Project

General

Profile

Autoconf options for the most current strongSwan release » History » Version 36

Tobias Brunner, 08.07.2014 09:52
--disable-scepclient added

1 28 Tobias Brunner
h1. Autoconf options for the most current strongSwan release
2 1 Andreas Steffen
3 2 Andreas Steffen
{{>toc}}
4 2 Andreas Steffen
5 19 Tobias Brunner
bq. *Please note:* This page documents the _./configure_ options for the most current release. Therefore, you should always use _./configure --help_ to check which options are actually available for the release you are using.
6 1 Andreas Steffen
7 1 Andreas Steffen
h2. --dir options
8 1 Andreas Steffen
9 19 Tobias Brunner
*Some directories can be configure through [[Autoconf#--with-options|--with options]].*
10 19 Tobias Brunner
11 1 Andreas Steffen
--prefix=PREFIX
12 1 Andreas Steffen
13 1 Andreas Steffen
p((. where to put installation [ _/usr/local_ ]. Most Linux distributions use _"/usr"_.
14 1 Andreas Steffen
15 1 Andreas Steffen
--libexecdir=LIBEXECDIR
16 1 Andreas Steffen
17 1 Andreas Steffen
p((. program executables [ _PREFIX/libexec_ ]
18 16 Tobias Brunner
19 16 Tobias Brunner
--libdir=LIBDIR
20 16 Tobias Brunner
21 16 Tobias Brunner
p((. shared libraries [ _PREFIX/lib_ ]
22 1 Andreas Steffen
 
23 1 Andreas Steffen
--sysconfdir=SYSCONFDIR
24 1 Andreas Steffen
25 1 Andreas Steffen
p((. where to put configuration files [ _PREFIX/etc_ ]. We strongly recommend _"/etc"_.
26 1 Andreas Steffen
27 17 Tobias Brunner
h2. --enable options
28 1 Andreas Steffen
29 17 Tobias Brunner
*The [[pluginlist|plugin list]] provides more information on specific plugins.*
30 17 Tobias Brunner
31 34 Tobias Brunner
--enable-acert
32 34 Tobias Brunner
33 34 Tobias Brunner
p((. enable X.509 attribute certificate checking plugin [ _no_ ]. Since [[5.1.3]].
34 34 Tobias Brunner
35 1 Andreas Steffen
--enable-addrblock
36 1 Andreas Steffen
37 34 Tobias Brunner
p((. enable RFC 3779 address block constraint support plugin [ _no_ ].
38 1 Andreas Steffen
39 6 Andreas Steffen
--enable-af-alg
40 6 Andreas Steffen
41 6 Andreas Steffen
p((. enable AF_ALG crypto interface to Linux Crypto API [ _no_ ]. 
42 6 Andreas Steffen
43 1 Andreas Steffen
--enable-agent
44 1 Andreas Steffen
45 6 Andreas Steffen
p((. enable the ssh-agent signing plugin [ _no_ ]. 
46 1 Andreas Steffen
47 35 Tobias Brunner
--enable-aikgen
48 35 Tobias Brunner
49 35 Tobias Brunner
p((. enable AIK generator [ _no_ ]. Since [[5.2.0]].
50 35 Tobias Brunner
51 34 Tobias Brunner
--enable-all
52 34 Tobias Brunner
53 34 Tobias Brunner
p((. enable all optional plugins and features (they can be disabled with their respective --disable options) [ _no_ ]. Mainly intended for testing. Since [[5.1.3]].
54 34 Tobias Brunner
55 1 Andreas Steffen
--enable-android
56 1 Andreas Steffen
57 22 Tobias Brunner
p((. enable Android specific plugin [ _no_ ]. 
58 1 Andreas Steffen
59 22 Tobias Brunner
--enable-android-log
60 22 Tobias Brunner
61 22 Tobias Brunner
p((. enable Android specific logger plugin [ _no_ ].
62 22 Tobias Brunner
63 1 Andreas Steffen
--enable-attr-sql
64 1 Andreas Steffen
65 6 Andreas Steffen
p((. enable the SQL based configuration attribute plugin [ _no_ ]. 
