Autoconf options for the most current strongSwan release » History » Version 11
Version 10 (Andreas Steffen, 07.04.2011 15:58) → Version 11/60 (Andreas Steffen, 07.04.2011 16:09)
h1. Autoconf options for strongSwan 4.5 releases
{{>toc}}
strongSwan can be built with the following _./configure_ options:
h2. --dir options
--prefix=PREFIX
p((. where to put installation [ _/usr/local_ ]. Most Linux distributions use _"/usr"_.
--libexecdir=LIBEXECDIR
p((. program executables [ _PREFIX/libexec_ ]
--sysconfdir=SYSCONFDIR
p((. where to put configuration files [ _PREFIX/etc_ ]. We strongly recommend _"/etc"_.
h2. --enable options
--enable-addrblock
p((. enable RFC 3779 address block constraint support plugin.
--enable-af-alg
p((. enable AF_ALG crypto interface to Linux Crypto API [ _no_ ].
--enable-agent
p((. enable the ssh-agent signing plugin [ _no_ ].
--enable-android
p((. enable the Android specific plugin [ _no_ ].
--enable-attr-sql
p((. enable the SQL based configuration attribute plugin [ _no_ ].
This is a plugin for VPN gateways only, serving virtual IP addresses
--enable-blowfish
p((. enable Blowfish software implementation plugin [ _no_ ].
--enable-ccm
p((. enable the CCM AEAD wrapper crypto plugin [ _no_ ].
--enable-cisco-quirks
p((. enable support of Cisco VPN client [ _no_ ].
--enable-conftest
p((. enforce Suite B conformance test framework [ _no_ ].
--enable-coupling
p((. enable plugin coupling peer certificates [ _no_ ].
--enable-curl
p((. enable plugin to fetch files (CRL/OCSP) via libcurl [ _no_ ]. Requires libcurl.
--enable-ctr
p((. enable the counter mode wrapper crypto plugin [ _no_ ].
--enable-dhcp
p((. enable DHCP-based attribute provider plugin. [ _no_ ].
--enable-dumm
p((. build the new UML test framework [ _no_ ]. See [[DynamicUmlMeshModeler|DUMM]].
--enable-duplicheck
p((. enable advanced duplicate checking plugin using liveness [ _no_ ].
--enable-eap-aka
p((. build AKA authentication module for EAP [ _no_ ].
--enable-eap-aka-3gpp2
p((. build EAP AKA backend module implementing 3GPP2 algorithm in software [ _no_ ]. Requires libgmp.
--enable-eap-gtc
p((. build PAM-based GTC authentication module for EAP [ _no_ ]
--enable-eap-identity
p((. build EAP module providing EAP-Identity helper [ _no_ ].
--enable-eap-md5
p((. build MD5 (CHAP) authentication module for EAP [ _no_ ].
--enable-eap-mschapv2
p((. build Microsoft CHAP version 2 authentication module for EAP [ _no_ ].
--enable-eap-peap
p((. enable EAP PEAP authentication plugin [ _no_ ].
--enable-eap-radius
p((. build RADIUS proxy authentication module for EAP [ _no_ ].
--enable-eap-sim
p((. build SIM authentication module for EAP [ _no_ ].
--enable-eap-sim-file
p((. build EAP-SIM back end based on a triplets file [ _no_ ]
---enable-eap-sim-pcsc
p((. build EAP-SIM back end based on a smartcard reader [ _no_ ]. Requires libpcsclite
-enable-eap-simaka --enable-eap-simaka
p((. enable EAP-SIM/AKA backend [ _no_ ].
--enable-eap-simaka-pseudonym
p((. enable EAP-SIM/AKA pseudonym storage [ _no_ ].
--enable-eap-simaka-reauth
p((. enable EAP-SIM/AKA reauthentication data storage [ _no_ ].
--enable-eap-simaka-sql
p((. enable EAP-SIM/AKA backend based on a database [ _no_ ].
