Autoconf options for the most current strongSwan release » History » Version 23
« Previous -
Version 23/60
(diff) -
Next » -
Current version
Tobias Brunner, 31.01.2013 12:07
Autoconf options for strongSwan 5.0 releases¶
- Table of contents
- Autoconf options for strongSwan 5.0 releases
Please note: This page documents the ./configure options for the most current release. Therefore, you should always use ./configure --help to check which options are actually available for the release you are using.
--dir options¶
Some directories can be configure through --with options.
--prefix=PREFIX
where to put installation [ /usr/local ]. Most Linux distributions use "/usr".
--libexecdir=LIBEXECDIR
program executables [ PREFIX/libexec ]
--libdir=LIBDIR
shared libraries [ PREFIX/lib ]
--sysconfdir=SYSCONFDIR
where to put configuration files [ PREFIX/etc ]. We strongly recommend "/etc".
--enable options¶
The plugin list provides more information on specific plugins.
--enable-addrblock
enable RFC 3779 address block constraint support plugin.
--enable-af-alg
enable AF_ALG crypto interface to Linux Crypto API [ no ].
--enable-agent
enable the ssh-agent signing plugin [ no ].
--enable-android
enable Android specific plugin [ no ].
--enable-android-log
enable Android specific logger plugin [ no ].
--enable-attr-sql
enable the SQL based configuration attribute plugin [ no ].
This is a plugin for VPN gateways only, serving virtual IP addresses
--enable-blowfish
enable Blowfish software implementation plugin [ no ].
--enable-ccm
enable the CCM AEAD wrapper crypto plugin [ no ].
--enable-certexpire
enable CSV export of expiration dates of used certificates [ no ].
--enable-conftest
enforce Suite B conformance test framework [ no ].
--enable-coupling
enable IKEv2 plugin to couple peer certificates permanently to authentication [ no ].
--enable-ctr
enable the counter mode wrapper crypto plugin [ no ].
--enable-curl
enable plugin to fetch files (CRL/OCSP) via libcurl [ no ]. Requires libcurl.
--enable-dhcp
enable DHCP based attribute provider plugin. [ no ].
--enable-dumm
build the new UML test framework [ no ]. See DUMM.
--enable-duplicheck
enable advanced duplicate checking plugin using liveness checks [ no ].
--enable-eap-aka
build EAP AKA authentication module [ no ].
--enable-eap-aka-3gpp2
build EAP AKA backend module implementing 3GPP2 algorithm in software [ no ]. Requires libgmp.
--enable-eap-dynamic
build dynamic EAP proxy module [ no ].
--enable-eap-gtc
build EAP GTC authentication module [ no ].
--enable-eap-identity
build EAP module providing EAP-Identity helper [ no ].
--enable-eap-md5
build EAP MD5 (CHAP) authentication module [ no ].
--enable-eap-mschapv2
enable EAP MS-CHAPv2 authentication module [ no ].
--enable-eap-peap
enable EAP PEAP authentication plugin [ no ].
--enable-eap-radius
enable RADIUS proxy authentication module for EAP [ no ].
--enable-eap-sim
enable EAP-SIM authentication module [ no ].
--enable-eap-sim-file
enable EAP-SIM back end based on a triplets file [ no ].
--enable-eap-sim-pcsc
enable EAP-SIM back end based on a smartcard reader [ no ]. Requires libpcsclite.
--enable-eap-simaka-pseudonym
enable EAP-SIM/AKA pseudonym storage [ no ].
--enable-eap-simaka-reauth
enable EAP-SIM/AKA reauthentication data storage [ no ].
--enable-eap-simaka-sql
enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database [ no ].
--enable-eap-tls
enable EAP TLS authentication plugin [ no ].
--enable-eap-tnc
enable EAP TNC trusted network connect plugin [ no ].
--enable-eap-ttls
enable EAP TTLS authentication plugin [ no ].
--enable-error-notify
enable error notification plugin [ no ].
--enable-farp
enable ARP faking plugin that responds to ARP requests for virtual IPs assigned to peers [ no ].
--enable-fast
build libfast (FastCGI Application Server w/ templates) [ no ]. See libfast.
--enable-gcm
enable the GCM AEAD wrapper crypto plugin [ no ].
--enable-gcrypt
enable the libgcrypt plugin [ no ]. Requires the GNU Libgcrypt library.
--enable-ha
enable the high availability cluster plugin [ no ].
--enable-imc-attestation
enable IMC attestation module [ no ].
--enable-imc-os
enable IMC operating system module [ no ].
--enable-imc-scanner
enable IMC port scanner module [ no ].
--enable-imc-test
enable IMC test module [ no ].
--enable-imv-attestation
enable IMV attestation module [ no ].