66 1 Andreas Steffen
 This is a plugin for VPN gateways only, serving virtual IP addresses
67 1 Andreas Steffen
68 28 Tobias Brunner
--enable-bfd-backtraces
69 28 Tobias Brunner
70 28 Tobias Brunner
p((. use binutil's libbfd to resolve backtraces for memory leaks and segfaults [ _no_ ]. Since [[5.0.1]].
71 28 Tobias Brunner
72 1 Andreas Steffen
--enable-blowfish
73 1 Andreas Steffen
74 1 Andreas Steffen
p((. enable Blowfish software implementation plugin [ _no_ ].
75 1 Andreas Steffen
76 1 Andreas Steffen
--enable-ccm
77 1 Andreas Steffen
78 1 Andreas Steffen
p((. enable the CCM AEAD wrapper crypto plugin [ _no_ ].
79 1 Andreas Steffen
80 19 Tobias Brunner
--enable-certexpire
81 19 Tobias Brunner
82 19 Tobias Brunner
p((. enable CSV export of expiration dates of used certificates [ _no_ ].
83 1 Andreas Steffen
84 28 Tobias Brunner
--enable-cmd
85 28 Tobias Brunner
86 28 Tobias Brunner
p((. enable the command line IKE client charon-cmd [ _no_ ]. Since [[5.1.0]].
87 28 Tobias Brunner
88 6 Andreas Steffen
--enable-conftest
89 1 Andreas Steffen
90 33 Tobias Brunner
p((. enable the [[IpsecConftest|IKE conformance test framework]] [ _no_ ].
91 9 Andreas Steffen
92 1 Andreas Steffen
--enable-coupling
93 1 Andreas Steffen
94 19 Tobias Brunner
p((. enable IKEv2 plugin to couple peer certificates permanently to authentication [ _no_ ].
95 1 Andreas Steffen
96 28 Tobias Brunner
--enable-coverage
97 28 Tobias Brunner
98 28 Tobias Brunner
p((. enable lcov coverage report report generation [ _no_ ]. Since [[5.1.0]].
99 28 Tobias Brunner
*Note:* This disables any optimization, so it shouldn't be enabled when building production releases.
100 28 Tobias Brunner
101 1 Andreas Steffen
--enable-ctr
102 1 Andreas Steffen
103 1 Andreas Steffen
p((. enable the counter mode wrapper crypto plugin [ _no_ ].
104 16 Tobias Brunner
105 16 Tobias Brunner
--enable-curl
106 1 Andreas Steffen
107 16 Tobias Brunner
p((. enable plugin to fetch files (CRL/OCSP) via libcurl [ _no_ ]. Requires libcurl.
108 16 Tobias Brunner
109 35 Tobias Brunner
--enable-dbghelp-backtraces
110 35 Tobias Brunner
111 35 Tobias Brunner
p((. use dbghlp.dll on Windows to create and print backtraces for memory leaks and segfaults [ _no_ ]. Since [[5.2.0]].
112 35 Tobias Brunner
113 1 Andreas Steffen
--enable-dhcp
114 1 Andreas Steffen
115 19 Tobias Brunner
p((. enable DHCP based attribute provider plugin. [ _no_ ].
116 1 Andreas Steffen
117 30 Tobias Brunner
--enable-dnscert
118 30 Tobias Brunner
119 30 Tobias Brunner
p((. enable plugin that authenticates peers based on CERT resource records in the DNS protected by DNSSEC [ _no_ ]. Since [[5.1.1]].
120 30 Tobias Brunner
121 1 Andreas Steffen
--enable-dumm
122 1 Andreas Steffen
123 1 Andreas Steffen
p((. build the new UML test framework [ _no_ ]. See [[DynamicUmlMeshModeler|DUMM]].
124 1 Andreas Steffen
125 9 Andreas Steffen
--enable-duplicheck
126 9 Andreas Steffen
127 19 Tobias Brunner
p((. enable advanced duplicate checking plugin using liveness checks [ _no_ ].
128 1 Andreas Steffen
129 1 Andreas Steffen
--enable-eap-aka
130 1 Andreas Steffen
131 19 Tobias Brunner
p((. build EAP AKA authentication module [ _no_ ].
132 1 Andreas Steffen
133 1 Andreas Steffen
--enable-eap-aka-3gpp2
134 1 Andreas Steffen
135 1 Andreas Steffen
p((. build EAP AKA backend module implementing 3GPP2 algorithm in software [ _no_ ]. Requires libgmp.