--enable-eap-tls
p((. enable EAP TLS authentication plugin [ _no_ ].
--enable-eap-tnc
p((. enable EAP TNC trusted network connect plugin [ _no_ ].
--enable-eap-ttls
p((. enable EAP TTLS authentication plugin [ _no_ ].
--enable-farp
p((. enable ARP-faking plugin that responds to ARP requests [ _no_ ].
--enable-fast
p((. build libfast (FastCGI Application Server w/ templates [ _no_ ]. See [[libfast]].
--enable-gcm
p((. enable the GCM AEAD wrapper crypto plugin [ _no_ ].
--enable-gcrypt
p((. enable the libgcrypt plugin [ _no_ ]. Requires the GNU Libgcrypt library.
--enable-ha
p((. enable the high availability cluster plugin [ _no_ ].
--enable-integrity-test
p((. enable [[IntegrityTest|integrity testing]] of the daemon, libstrongswan and loaded plugins [ _no_ ].
--enable-kernel-klips
p((. enable the PFKEYv2 KLIPS kernel interface [ _no_ ].
--enable-kernel-pfkey
p((. enable the PFKEYv2 NETKEY kernel interface [ _no_ ].
--enable-kernel-pfroute
p((. enable the PF ROUTE kernel interface [ _no_ ]. Required for FreeBSD and Mac OS X.
--enable-ldap
p((. enable LDAP fetcher to fetch files (CRLs) from an LDAP server [ _no_ ]. Requires OpenLDAP.
--enable-leak-detective
p((. enable malloc hooks to find memory leaks [ _no_ ].
--enable-led
p((. enable plugin to control LEDs on IKEv2 activity [ _no_ ].
--enable-load-tester
p((. enable load testing plugin for IKEv2 daemon [ _no_ ].
--enable-lock-profiler
p((. enable lock/mutex profiling code [ _no_ ].
--enable-manager
p((. build the strongSwan manager web application [ _no_ ]. See [[Manager]].
--enable-medcli
p((. enable mediation client web front end and daemon plugin [ _no_ ].
--enable-mediation
p((. enable IKEv2 Mediation Extension [ _no_ ].
--enable-medsrv
p((. enable mediation server web front end and daemon plugin [ _no_ ].
--enable-md4
p((. enable MD4 software implementation plugin. Required for eap-mschapv2 plugin [ _no_ ].
--enable-monolithic
p((. build monolithic version of libstrongswan, libhydra, and libcharon that includes all plugins [ _no_ ].
--enable-mysql
p((. enable MySQL database support [ _no_ ]. Requires libmysqlclient_r.
--enable-nat-transport
p((. enable NAT traversal with IPsec transport mode [ _no_ ].
--enable-nm
p((. enable the [[NetworkManager]] plugin [ _no_ ].
--enable-openssl
p((. enable the OpenSSL crypto plugin [ _no_ ]. Requires libcrypto.so.0.9.8.
--enable-padlock
p((. enable the padlock crypto plugin [ _no_ ]. Requires a VIA Padlock crypto engine.
--enable-pkcs11
p((. enable the PKCS11 crypto token support plugin [ _no_ ].
--enable-smartcard
p((. enable smartcard support [ _no_ ].
--enable-smp
p((. enable XML configuration and control interface [ _no_ ]. Requires libxml. See [[SMP]].
--enable-sql
p((. enable SQL database configuration backend [ _no_ ]. See [[SQL]].
--enable-sqlite
p((. enable SQLite database support [ _no_ ]. Requires libsqlite3.
--enable-socket-dynamic
p((. enable dynamic socket implementation for charon [ _no_ ].
--enable-socket-raw
p((. enable raw socket implementation for charon, enforced if pluto is enabled [ _no_ ].
--enable-soup
p((. enable soup fetcher plugin to fetch from HTTP URIs. [ _no_ ]. Requires libsoup.
--enable-test-vectors
p((. enable [[CryptoTest|crypto test]] vectors plugin [ _no_ ].
