Autoconf options for the most current strongSwan release » History » Version 11
« Previous -
Version 11/60
(diff) -
Next » -
Current version
Andreas Steffen, 07.04.2011 16:09
added --enable-eap-sim-pcsc
Autoconf options for strongSwan 4.5 releases¶
- Table of contents
- Autoconf options for strongSwan 4.5 releases
strongSwan can be built with the following ./configure options:
--dir options¶
--prefix=PREFIX
where to put installation [ /usr/local ]. Most Linux distributions use "/usr".
--libexecdir=LIBEXECDIR
program executables [ PREFIX/libexec ]
--sysconfdir=SYSCONFDIR
where to put configuration files [ PREFIX/etc ]. We strongly recommend "/etc".
--enable options¶
--enable-addrblock
enable RFC 3779 address block constraint support plugin.
--enable-af-alg
enable AF_ALG crypto interface to Linux Crypto API [ no ].
--enable-agent
enable the ssh-agent signing plugin [ no ].
--enable-android
enable the Android specific plugin [ no ].
--enable-attr-sql
enable the SQL based configuration attribute plugin [ no ].
This is a plugin for VPN gateways only, serving virtual IP addresses
--enable-blowfish
enable Blowfish software implementation plugin [ no ].
--enable-ccm
enable the CCM AEAD wrapper crypto plugin [ no ].
--enable-cisco-quirks
enable support of Cisco VPN client [ no ].
--enable-conftest
enforce Suite B conformance test framework [ no ].
--enable-coupling
enable plugin coupling peer certificates [ no ].
--enable-curl
enable plugin to fetch files (CRL/OCSP) via libcurl [ no ]. Requires libcurl.
--enable-ctr
enable the counter mode wrapper crypto plugin [ no ].
--enable-dhcp
enable DHCP-based attribute provider plugin. [ no ].
--enable-dumm
build the new UML test framework [ no ]. See DUMM.
--enable-duplicheck
enable advanced duplicate checking plugin using liveness [ no ].
--enable-eap-aka
build AKA authentication module for EAP [ no ].
--enable-eap-aka-3gpp2
build EAP AKA backend module implementing 3GPP2 algorithm in software [ no ]. Requires libgmp.
--enable-eap-gtc
build PAM-based GTC authentication module for EAP [ no ]
--enable-eap-identity
build EAP module providing EAP-Identity helper [ no ].
--enable-eap-md5
build MD5 (CHAP) authentication module for EAP [ no ].
--enable-eap-mschapv2
build Microsoft CHAP version 2 authentication module for EAP [ no ].
--enable-eap-peap
enable EAP PEAP authentication plugin [ no ].
--enable-eap-radius
build RADIUS proxy authentication module for EAP [ no ].
--enable-eap-sim
build SIM authentication module for EAP [ no ].
--enable-eap-sim-file
build EAP-SIM back end based on a triplets file [ no ]
---enable-eap-sim-pcsc
build EAP-SIM back end based on a smartcard reader [ no ]. Requires libpcsclite
-enable-eap-simaka
enable EAP-SIM/AKA backend [ no ].
--enable-eap-simaka-pseudonym
enable EAP-SIM/AKA pseudonym storage [ no ].
--enable-eap-simaka-reauth
enable EAP-SIM/AKA reauthentication data storage [ no ].
--enable-eap-simaka-sql
enable EAP-SIM/AKA backend based on a database [ no ].
--enable-eap-tls
enable EAP TLS authentication plugin [ no ].
--enable-eap-tnc
enable EAP TNC trusted network connect plugin [ no ].
--enable-eap-ttls
enable EAP TTLS authentication plugin [ no ].
--enable-farp
enable ARP-faking plugin that responds to ARP requests [ no ].
--enable-fast
build libfast (FastCGI Application Server w/ templates [ no ]. See libfast.
--enable-gcm
enable the GCM AEAD wrapper crypto plugin [ no ].