136 1 Andreas Steffen
137 22 Tobias Brunner
--enable-eap-dynamic
138 22 Tobias Brunner
139 22 Tobias Brunner
p((. build dynamic EAP proxy module [ _no_ ].
140 22 Tobias Brunner
141 1 Andreas Steffen
--enable-eap-gtc
142 1 Andreas Steffen
143 22 Tobias Brunner
p((. build [[EapGtc|EAP GTC]] authentication module [ _no_ ].
144 1 Andreas Steffen
145 1 Andreas Steffen
--enable-eap-identity
146 1 Andreas Steffen
147 1 Andreas Steffen
p((. build EAP module providing EAP-Identity helper [ _no_ ].
148 1 Andreas Steffen
149 1 Andreas Steffen
--enable-eap-md5
150 1 Andreas Steffen
151 19 Tobias Brunner
p((. build EAP MD5 (CHAP) authentication module [ _no_ ].
152 1 Andreas Steffen
153 1 Andreas Steffen
--enable-eap-mschapv2
154 1 Andreas Steffen
155 19 Tobias Brunner
p((. enable EAP MS-CHAPv2 authentication module [ _no_ ].
156 10 Andreas Steffen
157 10 Andreas Steffen
--enable-eap-peap
158 1 Andreas Steffen
159 1 Andreas Steffen
p((. enable EAP PEAP authentication plugin [ _no_ ].
160 1 Andreas Steffen
161 1 Andreas Steffen
--enable-eap-radius
162 1 Andreas Steffen
163 19 Tobias Brunner
p((. enable [[EapRadius|RADIUS]] proxy authentication module for EAP [ _no_ ].
164 1 Andreas Steffen
165 1 Andreas Steffen
--enable-eap-sim
166 1 Andreas Steffen
167 19 Tobias Brunner
p((. enable EAP-SIM authentication module [ _no_ ].
168 1 Andreas Steffen
169 16 Tobias Brunner
--enable-eap-sim-file
170 11 Andreas Steffen
171 19 Tobias Brunner
p((. enable EAP-SIM back end based on a triplets file [ _no_ ].
172 11 Andreas Steffen
173 11 Andreas Steffen
--enable-eap-sim-pcsc
174 1 Andreas Steffen
175 19 Tobias Brunner
p((. enable EAP-SIM back end based on a smartcard reader [ _no_ ]. Requires libpcsclite.
176 1 Andreas Steffen
177 1 Andreas Steffen
--enable-eap-simaka-pseudonym
178 1 Andreas Steffen
179 1 Andreas Steffen
p((. enable EAP-SIM/AKA pseudonym storage [ _no_ ].
180 1 Andreas Steffen
181 1 Andreas Steffen
--enable-eap-simaka-reauth
182 1 Andreas Steffen
183 1 Andreas Steffen
p((. enable EAP-SIM/AKA reauthentication data storage [ _no_ ].
184 1 Andreas Steffen
185 1 Andreas Steffen
--enable-eap-simaka-sql
186 1 Andreas Steffen
187 19 Tobias Brunner
p((. enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database [ _no_ ].
188 1 Andreas Steffen
189 1 Andreas Steffen
--enable-eap-tls
190 1 Andreas Steffen
191 1 Andreas Steffen
p((. enable EAP TLS authentication plugin [ _no_ ].
192 1 Andreas Steffen
193 1 Andreas Steffen
--enable-eap-tnc
194 1 Andreas Steffen
195 1 Andreas Steffen
p((. enable EAP TNC trusted network connect plugin [ _no_ ].
196 1 Andreas Steffen
197 1 Andreas Steffen
--enable-eap-ttls
198 1 Andreas Steffen
199 1 Andreas Steffen
p((. enable EAP TTLS authentication plugin [ _no_ ].
200 1 Andreas Steffen
201 23 Tobias Brunner
--enable-error-notify
202 23 Tobias Brunner
203 23 Tobias Brunner
p((. enable [[ErrorNotifyPlugin|error notification plugin]] [ _no_ ].
204 23 Tobias Brunner
205 1 Andreas Steffen
--enable-farp
206 1 Andreas Steffen
207 19 Tobias Brunner
p((.  enable ARP faking plugin that responds to ARP requests for virtual IPs assigned to peers [ _no_ ].