--enable-tnccs-11
p((. enable TNCCS 1.1 protocol module [ _no_ ]. Requires libxml2.
--enable-tnccs-20
p((. enable TNCCS 2.0 protocol module [ _no_ ].
--enable-tnccs-dynamic
p((. enable dynamic TNCCS protocol discovery module [ _no_ ].
--enable-tnc-imc
p((. enable TNC IMC integrity measurement collector module [ _no_ ].
-enable-tnc-imv
p((. enable TNC IMV integrity measurement verifier module [ _no_ ].
--enable-uci
p((. enable the OpenWRT UCI configuration plugin [ _no_ ].
--enable-unit-tests
p((. enable unit tests on IKEv2 daemon startup [ _no_ ].
--enable-vstr
p((. enable the use of the Vstr string library to replace glibc-like printf hooks [ _no_ ].
--enable-whitelist
p((. enable peer identity whitelisting plugin [ _no_ ].
h2. --disable options
--disable-aes
p((. disable default AES software implementation plugin [ _no_ ].
--disable-attr
p((. disable strongswan.conf based configuration of DNS and WINS server attributes [ _no_ ].
This is a plugin for VPN gateways only, serving internal DNS and WINS nameserver information.
--disable-charon
p((. disable the build of the IKEv2 keying daemon charon [ _no_ ].
--disable-constraints
p((. disable advanced X.509 constraint checking plugin [ _no_ ].
--disable-des
p((. disable default DES/3DES software implementation plugin [ _no_ ].
--disable-dnskey
p((. disable DNS RR key decoding plugin [ _no_ ].
--disable-fips-prf
p((. disable default FIPS PRF software implementation plugin [ _no_ ].
--disable-gmp
p((. disable default GNU Multi Precision (libgmp) based public key cryptography implementation plugin [ _no_ ].
--disable-hmac
p((. disable default HMAC crypto implementation plugin [ _no_ ].
--disable-load-warning
p((. disable the charon/pluto plugin load option warning in starter [ _no_ ]
--disable-md5
p((. disable default MD5 software implementation plugin [ _no_ ].
--disable-pem
p((. disable PEM decoding plugin [ _no_ ].
--disable-pgp
p((. disable PGP key decoding plugin [ _no_ ].
--disable-pkcs1
p((. disable PKCS1 key decoding plugin [ _no_ ].
--disable-pluto
p((. disable the build of the IKEv1 keying daemon pluto [ _no_ ].
The IKEv2 keying daemon charon does not use a RAW socket, as only one daemon is running.
--disable-pubkey
p((. disable default RAW public key support plugin [ _no_ ].
--disable-random
p((. disable default RNG implementation using the raw /dev/(u)random devices [ _no_ ].
--disable-resolve
p((. disable writing DNS information received via configuration payload to /etc/resolv.conf [ _no_ ].
This is a plugin for VPN clients only.
--disable-revocation
p((. disable X.509 CRL/OCSP revocation check plugin [ _no_ ].
--disable-scripts
p((. disable the build of additional utilities (found in directory scripts) [ _no_ ].
--disable-sha1
p((. disable default SHA-1 software implementation plugin [ _no_ ].
--disable-sha2
p((. disable default SHA-2 software implementation plugin [ _no_ ].
--disable-stroke
p((. disable charons stroke (pluto compatibility) configuration backend [ _no_ ].
--disable-tools
p((. disable the build of additional ipsec utilites (currently [[ScepClient|scepclient]] and [[OpenAc|openac]]) [ _no_ ].
--disable-updown
p((. disable the installation of the updown firewall scripts [ _no_ ].
--disable-vendor-id
p((. disable the sending of the strongSwan vendor ID [ _no_ ].
--disable-xauth-vid
p((. disable the sending of the XAUTH vendor ID [ _no_ ].
--disable-x509
p((. disable default X.509 certificate implementation plugin [ _no_ ].
