Project

General

Profile

Autoconf options for the most current strongSwan release » History » Version 11

Version 10 (Andreas Steffen, 07.04.2011 15:58) → Version 11/60 (Andreas Steffen, 07.04.2011 16:09)

h1. Autoconf options for strongSwan 4.5 releases

{{>toc}}

strongSwan can be built with the following _./configure_ options:

h2. --dir options

--prefix=PREFIX

p((. where to put installation [ _/usr/local_ ]. Most Linux distributions use _"/usr"_.

--libexecdir=LIBEXECDIR

p((. program executables [ _PREFIX/libexec_ ]

--sysconfdir=SYSCONFDIR

p((. where to put configuration files [ _PREFIX/etc_ ]. We strongly recommend _"/etc"_.

h2. --enable options

--enable-addrblock

p((. enable RFC 3779 address block constraint support plugin.

--enable-af-alg

p((. enable AF_ALG crypto interface to Linux Crypto API [ _no_ ].

--enable-agent

p((. enable the ssh-agent signing plugin [ _no_ ].

--enable-android

p((. enable the Android specific plugin [ _no_ ].

--enable-attr-sql

p((. enable the SQL based configuration attribute plugin [ _no_ ].
This is a plugin for VPN gateways only, serving virtual IP addresses

--enable-blowfish

p((. enable Blowfish software implementation plugin [ _no_ ].

--enable-ccm

p((. enable the CCM AEAD wrapper crypto plugin [ _no_ ].

--enable-cisco-quirks

p((. enable support of Cisco VPN client [ _no_ ].

--enable-conftest

p((. enforce Suite B conformance test framework [ _no_ ].

--enable-coupling

p((. enable plugin coupling peer certificates [ _no_ ].

--enable-curl

p((. enable plugin to fetch files (CRL/OCSP) via libcurl [ _no_ ]. Requires libcurl.

--enable-ctr

p((. enable the counter mode wrapper crypto plugin [ _no_ ].

--enable-dhcp

p((. enable DHCP-based attribute provider plugin. [ _no_ ].

--enable-dumm

p((. build the new UML test framework [ _no_ ]. See [[DynamicUmlMeshModeler|DUMM]].

--enable-duplicheck

p((. enable advanced duplicate checking plugin using liveness [ _no_ ].

--enable-eap-aka

p((. build AKA authentication module for EAP [ _no_ ].

--enable-eap-aka-3gpp2

p((. build EAP AKA backend module implementing 3GPP2 algorithm in software [ _no_ ]. Requires libgmp.

--enable-eap-gtc

p((. build PAM-based GTC authentication module for EAP [ _no_ ]

--enable-eap-identity

p((. build EAP module providing EAP-Identity helper [ _no_ ].

--enable-eap-md5

p((. build MD5 (CHAP) authentication module for EAP [ _no_ ].

--enable-eap-mschapv2

p((. build Microsoft CHAP version 2 authentication module for EAP [ _no_ ].

--enable-eap-peap

p((. enable EAP PEAP authentication plugin [ _no_ ].

--enable-eap-radius

p((. build RADIUS proxy authentication module for EAP [ _no_ ].

--enable-eap-sim

p((. build SIM authentication module for EAP [ _no_ ].

--enable-eap-sim-file

p((. build EAP-SIM back end based on a triplets file [ _no_ ]

---enable-eap-sim-pcsc

p((. build EAP-SIM back end based on a smartcard reader [ _no_ ]. Requires libpcsclite

-enable-eap-simaka
--enable-eap-simaka

p((. enable EAP-SIM/AKA backend [ _no_ ].

--enable-eap-simaka-pseudonym

p((. enable EAP-SIM/AKA pseudonym storage [ _no_ ].

--enable-eap-simaka-reauth

p((. enable EAP-SIM/AKA reauthentication data storage [ _no_ ].

--enable-eap-simaka-sql

p((. enable EAP-SIM/AKA backend based on a database [ _no_ ].

--enable-eap-tls

p((. enable EAP TLS authentication plugin [ _no_ ].

--enable-eap-tnc

p((. enable EAP TNC trusted network connect plugin [ _no_ ].

--enable-eap-ttls

p((. enable EAP TTLS authentication plugin [ _no_ ].

--enable-farp

p((. enable ARP-faking plugin that responds to ARP requests [ _no_ ].

--enable-fast

p((. build libfast (FastCGI Application Server w/ templates [ _no_ ]. See [[libfast]].

--enable-gcm

p((. enable the GCM AEAD wrapper crypto plugin [ _no_ ].

--enable-gcrypt

p((. enable the libgcrypt plugin [ _no_ ]. Requires the GNU Libgcrypt library.