208 1 Andreas Steffen
209 1 Andreas Steffen
--enable-fast
210 1 Andreas Steffen
211 19 Tobias Brunner
p((. build libfast (FastCGI Application Server w/ templates) [ _no_ ]. See [[libfast]].
212 1 Andreas Steffen
213 1 Andreas Steffen
--enable-gcm
214 1 Andreas Steffen
215 1 Andreas Steffen
p((. enable the GCM AEAD wrapper crypto plugin [ _no_ ].
216 1 Andreas Steffen
217 1 Andreas Steffen
--enable-gcrypt
218 1 Andreas Steffen
219 1 Andreas Steffen
p((. enable the libgcrypt plugin [ _no_ ]. Requires the GNU Libgcrypt library.
220 1 Andreas Steffen
221 1 Andreas Steffen
--enable-ha
222 1 Andreas Steffen
223 1 Andreas Steffen
p((. enable the [[HighAvailability|high availability]] cluster plugin [ _no_ ]. 
224 19 Tobias Brunner
225 19 Tobias Brunner
--enable-imc-attestation
226 1 Andreas Steffen
227 23 Tobias Brunner
p((. enable IMC attestation module [ _no_ ].
228 1 Andreas Steffen
229 23 Tobias Brunner
--enable-imc-os
230 23 Tobias Brunner
231 23 Tobias Brunner
p((. enable IMC operating system module [ _no_ ].
232 23 Tobias Brunner
233 1 Andreas Steffen
--enable-imc-scanner
234 1 Andreas Steffen
235 19 Tobias Brunner
p((. enable IMC port scanner module [ _no_ ].
236 13 Andreas Steffen
237 30 Tobias Brunner
--enable-imc-swid
238 30 Tobias Brunner
239 30 Tobias Brunner
p((. enable IMC swid module [ _no_ ]. Since [[5.1.1]].
240 30 Tobias Brunner
241 1 Andreas Steffen
--enable-imc-test
242 13 Andreas Steffen
243 19 Tobias Brunner
p((. enable IMC test module [ _no_ ].
244 12 Andreas Steffen
245 19 Tobias Brunner
--enable-imv-attestation
246 19 Tobias Brunner
247 19 Tobias Brunner
p((. enable IMV attestation module [ _no_ ].
248 1 Andreas Steffen
249 23 Tobias Brunner
--enable-imv-os
250 23 Tobias Brunner
251 23 Tobias Brunner
p((. enable IMV operating system module [ _no_ ].
252 23 Tobias Brunner
253 13 Andreas Steffen
--enable-imv-scanner
254 13 Andreas Steffen
255 19 Tobias Brunner
p((. enable IMV port scanner module [ _no_ ].
256 30 Tobias Brunner
257 30 Tobias Brunner
--enable-imv-swid
258 30 Tobias Brunner
259 30 Tobias Brunner
p((. enable IMV swid module [ _no_ ]. Since [[5.1.1]].
260 1 Andreas Steffen
261 12 Andreas Steffen
--enable-imv-test
262 12 Andreas Steffen
263 19 Tobias Brunner
p((. enable IMV test module [ _no_ ].
264 12 Andreas Steffen
265 1 Andreas Steffen
--enable-integrity-test
266 1 Andreas Steffen
267 24 Tobias Brunner
p((. enable [[IntegrityTest|integrity testing]] of the daemon, libraries and loaded plugins [ _no_ ].
268 24 Tobias Brunner
269 24 Tobias Brunner
--enable-ipseckey
270 24 Tobias Brunner
271 1 Andreas Steffen
p((. enable IPSECKEY authentication plugin, which authenticates peers based on IPSECKEY resource records in the DNS protected by DNSSEC [ _no_ ]. Since [[5.0.3]].
272 1 Andreas Steffen
273 35 Tobias Brunner
--enable-kernel-iph
274 1 Andreas Steffen
275 35 Tobias Brunner
p((. enable the [[Kernel-iph|Windows IP Helper based networking backend]] [ _no_ ]. Since [[5.2.0]].
276 1 Andreas Steffen
277 28 Tobias Brunner
--enable-kernel-libipsec
278 28 Tobias Brunner
279 29 Tobias Brunner
p((. enable the [[kernel-libipsec|libipsec-based user-space "kernel" interface]] [ _no_ ]. Since [[5.1.0]].