--disable-xcbc
p((. disable default XCBC crypto implementation plugin [ _no_ ].
h2. --with options
--with-backenddir=DIR
p((. path for pluggable configuration backend modules [ _PLUGINDIR/backends_ ]
--with-capabilities=LIBCAP
p((. capability dropping using libcap. Currently only the value _libcap_ is supported [ _no_ ].
--with-default-pkcs11=LIB
p((. set the default PKCS11 library [ _/usr/lib/opensc-pkcs11.so_ ].
--with-eapdir=DIR
p((. path for pluggable EAP modules [ _PLUGINDIR/eap_ ].
--with-group=GROUP
p((. [[nonRoot|change group]] of the daemons to GROUP after startup [ _root_ ].
--with-interfacedir=DIR
p((. path for pluggable control interface modules [ _PLUGINDIR/interfaces_ ].
--with-ipsecdir=IPSECDIR
p((. installation path for ipsec tools [ _LIBEXECDIR/ipsec_ ].
--with-linux-headers=DIR
p((. linux header files to be used [ _../include_ ].
--with-piddir=DIR
p((. path for PID and UNIX socket files [ _/var/run_ ].
--with-plugindir=PLUGINDIR
p((. installation path for plugins [ _IPSECDIR/plugins_ ].
--with-random-device=DEV
p((. set the device for true random data [ _/dev/random_ ].
--with-resolv-conf=FILE
p((. set the file to store DNS server information [ _SYSCONFDIR/resolv.conf_ ].
--with-routing-table=NUM
p((. routing table for IPsec source routes [ _220_ ].
--with-routing-table-prio=PRIO
p((. priority for IPsec routing table [ _220_ ].
--with-sim-reader=LIB
p((. library containing the sim_run_alg()/sim_get_triplet() function for EAP-SIM [].
--with-user=USER
p((. [[nonRoot|change user]] of the daemons to USER after startup [ _root_ ].
--with-urandom-device=DEV
p((. set the device for pseudo random data [ _/dev/urandom_ ].
--with-xauth-module=LIB
p((. set the path to the XAUTH module [].
{{>toc}}
strongSwan can be built with the following _./configure_ options:
h2. --dir options
--prefix=PREFIX
p((. where to put installation [ _/usr/local_ ]. Most Linux distributions use _"/usr"_.
--libexecdir=LIBEXECDIR
p((. program executables [ _PREFIX/libexec_ ]
--sysconfdir=SYSCONFDIR
p((. where to put configuration files [ _PREFIX/etc_ ]. We strongly recommend _"/etc"_.
h2. --enable options
--enable-addrblock
p((. enable RFC 3779 address block constraint support plugin.
--enable-af-alg
p((. enable AF_ALG crypto interface to Linux Crypto API [ _no_ ].
--enable-agent
p((. enable the ssh-agent signing plugin [ _no_ ].
--enable-android
p((. enable the Android specific plugin [ _no_ ].
--enable-attr-sql
p((. enable the SQL based configuration attribute plugin [ _no_ ].
This is a plugin for VPN gateways only, serving virtual IP addresses
--enable-blowfish
p((. enable Blowfish software implementation plugin [ _no_ ].
--enable-ccm
p((. enable the CCM AEAD wrapper crypto plugin [ _no_ ].
--enable-cisco-quirks
p((. enable support of Cisco VPN client [ _no_ ].
--enable-conftest
p((. enforce Suite B conformance test framework [ _no_ ].
--enable-coupling
p((. enable plugin coupling peer certificates [ _no_ ].
--enable-curl
p((. enable plugin to fetch files (CRL/OCSP) via libcurl [ _no_ ]. Requires libcurl.
--enable-ctr
p((. enable the counter mode wrapper crypto plugin [ _no_ ].
--enable-dhcp
p((. enable DHCP-based attribute provider plugin. [ _no_ ].
--enable-dumm
p((. build the new UML test framework [ _no_ ]. See [[DynamicUmlMeshModeler|DUMM]].