--enable-imv-os
enable IMV operating system module [ no ].
--enable-imv-scanner
enable IMV port scanner module [ no ].
--enable-imv-test
enable IMV test module [ no ].
--enable-integrity-test
enable integrity testing of the daemon, libraries and loaded plugins [ no ].
--enable-kernel-klips
enable the PF_KEYv2 KLIPS kernel interface [ no ].
--enable-kernel-pfkey
enable the PF_KEYv2 NETKEY kernel interface [ no ].
--enable-kernel-pfroute
enable the PF_ROUTE kernel interface [ no ]. Required for FreeBSD and Mac OS X.
--enable-libipsec
enable user space IPsec implementation [ no ].
--enable-ldap
enable LDAP fetcher to fetch files (CRLs) from an LDAP server [ no ]. Requires OpenLDAP.
--enable-leak-detective
enable malloc hooks to find memory leaks [ no ].
--enable-led
enable plugin to control LEDs on IKEv2 activity using the Linux kernel LED subsystem [ no ].
--enable-load-tester
enable load testing plugin for IKEv2 daemon [ no ].
--enable-lock-profiler
enable lock/mutex profiling code [ no ].
--enable-lookip
enable fast virtual IP lookup and notification plugin [ no ].
--enable-maemo
enable the Maemo specific plugin [ no ].
--enable-manager
build the strongSwan manager web application [ no ]. See Manager.
--enable-md4
enable MD4 software implementation plugin. Required for eap-mschapv2 plugin [ no ].
--enable-medcli
enable mediation client web front end and daemon plugin [ no ].
--enable-mediation
enable IKEv2 Mediation Extension [ no ].
--enable-medsrv
enable mediation server web front end and daemon plugin [ no ].
--enable-monolithic
build monolithic versions of libstrongswan, libhydra, and libcharon that include all enabled plugins [ no ].
--enable-mysql
enable MySQL database support [ no ]. Requires libmysqlclient_r.
--enable-nm
enable the NetworkManager backend [ no ].
--enable-openssl
enable the OpenSSL crypto plugin [ no ]. Requires libcrypto.so.0.9.8.
--enable-padlock
enable the padlock crypto plugin [ no ]. Requires a VIA Padlock crypto engine.
--enable-pkcs11
enable the PKCS#11 crypto token support plugin [ no ].
--enable-rdrand
enable the Intel RDRAND random generator plugin [ no ].
--enable-smp
enable XML configuration and control interface [ no ]. Requires libxml. See SMP.
--enable-socket-dynamic
enable dynamic socket implementation for charon [ no ].
--enable-soup
enable soup fetcher plugin to fetch from HTTP URIs. [ no ]. Requires libsoup.
--enable-sql
enable SQL database configuration backend [ no ]. See SQL.
--enable-sqlite
enable SQLite database support [ no ]. Requires libsqlite3.
--enable-test-vectors
enable crypto test vectors plugin [ no ].
--enable-tnccs-11
enable TNCCS 1.1 protocol module [ no ]. Requires libxml2.
--enable-tnccs-20
enable TNCCS 2.0 protocol module [ no ].
--enable-tnccs-dynamic
enable dynamic TNCCS protocol discovery module [ no ].
--enable-tnc-ifmap
enable TNC IF-MAP module [ no ].
--enable-tnc-imc
enable TNC IMC integrity measurement collector module [ no ].
-enable-tnc-imv
enable TNC IMV integrity measurement verifier module [ no ].
--enable-uci
enable the OpenWRT UCI configuration plugin [ no ].
--enable-unit-tester
enable unit tests on IKEv2 daemon startup [ no ].
--enable-unity
enable Cisco Unity extension plugin [ no ].
--enable-vstr
enforce the use of the Vstr string library to replace glibc-like printf hooks [ no ].
--enable-whitelist
enable peer identity whitelisting plugin [ no ].
--enable-xauth-eap
enable XAuth backend using EAP methods to verify password [ no ].
--enable-xauth-pam
enable XAuth backend using PAM to verify passwords [ no ].
--disable options¶
The plugin list provides more information on specific plugins.
--disable-aes
disable default AES software implementation plugin [ no ].
--disable-attr
disable strongswan.conf based configuration of DNS and WINS server attributes [ no ].
This is a plugin for VPN gateways only, serving internal DNS and WINS nameserver information.
--disable-charon
disable the build of the IKEv1/IKEv2 keying daemon charon [ no ].
--disable-cmac
disable CMAC crypto implementation plugin [ no ].
--disable-constraints
disable advanced X.509 constraint checking plugin [ no ].
--disable-des
disable default DES/3DES software implementation plugin [ no ].
--disable-dnskey
disable DNS RR key decoding plugin [ no ].