280 28 Tobias Brunner
281 1 Andreas Steffen
--enable-kernel-pfkey
282 1 Andreas Steffen
283 19 Tobias Brunner
p((. enable the PF_KEYv2 NETKEY kernel interface [ _no_ ].
284 1 Andreas Steffen
285 1 Andreas Steffen
--enable-kernel-pfroute
286 1 Andreas Steffen
287 1 Andreas Steffen
p((. enable the PF_ROUTE kernel interface [ _no_ ]. Required for FreeBSD and Mac OS X.
288 1 Andreas Steffen
289 35 Tobias Brunner
--enable-kernel-wfp
290 35 Tobias Brunner
291 35 Tobias Brunner
p((. enable the [[Kernel-wfp|Windows Filtering Platform IPsec backend]] [ _no_ ]. Since [[5.2.0]].
292 35 Tobias Brunner
293 28 Tobias Brunner
--enable-keychain
294 28 Tobias Brunner
295 28 Tobias Brunner
p((. enable Mac OS X Keychain Services credential set [ _no_ ]. Since [[5.1.0]].
296 28 Tobias Brunner
297 22 Tobias Brunner
--enable-libipsec
298 22 Tobias Brunner
299 22 Tobias Brunner
p((. enable user space IPsec implementation [ _no_ ].
300 22 Tobias Brunner
301 1 Andreas Steffen
--enable-ldap
302 1 Andreas Steffen
303 1 Andreas Steffen
p((. enable LDAP fetcher to fetch files (CRLs) from an LDAP server [ _no_ ]. Requires OpenLDAP.
304 1 Andreas Steffen
305 1 Andreas Steffen
--enable-leak-detective
306 1 Andreas Steffen
307 1 Andreas Steffen
p((. enable malloc hooks to find memory leaks [ _no_ ].
308 5 Andreas Steffen
309 5 Andreas Steffen
--enable-led
310 5 Andreas Steffen
311 19 Tobias Brunner
p((. enable plugin to control LEDs on IKEv2 activity using the Linux kernel LED subsystem [ _no_ ].
312 1 Andreas Steffen
313 1 Andreas Steffen
--enable-load-tester
314 1 Andreas Steffen
315 1 Andreas Steffen
p((. enable load testing plugin for IKEv2 daemon [ _no_ ].
316 1 Andreas Steffen
317 1 Andreas Steffen
--enable-lock-profiler
318 1 Andreas Steffen
319 1 Andreas Steffen
p((. enable lock/mutex profiling code [ _no_ ].
320 1 Andreas Steffen
321 23 Tobias Brunner
--enable-lookip
322 23 Tobias Brunner
323 23 Tobias Brunner
p((. enable fast virtual IP [[lookip|lookup and notification plugin]] [ _no_ ].
324 23 Tobias Brunner
325 16 Tobias Brunner
--enable-maemo
326 1 Andreas Steffen
327 16 Tobias Brunner
p((. enable the Maemo specific plugin [ _no_ ].
328 16 Tobias Brunner
329 1 Andreas Steffen
--enable-manager
330 1 Andreas Steffen
331 1 Andreas Steffen
p((. build the strongSwan manager web application [ _no_ ]. See [[Manager]].
332 1 Andreas Steffen
333 16 Tobias Brunner
--enable-md4
334 16 Tobias Brunner
335 16 Tobias Brunner
p((. enable MD4 software implementation plugin. Required for eap-mschapv2 plugin [ _no_ ].
336 1 Andreas Steffen
337 1 Andreas Steffen
--enable-medcli
338 1 Andreas Steffen
339 1 Andreas Steffen
p((. enable mediation client web front end and daemon plugin [ _no_ ].
340 1 Andreas Steffen
341 1 Andreas Steffen
--enable-mediation
342 1 Andreas Steffen
343 1 Andreas Steffen
p((. enable IKEv2 Mediation Extension [ _no_ ].
344 1 Andreas Steffen
345 1 Andreas Steffen
--enable-medsrv
346 1 Andreas Steffen
347 1 Andreas Steffen
p((. enable mediation server web front end and daemon plugin [ _no_ ].
348 1 Andreas Steffen
349 1 Andreas Steffen
--enable-monolithic
350 1 Andreas Steffen
351 19 Tobias Brunner
p((. build monolithic versions of libstrongswan, libhydra, and libcharon that include all enabled plugins [ _no_ ].