--enable-duplicheck
p((. enable advanced duplicate checking plugin using liveness [ _no_ ].
--enable-eap-aka
p((. build AKA authentication module for EAP [ _no_ ].
--enable-eap-aka-3gpp2
p((. build EAP AKA backend module implementing 3GPP2 algorithm in software [ _no_ ]. Requires libgmp.
--enable-eap-gtc
p((. build PAM-based GTC authentication module for EAP [ _no_ ]
--enable-eap-identity
p((. build EAP module providing EAP-Identity helper [ _no_ ].
--enable-eap-md5
p((. build MD5 (CHAP) authentication module for EAP [ _no_ ].
--enable-eap-mschapv2
p((. build Microsoft CHAP version 2 authentication module for EAP [ _no_ ].
--enable-eap-peap
p((. enable EAP PEAP authentication plugin [ _no_ ].
--enable-eap-radius
p((. build RADIUS proxy authentication module for EAP [ _no_ ].
--enable-eap-sim
p((. build SIM authentication module for EAP [ _no_ ].
--enable-eap-sim-file
p((. build EAP-SIM back end based on a triplets file [ _no_ ]
---enable-eap-sim-pcsc
p((. build EAP-SIM back end based on a smartcard reader [ _no_ ]. Requires libpcsclite
-enable-eap-simaka --enable-eap-simaka
p((. enable EAP-SIM/AKA backend [ _no_ ].
--enable-eap-simaka-pseudonym
p((. enable EAP-SIM/AKA pseudonym storage [ _no_ ].
--enable-eap-simaka-reauth
p((. enable EAP-SIM/AKA reauthentication data storage [ _no_ ].
--enable-eap-simaka-sql
p((. enable EAP-SIM/AKA backend based on a database [ _no_ ].
--enable-eap-tls
p((. enable EAP TLS authentication plugin [ _no_ ].
--enable-eap-tnc
p((. enable EAP TNC trusted network connect plugin [ _no_ ].
--enable-eap-ttls
p((. enable EAP TTLS authentication plugin [ _no_ ].
--enable-farp
p((. enable ARP-faking plugin that responds to ARP requests [ _no_ ].
--enable-fast
p((. build libfast (FastCGI Application Server w/ templates [ _no_ ]. See [[libfast]].
--enable-gcm
p((. enable the GCM AEAD wrapper crypto plugin [ _no_ ].
--enable-gcrypt
p((. enable the libgcrypt plugin [ _no_ ]. Requires the GNU Libgcrypt library.
--enable-ha
p((. enable the high availability cluster plugin [ _no_ ].
--enable-integrity-test
p((. enable [[IntegrityTest|integrity testing]] of the daemon, libstrongswan and loaded plugins [ _no_ ].
--enable-kernel-klips
p((. enable the PFKEYv2 KLIPS kernel interface [ _no_ ].
--enable-kernel-pfkey
p((. enable the PFKEYv2 NETKEY kernel interface [ _no_ ].
--enable-kernel-pfroute
p((. enable the PF ROUTE kernel interface [ _no_ ]. Required for FreeBSD and Mac OS X.
--enable-ldap
p((. enable LDAP fetcher to fetch files (CRLs) from an LDAP server [ _no_ ]. Requires OpenLDAP.
--enable-leak-detective
p((. enable malloc hooks to find memory leaks [ _no_ ].
--enable-led
p((. enable plugin to control LEDs on IKEv2 activity [ _no_ ].
--enable-load-tester
p((. enable load testing plugin for IKEv2 daemon [ _no_ ].
--enable-lock-profiler
p((. enable lock/mutex profiling code [ _no_ ].
--enable-manager
p((. build the strongSwan manager web application [ _no_ ]. See [[Manager]].
--enable-medcli
p((. enable mediation client web front end and daemon plugin [ _no_ ].
--enable-mediation
p((. enable IKEv2 Mediation Extension [ _no_ ].