--enable-ha

p((. enable the high availability cluster plugin [ _no_ ].

--enable-integrity-test

p((. enable [[IntegrityTest|integrity testing]] of the daemon, libstrongswan and loaded plugins [ _no_ ].

--enable-kernel-klips

p((. enable the PFKEYv2 KLIPS kernel interface [ _no_ ].

--enable-kernel-pfkey

p((. enable the PFKEYv2 NETKEY kernel interface [ _no_ ].

--enable-kernel-pfroute

p((. enable the PF ROUTE kernel interface [ _no_ ]. Required for FreeBSD and Mac OS X.

--enable-ldap

p((. enable LDAP fetcher to fetch files (CRLs) from an LDAP server [ _no_ ]. Requires OpenLDAP.

--enable-leak-detective

p((. enable malloc hooks to find memory leaks [ _no_ ].

--enable-led

p((. enable plugin to control LEDs on IKEv2 activity [ _no_ ].

--enable-load-tester

p((. enable load testing plugin for IKEv2 daemon [ _no_ ].

--enable-lock-profiler

p((. enable lock/mutex profiling code [ _no_ ].

--enable-manager

p((. build the strongSwan manager web application [ _no_ ]. See [[Manager]].

--enable-medcli

p((. enable mediation client web front end and daemon plugin [ _no_ ].

--enable-mediation

p((. enable IKEv2 Mediation Extension [ _no_ ].

--enable-medsrv

p((. enable mediation server web front end and daemon plugin [ _no_ ].

--enable-md4

p((. enable MD4 software implementation plugin. Required for eap-mschapv2 plugin [ _no_ ].

--enable-monolithic

p((. build monolithic version of libstrongswan, libhydra, and libcharon that includes all plugins [ _no_ ].

--enable-mysql

p((. enable MySQL database support [ _no_ ]. Requires libmysqlclient_r.

--enable-nat-transport

p((. enable NAT traversal with IPsec transport mode [ _no_ ].

--enable-nm

p((. enable the [[NetworkManager]] plugin [ _no_ ].

--enable-openssl

p((. enable the OpenSSL crypto plugin [ _no_ ]. Requires libcrypto.so.0.9.8.

--enable-padlock

p((. enable the padlock crypto plugin [ _no_ ]. Requires a VIA Padlock crypto engine.

--enable-pkcs11

p((. enable the PKCS11 crypto token support plugin [ _no_ ].

--enable-smartcard

p((. enable smartcard support [ _no_ ].

--enable-smp

p((. enable XML configuration and control interface [ _no_ ]. Requires libxml. See [[SMP]].

--enable-sql

p((. enable SQL database configuration backend [ _no_ ]. See [[SQL]].

--enable-sqlite

p((. enable SQLite database support [ _no_ ]. Requires libsqlite3.

--enable-socket-dynamic

p((. enable dynamic socket implementation for charon [ _no_ ].

--enable-socket-raw

p((. enable raw socket implementation for charon, enforced if pluto is enabled [ _no_ ].

--enable-soup

p((. enable soup fetcher plugin to fetch from HTTP URIs. [ _no_ ]. Requires libsoup.

--enable-test-vectors

p((. enable [[CryptoTest|crypto test]] vectors plugin [ _no_ ].

--enable-tnccs-11

p((. enable TNCCS 1.1 protocol module [ _no_ ]. Requires libxml2.

--enable-tnccs-20

p((. enable TNCCS 2.0 protocol module [ _no_ ].

--enable-tnccs-dynamic

p((. enable dynamic TNCCS protocol discovery module [ _no_ ].

--enable-tnc-imc

p((. enable TNC IMC integrity measurement collector module [ _no_ ].

-enable-tnc-imv

p((. enable TNC IMV integrity measurement verifier module [ _no_ ].

--enable-uci

p((. enable the OpenWRT UCI configuration plugin [ _no_ ].

--enable-unit-tests

p((. enable unit tests on IKEv2 daemon startup [ _no_ ].

--enable-vstr

p((. enable the use of the Vstr string library to replace glibc-like printf hooks [ _no_ ].

--enable-whitelist

p((. enable peer identity whitelisting plugin [ _no_ ].

h2. --disable options

--disable-aes

p((. disable default AES software implementation plugin [ _no_ ].

--disable-attr

p((. disable strongswan.conf based configuration of DNS and WINS server attributes [ _no_ ].
This is a plugin for VPN gateways only, serving internal DNS and WINS nameserver information.

--disable-charon

p((. disable the build of the IKEv2 keying daemon charon [ _no_ ].