352 1 Andreas Steffen
353 1 Andreas Steffen
--enable-mysql
354 1 Andreas Steffen
355 1 Andreas Steffen
p((. enable MySQL database support [ _no_ ]. Requires libmysqlclient_r.
356 19 Tobias Brunner
357 1 Andreas Steffen
--enable-nm
358 1 Andreas Steffen
359 20 Tobias Brunner
p((. enable the [[NetworkManager]] backend [ _no_ ].
360 1 Andreas Steffen
361 31 Andreas Steffen
--enable-ntru
362 31 Andreas Steffen
363 31 Andreas Steffen
p((. enable the NTRUEncrypt key exchange plugin [ _no_ ]. Since [[5.1.2]]
364 31 Andreas Steffen
365 1 Andreas Steffen
--enable-openssl
366 1 Andreas Steffen
367 1 Andreas Steffen
p((. enable the OpenSSL crypto plugin [ _no_ ]. Requires libcrypto.so.0.9.8.
368 1 Andreas Steffen
369 28 Tobias Brunner
--enable-osx-attr
370 28 Tobias Brunner
371 28 Tobias Brunner
p((. enable Mac OS X SystemConfiguration attribute handler [ _no_ ]. Since [[5.1.0]].
372 28 Tobias Brunner
373 1 Andreas Steffen
--enable-padlock
374 1 Andreas Steffen
375 1 Andreas Steffen
p((. enable the padlock crypto plugin [ _no_ ]. Requires a VIA Padlock crypto engine.
376 19 Tobias Brunner
377 1 Andreas Steffen
--enable-pkcs11
378 1 Andreas Steffen
379 1 Andreas Steffen
p((. enable the [[SmartcardsIKEv2|PKCS#11 crypto token]] support plugin [ _no_ ].
380 1 Andreas Steffen
381 23 Tobias Brunner
--enable-rdrand
382 23 Tobias Brunner
383 23 Tobias Brunner
p((. enable the Intel RDRAND random generator plugin [ _no_ ].
384 23 Tobias Brunner
385 1 Andreas Steffen
--enable-smp
386 1 Andreas Steffen
387 1 Andreas Steffen
p((. enable XML configuration and control interface [ _no_ ]. Requires libxml. See [[SMP]].
388 1 Andreas Steffen
389 1 Andreas Steffen
--enable-socket-dynamic
390 1 Andreas Steffen
391 1 Andreas Steffen
p((. enable dynamic socket implementation for charon [ _no_ ].
392 1 Andreas Steffen
393 35 Tobias Brunner
--enable-socket-win
394 35 Tobias Brunner
395 35 Tobias Brunner
p((. enable [[Socket-win|Winsock2 based socket implementation]] for charon [ _no_ ]. Since [[5.2.0]].
396 35 Tobias Brunner
397 1 Andreas Steffen
--enable-soup
398 1 Andreas Steffen
399 1 Andreas Steffen
p((. enable soup fetcher plugin to fetch from HTTP URIs. [ _no_ ]. Requires libsoup.
400 1 Andreas Steffen
401 1 Andreas Steffen
--enable-sql
402 1 Andreas Steffen
403 1 Andreas Steffen
p((. enable SQL database configuration backend [ _no_ ]. See [[SQL]].
404 16 Tobias Brunner
405 16 Tobias Brunner
--enable-sqlite
406 16 Tobias Brunner
407 1 Andreas Steffen
p((. enable SQLite database support [ _no_ ]. Requires libsqlite3.
408 1 Andreas Steffen
409 35 Tobias Brunner
--enable-svc
410 35 Tobias Brunner
411 35 Tobias Brunner
p((. enable [[Charon-svc|charon Windows service]] [ _no_ ]. Since [[5.2.0]].
412 35 Tobias Brunner
413 35 Tobias Brunner
--enable-swanctl
414 35 Tobias Brunner
415 35 Tobias Brunner
p((. enable [[swanctl]] configuration and control tool [ _no_ ]. Since [[5.2.0]].
416 35 Tobias Brunner
417 24 Tobias Brunner
--enable-systime-fix
418 24 Tobias Brunner
419 24 Tobias Brunner
p((. enable plugin to handle cert lifetimes with invalid system time gracefully [ _no_ ]. See [[SystimeFixPlugin]]. Since [[5.0.3]].
