable smartcard support [ no ].
--enable-smp
enable XML configuration and control interface [ no ]. Requires libxml. See SMP.
--enable-sql
enable SQL database configuration backend [ no ]. See SQL.
--enable-sqlite
enable SQLite database support [ no ]. Requires libsqlite3.
--enable-uci
enable the OpenWRT UCI configuration plugin [ no ].
--enable-unit-tests
enable unit tests on IKEv2 daemon startup [ no ].
--disable options¶
--disable-aes
disable default AES software implementation plugin [ no ].
--disable-charon
disable the build of the IKEv2 keying daemon charon [ no ].
You should set charonstart=no in ipsec.conf to prevent starter from launching charon.
--disable-des
disable default DES/3DES software implementation plugin [ no ].
--disable-fips-prf
disable default FIPS PRF software implementation plugin [ no ].
--disable-gmp
disable default GNU Multi Precision (libgmp) based public key cryptography implementation plugin [ no ].
--disable-hmac
disable default HMAC crypto implementation plugin [ no ].
--disable-md5
disable default MD5 software implementation plugin [ no ].
--disable-pluto
disable the build of the IKEv1 keying daemon pluto [ no ].
The IKEv2 keying daemon charon does not use a RAW socket, as only one daemon is running.
You should set plutostart=no in ipsec.conf to prevent starter from launching pluto.
--disable-pubkey
disable default public key support plugin [ no ].
--disable-random
disable default RNG implementation using the raw /dev/(u)random devices [ no ].
--disable-self-test
disable the self-test of the crypto library [ no ].
--disable-sha1
disable default SHA-1 software implementation plugin [ no ].
--disable-sha2
disable default SHA-2 software implementation plugin [ no ].
--disable-stroke
disable charons stroke (pluto compatibility) configuration backend [ no ].
--disable-tools
disable the build of additional ipsec utilites (currently scepclient and openac) [ no ].
--disable-updown
disable the installation of the updown firewall scripts [ _no ].
--disable-vendor-id
disable the sending of the strongSwan vendor ID [ no ].
--disable-xauth-vid
disable the sending of the XAUTH vendor ID [ no ].
--disable-x509
disable default X.509 certificate implementation plugin [ no ].
--disable-xcbc
disable default XCBC crypto implementation plugin [ no ].
--with options¶
--with-backenddir=DIR
path for pluggable configuration backend modules [ PLUGINDIR/backends ]
--with-capabilities=LIBCAP
capability dropping using libcap. Currently only the value libcap is supported [ no ].
--with-default-pkcs11=LIB
set the default PKCS11 library [ /usr/lib/opensc-pkcs11.so ].
--with-eapdir=DIR
path for pluggable EAP modules [ PLUGINDIR/eap ].
--with-group=GROUP
change group of the daemons to GROUP after startup [ root ].
--with-interfacedir=DIR
path for pluggable control interface modules [ PLUGINDIR/interfaces ].
--with-ipsecdir=IPSECDIR
installation path for ipsec tools [ LIBEXECDIR/ipsec ].
--with-linux-headers=DIR
linux header files to be used [ ../include ].
--with-piddir=DIR
path for PID and UNIX socket files [ /var/run ].
--with-plugindir=PLUGINDIR
installation path for plugins [ IPSECDIR/plugins ].
--with-random-device=DEV
set the device for true random data [ /dev/random ].
--with-resolv-conf=FILE
set the file to store DNS server information [ SYSCONFDIR/resolv.conf ].
--with-routing-table=NUM
routing table for IPsec source routes [ 220 ].
--with-routing-table-prio=PRIO
priority for IPsec routing table [ 220 ].
--with-sim-reader=LIB
library containing the sim_run_alg()/sim_get_triplet() function for EAP-SIM [].
--with-user=USER
change user of the daemons to USER after startup [ root ].
--with-urandom-device=DEV
set the device for pseudo random data [ /dev/urandom ].
--with-xauth-module=LIB
set the path to the XAUTH module [].