--enable-gcrypt
enable the libgcrypt plugin [ no ]. Requires the GNU Libgcrypt library.
--enable-ha
enable the high availability cluster plugin [ no ].
--enable-integrity-test
enable integrity testing of the daemon, libstrongswan and loaded plugins [ no ].
--enable-kernel-klips
enable the PFKEYv2 KLIPS kernel interface [ no ].
--enable-kernel-pfkey
enable the PFKEYv2 NETKEY kernel interface [ no ].
--enable-kernel-pfroute
enable the PF ROUTE kernel interface [ no ]. Required for FreeBSD and Mac OS X.
--enable-ldap
enable LDAP fetcher to fetch files (CRLs) from an LDAP server [ no ]. Requires OpenLDAP.
--enable-leak-detective
enable malloc hooks to find memory leaks [ no ].
--enable-led
enable plugin to control LEDs on IKEv2 activity [ no ].
--enable-load-tester
enable load testing plugin for IKEv2 daemon [ no ].
--enable-lock-profiler
enable lock/mutex profiling code [ no ].
--enable-manager
build the strongSwan manager web application [ no ]. See Manager.
--enable-medcli
enable mediation client web front end and daemon plugin [ no ].
--enable-mediation
enable IKEv2 Mediation Extension [ no ].
--enable-medsrv
enable mediation server web front end and daemon plugin [ no ].
--enable-md4
enable MD4 software implementation plugin. Required for eap-mschapv2 plugin [ no ].
--enable-monolithic
build monolithic version of libstrongswan, libhydra, and libcharon that includes all plugins [ no ].
--enable-mysql
enable MySQL database support [ no ]. Requires libmysqlclient_r.
--enable-nat-transport
enable NAT traversal with IPsec transport mode [ no ].
--enable-nm
enable the NetworkManager plugin [ no ].
--enable-openssl
enable the OpenSSL crypto plugin [ no ]. Requires libcrypto.so.0.9.8.
--enable-padlock
enable the padlock crypto plugin [ no ]. Requires a VIA Padlock crypto engine.
--enable-pkcs11
enable the PKCS11 crypto token support plugin [ no ].
--enable-smartcard
enable smartcard support [ no ].
--enable-smp
enable XML configuration and control interface [ no ]. Requires libxml. See SMP.
--enable-sql
enable SQL database configuration backend [ no ]. See SQL.
--enable-sqlite
enable SQLite database support [ no ]. Requires libsqlite3.
--enable-socket-dynamic
enable dynamic socket implementation for charon [ no ].
--enable-socket-raw
enable raw socket implementation for charon, enforced if pluto is enabled [ no ].
--enable-soup
enable soup fetcher plugin to fetch from HTTP URIs. [ no ]. Requires libsoup.
--enable-test-vectors
enable crypto test vectors plugin [ no ].
--enable-tnccs-11
enable TNCCS 1.1 protocol module [ no ]. Requires libxml2.
--enable-tnccs-20
enable TNCCS 2.0 protocol module [ no ].
--enable-tnccs-dynamic
enable dynamic TNCCS protocol discovery module [ no ].
--enable-tnc-imc
enable TNC IMC integrity measurement collector module [ no ].
-enable-tnc-imv
enable TNC IMV integrity measurement verifier module [ no ].
--enable-uci
enable the OpenWRT UCI configuration plugin [ no ].
--enable-unit-tests
enable unit tests on IKEv2 daemon startup [ no ].
--enable-vstr
enable the use of the Vstr string library to replace glibc-like printf hooks [ no ].
--enable-whitelist
enable peer identity whitelisting plugin [ no ].
--disable options¶
--disable-aes
disable default AES software implementation plugin [ no ].
--disable-attr
disable strongswan.conf based configuration of DNS and WINS server attributes [ no ].
This is a plugin for VPN gateways only, serving internal DNS and WINS nameserver information.
--disable-charon
disable the build of the IKEv2 keying daemon charon [ no ].