--enable-medsrv
p((. enable mediation server web front end and daemon plugin [ _no_ ].
--enable-md4
p((. enable MD4 software implementation plugin. Required for eap-mschapv2 plugin [ _no_ ].
--enable-monolithic
p((. build monolithic version of libstrongswan, libhydra, and libcharon that includes all plugins [ _no_ ].
--enable-mysql
p((. enable MySQL database support [ _no_ ]. Requires libmysqlclient_r.
--enable-nat-transport
p((. enable NAT traversal with IPsec transport mode [ _no_ ].
--enable-nm
p((. enable the [[NetworkManager]] plugin [ _no_ ].
--enable-openssl
p((. enable the OpenSSL crypto plugin [ _no_ ]. Requires libcrypto.so.0.9.8.
--enable-padlock
p((. enable the padlock crypto plugin [ _no_ ]. Requires a VIA Padlock crypto engine.
--enable-pkcs11
p((. enable the PKCS11 crypto token support plugin [ _no_ ].
--enable-smartcard
p((. enable smartcard support [ _no_ ].
--enable-smp
p((. enable XML configuration and control interface [ _no_ ]. Requires libxml. See [[SMP]].
--enable-sql
p((. enable SQL database configuration backend [ _no_ ]. See [[SQL]].
--enable-sqlite
p((. enable SQLite database support [ _no_ ]. Requires libsqlite3.
--enable-socket-dynamic
p((. enable dynamic socket implementation for charon [ _no_ ].
--enable-socket-raw
p((. enable raw socket implementation for charon, enforced if pluto is enabled [ _no_ ].
--enable-soup
p((. enable soup fetcher plugin to fetch from HTTP URIs. [ _no_ ]. Requires libsoup.
--enable-test-vectors
p((. enable [[CryptoTest|crypto test]] vectors plugin [ _no_ ].
--enable-tnccs-11
p((. enable TNCCS 1.1 protocol module [ _no_ ]. Requires libxml2.
--enable-tnccs-20
p((. enable TNCCS 2.0 protocol module [ _no_ ].
--enable-tnccs-dynamic
p((. enable dynamic TNCCS protocol discovery module [ _no_ ].
--enable-tnc-imc
p((. enable TNC IMC integrity measurement collector module [ _no_ ].
-enable-tnc-imv
p((. enable TNC IMV integrity measurement verifier module [ _no_ ].
--enable-uci
p((. enable the OpenWRT UCI configuration plugin [ _no_ ].
--enable-unit-tests
p((. enable unit tests on IKEv2 daemon startup [ _no_ ].
--enable-vstr
p((. enable the use of the Vstr string library to replace glibc-like printf hooks [ _no_ ].
--enable-whitelist
p((. enable peer identity whitelisting plugin [ _no_ ].
h2. --disable options
--disable-aes
p((. disable default AES software implementation plugin [ _no_ ].
--disable-attr
p((. disable strongswan.conf based configuration of DNS and WINS server attributes [ _no_ ].
This is a plugin for VPN gateways only, serving internal DNS and WINS nameserver information.
--disable-charon
p((. disable the build of the IKEv2 keying daemon charon [ _no_ ].
--disable-constraints
p((. disable advanced X.509 constraint checking plugin [ _no_ ].
--disable-des
p((. disable default DES/3DES software implementation plugin [ _no_ ].
--disable-dnskey
p((. disable DNS RR key decoding plugin [ _no_ ].
--disable-fips-prf
p((. disable default FIPS PRF software implementation plugin [ _no_ ].
--disable-gmp
p((. disable default GNU Multi Precision (libgmp) based public key cryptography implementation plugin [ _no_ ].
--disable-hmac
p((. disable default HMAC crypto implementation plugin [ _no_ ].
--disable-load-warning
p((. disable the charon/pluto plugin load option warning in starter [ _no_ ]
--disable-md5
p((. disable default MD5 software implementation plugin [ _no_ ].
