Autoconf options for strongSwan 4.1 releases
strongSwan can be built with the following ./configure options:
--dir options
--prefix=PREFIX
where to put installation [/usr/local]. Most Linux distributions use "/usr".
--libexecdir=LIBEXECDIR
program executables [PREFIX/libexec]
--sysconfdir=SYSCONFDIR
where to put configuration files [PREFIX/etc]. We strongly recommend "/etc".
--enable options
--enable-cisco-quirks
enable support of Cisco VPN client [no].
--enable-dumm
build the new UML test framework [no]. See DUMM.
--enable-eap-aka
build AKA authentication module for EAP [no].
--enable-eap-md5
build MD5 (CHAP) authentication module for EAP [no].
--enable-eap-identity
build EAP module providing EAP-Identity helper [no].
--enable-eap-sim
build SIM authentication module for EAP [no].
--enable-http
enable CURL fetcher plugin to fetch files (CRLs/OCSP) via libcurl [no]. Requires libcurl.
--enable-integrity-test
enable the integrity test of the crypto library [no].
--enable-ldap
enable LDAP fetcher to fetch files (CRLs) from an LDAP server [no]. Requires OpenLDAP.
--enable-leak-detective
enable malloc hooks to find memory leaks [no].
--enable-manager
build the strongSwan manager web application [no]. See Manager.
--enable-nat-transport
enable NAT traversal with IPsec transport mode [no].
--enable-p2p
enable IKEv2 Mediation Extension [no].
--enable-smartcard
enable smartcard support [no].
--enable-sqlite
enable SQLite database support [no]. Requires libsqlite3.
--enable-xml
enable XML configuration and control interface [no]. Requires libxml. See SMP.
--disable options
--disable-charon
disable the build of the IKEv2 keying daemon charon [no]. You should set charonstart=no in ipsec.conf to prevent starter from launching charon.
--disable-pluto
disable the build of the IKEv1 keying daemon pluto [no]. The IKEv2 keying daemon charon does not use a RAW socket, as only one daemon is running. You should set plutostart=no in ipsec.conf to prevent starter from launching pluto.
--disable-self-test
disable the self-test of the crypto library [no].
--disable-tools
disable the build of additional ipsec utilites (currently scepclient and openac) [no].
--disable-vendor-id
disable the sending of the strongSwan vendor ID [no].
--disable-xauth-vid
disable the sending of the XAUTH vendor ID [no].
--with options
--with-backenddir=DIR
path for pluggable configuration backend modules [PLUGINDIR/backends]
--with-default-pkcs11=LIB
set the default PKCS11 library [/usr/lib/opensc-pkcs11.so]
--with-eapdir=DIR
path for pluggable EAP modules [PLUGINDIR/eap]
--with-gid=GID
change group of the daemons to GID after startup [0]
--with-interfacedir=DIR
path for pluggable control interface modules [PLUGINDIR/interfaces]
--with-ipsecdir=IPSECDIR
installation path for ipsec tools [LIBEXECDIR/ipsec]
--with-linux-headers=DIR
linux header files to be used [../include]
--with-piddir=DIR
path for PID and UNIX socket files [/var/run]
--with-plugindir=PLUGINDIR
installation path for plugins [IPSECDIR/plugins]
--with-random-device=DEV
set the device for true random data [/dev/random]
-with-resolv-conf=FILE
set the file to store DNS server information [SYSCONFDIR/resolv.conf]
--with-routing-table=NUM
routing table for IPsec source routes [220]
--with-routing-table-prio=PRIO
priority for IPsec routing table [220]
--with-sim-reader=LIB
library containing the sim_run_alg()/sim_get_triplet() function for EAP-SIM []
--with-uid=UID
change user of the daemons to UID after startup [0]
--with-urandom-device=DEV
set the device for pseudo random data [/dev/urandom]
--with-xauth-module=LIB
set the path to the XAUTH module []