--disable-fips-prf
disable default FIPS PRF software implementation plugin [ no ].
--disable-gmp
disable default GNU Multi Precision (libgmp) based public key cryptography implementation plugin [ no ].
--disable-hmac
disable default HMAC crypto implementation plugin [ no ].
--disable-ikev1
disable IKEv1 protocol support in charon [ no ].
--disable-ikev2
disable IKEv2 protocol support in charon [ no ].
--disable-kernel-netlink
disable default Netlink kernel interface [ no ].
--disable-load-warning
disable the charon plugin load option warning in starter [ no ]
--disable-md5
disable default MD5 software implementation plugin [ no ].
--disable-nonce
disable nonce generation plugin [ no ].
--disable-pem
disable PEM decoding plugin [ no ].
--disable-pgp
disable PGP key decoding plugin [ no ].
--disable-pkcs1
disable PKCS#1 key decoding plugin [ no ].
--disable-pkcs7
disable PKCS#7 container support plugin [ no ].
--disable-pkcs8
disable PKCS#8 private key decoding plugin [ no ].
--disable-pubkey
disable default RAW public key support plugin [ no ].
--disable-random
disable default RNG implementation using the raw /dev/(u)random devices [ no ].
--disable-resolve
disable writing DNS information received via configuration payload to /etc/resolv.conf [ no ].
This is a plugin for VPN clients only.
--disable-revocation
disable X.509 CRL/OCSP revocation check plugin [ no ].
--disable-scripts
disable the build of additional utilities (found in directory scripts) [ no ].
--disable-sha1
disable default SHA-1 software implementation plugin [ no ].
--disable-sha2
disable default SHA-256/SHA-384/SHA-512 software implementation plugin [ no ].
--disable-socket-default
disable default socket implementation for charon [ no ].
--disable-stroke
disable charon's stroke configuration backend [ no ].
--disable-tools
disable the build of additional ipsec utilites (currently scepclient, openac and pki) [ no ].
--disable-updown
disable updown firewall script plugin [ no ].
--disable-x509
disable default X.509 certificate implementation plugin [ no ].
--disable-xauth-generic
disable generic XAauth backend [ no ].
--disable-xcbc
disable default XCBC crypto implementation plugin [ no ].
--with options¶
--with-capabilities=LIBCAP
set capability dropping library. Currently supported values are libcap and native [ no ].
--with-charon-udp-port=PORT
UDP port used by charon locally. Set to 0 to allocate randomly. [ 500 ]
--with-charon-natt-port=PORT
UDP port used by charon locally in case a NAT is detected (must be different from charon-udp-port). Set to 0 to allocate randomly. [ 4500 ]
--with-dev-headers=DIR
install strongSwan development headers to DIR [ no ].
--with-group=GROUP
change group of the daemons to GROUP after startup [ root ].
--with-imcvdir=IMCVDIR
set the installation path of IMC and IMV dynamic libraries [ IPSECLIBDIR/imcvs ].
--with-ipsecdir=IPSECDIR
installation path for ipsec tools [ LIBEXECDIR/ipsec ].
--with-ipseclibdir=IPSECLIBDIR
installation path for ipsec libraries (libstrongswan, libhydra, libcharon etc.) [ LIBDIR/ipsec ].
--with-ipsec-script=SCRIPTNAME
change the name of the ipsec script [ ipsec].
--with-linux-headers=DIR
linux header files to be used [ ../include ].
--with-mpz_powm_sec=YES|NO
use the more side-channel resistant mpz_powm_sec in libgmp, if available [ yes ].
--with-nm-ca-dir=NMCADIR
directory the NM backend uses to look up trusted root certificates [ /usr/share/ca-certificates ].
--with-piddir=DIR
path for PID and UNIX socket files [ /var/run ].
--with-plugindir=PLUGINDIR
installation path for plugins [ IPSECLIBDIR/plugins ].
--with-random-device=DEV
set the device for true random data [ /dev/random ].
--with-resolv-conf=FILE
set the file to store DNS server information [ SYSCONFDIR/resolv.conf ].
--with-routing-table=NUM
routing table for IPsec source routes (set to 0 to use default routing table) [ 220 ].
--with-routing-table-prio=PRIO
priority for IPsec routing table [ 220 ].
--with-strongswan-conf=FILE
set the strongswan.conf file location [ SYSCONFDIR/strongswan.conf ].
--with-systemdsystemunitdir=arg
directory for systemd service files [ $systemdsystemunitdir_default ].
--with-tss=TSS
set implementation of the Trusted Computing Group's Software Stack (TSS). Currently the only supported value is "trousers".
--with-urandom-device=DEV
set the device for pseudo random data [ /dev/urandom ].
--with-user=USER
change user of the daemons to USER after startup [ root ].