--disable-constraints

p((. disable advanced X.509 constraint checking plugin [ _no_ ].

--disable-des

p((. disable default DES/3DES software implementation plugin [ _no_ ].

--disable-dnskey

p((. disable DNS RR key decoding plugin [ _no_ ].

--disable-fips-prf

p((. disable default FIPS PRF software implementation plugin [ _no_ ].

--disable-gmp

p((. disable default GNU Multi Precision (libgmp) based public key cryptography implementation plugin [ _no_ ].

--disable-hmac

p((. disable default HMAC crypto implementation plugin [ _no_ ].

--disable-load-warning

p((. disable the charon/pluto plugin load option warning in starter [ _no_ ]

--disable-md5

p((. disable default MD5 software implementation plugin [ _no_ ].

--disable-pem

p((. disable PEM decoding plugin [ _no_ ].

--disable-pgp

p((. disable PGP key decoding plugin [ _no_ ].

--disable-pkcs1

p((. disable PKCS1 key decoding plugin [ _no_ ].

--disable-pluto

p((. disable the build of the IKEv1 keying daemon pluto [ _no_ ].
The IKEv2 keying daemon charon does not use a RAW socket, as only one daemon is running.

--disable-pubkey

p((. disable default RAW public key support plugin [ _no_ ].

--disable-random

p((. disable default RNG implementation using the raw /dev/(u)random devices [ _no_ ].

--disable-resolve

p((. disable writing DNS information received via configuration payload to /etc/resolv.conf [ _no_ ].
This is a plugin for VPN clients only.

--disable-revocation

p((. disable X.509 CRL/OCSP revocation check plugin [ _no_ ].

--disable-scripts

p((. disable the build of additional utilities (found in directory scripts) [ _no_ ].

--disable-sha1

p((. disable default SHA-1 software implementation plugin [ _no_ ].

--disable-sha2

p((. disable default SHA-2 software implementation plugin [ _no_ ].

--disable-stroke

p((. disable charons stroke (pluto compatibility) configuration backend [ _no_ ].

--disable-tools

p((. disable the build of additional ipsec utilites (currently [[ScepClient|scepclient]] and [[OpenAc|openac]]) [ _no_ ].

--disable-updown

p((. disable the installation of the updown firewall scripts [ _no_ ].

--disable-vendor-id

p((. disable the sending of the strongSwan vendor ID [ _no_ ].

--disable-xauth-vid

p((. disable the sending of the XAUTH vendor ID [ _no_ ].

--disable-x509

p((. disable default X.509 certificate implementation plugin [ _no_ ].

--disable-xcbc

p((. disable default XCBC crypto implementation plugin [ _no_ ].

h2. --with options

--with-backenddir=DIR

p((. path for pluggable configuration backend modules [ _PLUGINDIR/backends_ ]

--with-capabilities=LIBCAP

p((. capability dropping using libcap. Currently only the value _libcap_ is supported [ _no_ ].

--with-default-pkcs11=LIB

p((. set the default PKCS11 library [ _/usr/lib/opensc-pkcs11.so_ ].

--with-eapdir=DIR

p((. path for pluggable EAP modules [ _PLUGINDIR/eap_ ].

--with-group=GROUP

p((. [[nonRoot|change group]] of the daemons to GROUP after startup [ _root_ ].

--with-interfacedir=DIR

p((. path for pluggable control interface modules [ _PLUGINDIR/interfaces_ ].

--with-ipsecdir=IPSECDIR

p((. installation path for ipsec tools [ _LIBEXECDIR/ipsec_ ].

--with-linux-headers=DIR

p((. linux header files to be used [ _../include_ ].

--with-piddir=DIR

p((. path for PID and UNIX socket files [ _/var/run_ ].

--with-plugindir=PLUGINDIR

p((. installation path for plugins [ _IPSECDIR/plugins_ ].

--with-random-device=DEV

p((. set the device for true random data [ _/dev/random_ ].

--with-resolv-conf=FILE

p((. set the file to store DNS server information [ _SYSCONFDIR/resolv.conf_ ].

--with-routing-table=NUM

p((. routing table for IPsec source routes [ _220_ ].

--with-routing-table-prio=PRIO

p((. priority for IPsec routing table [ _220_ ].

--with-sim-reader=LIB

p((. library containing the sim_run_alg()/sim_get_triplet() function for EAP-SIM [].

--with-user=USER

p((. [[nonRoot|change user]] of the daemons to USER after startup [ _root_ ].

--with-urandom-device=DEV

p((. set the device for pseudo random data [ _/dev/urandom_ ].

--with-xauth-module=LIB

p((. set the path to the XAUTH module [].