--disable-pem
p((. disable PEM decoding plugin [ _no_ ].
--disable-pgp
p((. disable PGP key decoding plugin [ _no_ ].
--disable-pkcs1
p((. disable PKCS1 key decoding plugin [ _no_ ].
--disable-pluto
p((. disable the build of the IKEv1 keying daemon pluto [ _no_ ].
The IKEv2 keying daemon charon does not use a RAW socket, as only one daemon is running.
--disable-pubkey
p((. disable default RAW public key support plugin [ _no_ ].
--disable-random
p((. disable default RNG implementation using the raw /dev/(u)random devices [ _no_ ].
--disable-resolve
p((. disable writing DNS information received via configuration payload to /etc/resolv.conf [ _no_ ].
This is a plugin for VPN clients only.
--disable-revocation
p((. disable X.509 CRL/OCSP revocation check plugin [ _no_ ].
--disable-scripts
p((. disable the build of additional utilities (found in directory scripts) [ _no_ ].
--disable-sha1
p((. disable default SHA-1 software implementation plugin [ _no_ ].
--disable-sha2
p((. disable default SHA-2 software implementation plugin [ _no_ ].
--disable-stroke
p((. disable charons stroke (pluto compatibility) configuration backend [ _no_ ].
--disable-tools
p((. disable the build of additional ipsec utilites (currently [[ScepClient|scepclient]] and [[OpenAc|openac]]) [ _no_ ].
--disable-updown
p((. disable the installation of the updown firewall scripts [ _no_ ].
--disable-vendor-id
p((. disable the sending of the strongSwan vendor ID [ _no_ ].
--disable-xauth-vid
p((. disable the sending of the XAUTH vendor ID [ _no_ ].
--disable-x509
p((. disable default X.509 certificate implementation plugin [ _no_ ].
--disable-xcbc
p((. disable default XCBC crypto implementation plugin [ _no_ ].
h2. --with options
--with-backenddir=DIR
p((. path for pluggable configuration backend modules [ _PLUGINDIR/backends_ ]
--with-capabilities=LIBCAP
p((. capability dropping using libcap. Currently only the value _libcap_ is supported [ _no_ ].
--with-default-pkcs11=LIB
p((. set the default PKCS11 library [ _/usr/lib/opensc-pkcs11.so_ ].
--with-eapdir=DIR
p((. path for pluggable EAP modules [ _PLUGINDIR/eap_ ].
--with-group=GROUP
p((. [[nonRoot|change group]] of the daemons to GROUP after startup [ _root_ ].
--with-interfacedir=DIR
p((. path for pluggable control interface modules [ _PLUGINDIR/interfaces_ ].
--with-ipsecdir=IPSECDIR
p((. installation path for ipsec tools [ _LIBEXECDIR/ipsec_ ].
--with-linux-headers=DIR
p((. linux header files to be used [ _../include_ ].
--with-piddir=DIR
p((. path for PID and UNIX socket files [ _/var/run_ ].
--with-plugindir=PLUGINDIR
p((. installation path for plugins [ _IPSECDIR/plugins_ ].
--with-random-device=DEV
p((. set the device for true random data [ _/dev/random_ ].
--with-resolv-conf=FILE
p((. set the file to store DNS server information [ _SYSCONFDIR/resolv.conf_ ].
--with-routing-table=NUM
p((. routing table for IPsec source routes [ _220_ ].
--with-routing-table-prio=PRIO
p((. priority for IPsec routing table [ _220_ ].
--with-sim-reader=LIB
p((. library containing the sim_run_alg()/sim_get_triplet() function for EAP-SIM [].
--with-user=USER
p((. [[nonRoot|change user]] of the daemons to USER after startup [ _root_ ].
--with-urandom-device=DEV
p((. set the device for pseudo random data [ _/dev/urandom_ ].
--with-xauth-module=LIB
p((. set the path to the XAUTH module [].