--disable-constraints
disable advanced X.509 constraint checking plugin [ no ].
--disable-des
disable default DES/3DES software implementation plugin [ no ].
--disable-dnskey
disable DNS RR key decoding plugin [ no ].
--disable-fips-prf
disable default FIPS PRF software implementation plugin [ no ].
--disable-gmp
disable default GNU Multi Precision (libgmp) based public key cryptography implementation plugin [ no ].
--disable-hmac
disable default HMAC crypto implementation plugin [ no ].
--disable-load-warning
disable the charon/pluto plugin load option warning in starter [ no ]
--disable-md5
disable default MD5 software implementation plugin [ no ].
--disable-pem
disable PEM decoding plugin [ no ].
--disable-pgp
disable PGP key decoding plugin [ no ].
--disable-pkcs1
disable PKCS1 key decoding plugin [ no ].
--disable-pluto
disable the build of the IKEv1 keying daemon pluto [ no ].
The IKEv2 keying daemon charon does not use a RAW socket, as only one daemon is running.
--disable-pubkey
disable default RAW public key support plugin [ no ].
--disable-random
disable default RNG implementation using the raw /dev/(u)random devices [ no ].
--disable-resolve
disable writing DNS information received via configuration payload to /etc/resolv.conf [ no ].
This is a plugin for VPN clients only.
--disable-revocation
disable X.509 CRL/OCSP revocation check plugin [ no ].
--disable-scripts
disable the build of additional utilities (found in directory scripts) [ no ].
--disable-sha1
disable default SHA-1 software implementation plugin [ no ].
--disable-sha2
disable default SHA-2 software implementation plugin [ no ].
--disable-stroke
disable charons stroke (pluto compatibility) configuration backend [ no ].
--disable-tools
disable the build of additional ipsec utilites (currently scepclient and openac) [ no ].
--disable-updown
disable the installation of the updown firewall scripts [ no ].
--disable-vendor-id
disable the sending of the strongSwan vendor ID [ no ].
--disable-xauth-vid
disable the sending of the XAUTH vendor ID [ no ].
--disable-x509
disable default X.509 certificate implementation plugin [ no ].
--disable-xcbc
disable default XCBC crypto implementation plugin [ no ].
--with options¶
--with-backenddir=DIR
path for pluggable configuration backend modules [ PLUGINDIR/backends ]
--with-capabilities=LIBCAP
capability dropping using libcap. Currently only the value libcap is supported [ no ].
--with-default-pkcs11=LIB
set the default PKCS11 library [ /usr/lib/opensc-pkcs11.so ].
--with-eapdir=DIR
path for pluggable EAP modules [ PLUGINDIR/eap ].
--with-group=GROUP
change group of the daemons to GROUP after startup [ root ].
--with-interfacedir=DIR
path for pluggable control interface modules [ PLUGINDIR/interfaces ].
--with-ipsecdir=IPSECDIR
installation path for ipsec tools [ LIBEXECDIR/ipsec ].
--with-linux-headers=DIR
linux header files to be used [ ../include ].
--with-piddir=DIR
path for PID and UNIX socket files [ /var/run ].
--with-plugindir=PLUGINDIR
installation path for plugins [ IPSECDIR/plugins ].
--with-random-device=DEV
set the device for true random data [ /dev/random ].
--with-resolv-conf=FILE
set the file to store DNS server information [ SYSCONFDIR/resolv.conf ].
--with-routing-table=NUM
routing table for IPsec source routes [ 220 ].
--with-routing-table-prio=PRIO
priority for IPsec routing table [ 220 ].
--with-sim-reader=LIB
library containing the sim_run_alg()/sim_get_triplet() function for EAP-SIM [].
--with-user=USER
change user of the daemons to USER after startup [ root ].
--with-urandom-device=DEV
set the device for pseudo random data [ /dev/urandom ].
--with-xauth-module=LIB
set the path to the XAUTH module [].