420 24 Tobias Brunner
421 16 Tobias Brunner
--enable-test-vectors
422 16 Tobias Brunner
423 1 Andreas Steffen
p((. enable [[CryptoTest|crypto test]] vectors plugin [ _no_ ].
424 16 Tobias Brunner
425 24 Tobias Brunner
--enable-tkm
426 24 Tobias Brunner
427 24 Tobias Brunner
p((. enable _charon-tkm_ an IKEv2 daemon that is backed by a Trusted Key Manager (TKM) [ _no_ ]. More information can be found on http://www.codelabs.ch/tkm/. Since [[5.0.3]].
428 24 Tobias Brunner
429 1 Andreas Steffen
--enable-tnccs-11
430 1 Andreas Steffen
431 1 Andreas Steffen
p((. enable TNCCS 1.1 protocol module [ _no_ ]. Requires libxml2.
432 1 Andreas Steffen
433 1 Andreas Steffen
--enable-tnccs-20
434 1 Andreas Steffen
435 8 Andreas Steffen
p((. enable TNCCS 2.0 protocol module [ _no_ ].
436 6 Andreas Steffen
437 1 Andreas Steffen
--enable-tnccs-dynamic
438 1 Andreas Steffen
439 1 Andreas Steffen
p((. enable dynamic TNCCS protocol discovery module [ _no_ ].
440 1 Andreas Steffen
441 19 Tobias Brunner
--enable-tnc-ifmap
442 19 Tobias Brunner
443 19 Tobias Brunner
p((. enable TNC IF-MAP module [ _no_ ].
444 19 Tobias Brunner
445 6 Andreas Steffen
--enable-tnc-imc
446 6 Andreas Steffen
447 3 Andreas Steffen
p((. enable TNC IMC integrity measurement collector module [ _no_ ].
448 4 Andreas Steffen
449 4 Andreas Steffen
-enable-tnc-imv
450 4 Andreas Steffen
451 4 Andreas Steffen
p((. enable TNC IMV integrity measurement verifier module [ _no_ ].
452 4 Andreas Steffen
453 4 Andreas Steffen
--enable-uci
454 1 Andreas Steffen
455 1 Andreas Steffen
p((. enable the OpenWRT UCI configuration plugin [ _no_ ].
456 1 Andreas Steffen
457 24 Tobias Brunner
--enable-unbound
458 24 Tobias Brunner
459 24 Tobias Brunner
p((. DNSSEC-enabled resolver plugin based on libunbound [ _no_ ].
460 24 Tobias Brunner
461 1 Andreas Steffen
--enable-unit-tester
462 1 Andreas Steffen
463 1 Andreas Steffen
p((. enable unit tests on IKEv2 daemon startup [ _no_ ].
464 1 Andreas Steffen
465 28 Tobias Brunner
--enable-unity
466 28 Tobias Brunner
467 28 Tobias Brunner
p((. enable Cisco Unity extension plugin [ _no_ ].
468 28 Tobias Brunner
469 1 Andreas Steffen
--enable-unwind-backtraces
470 1 Andreas Steffen
471 1 Andreas Steffen
p((. use libunwind to create backtraces for memory leaks and segfaults [ _no_ ]. Since [[5.1.0]].
472 1 Andreas Steffen
473 35 Tobias Brunner
--enable-vici
474 35 Tobias Brunner
475 35 Tobias Brunner
p((. enable the [[Vici|Versatile IKE Configuration Interface]] plugin. [ _no_ ]. Since [[5.2.0]].
476 35 Tobias Brunner
477 18 Tobias Brunner
--enable-whitelist
478 1 Andreas Steffen
479 1 Andreas Steffen
p((. enable peer identity whitelisting plugin [ _no_ ]. 
480 1 Andreas Steffen
481 35 Tobias Brunner
--enable-winhttp
482 35 Tobias Brunner
483 35 Tobias Brunner
p((. enable [[Winhttp|WinHTTP based HTTP/HTTPS fetching plugin]]. [ _no_ ]. Since [[5.2.0]].
484 35 Tobias Brunner
485 1 Andreas Steffen
--enable-xauth-eap
486 1 Andreas Steffen
487 19 Tobias Brunner
p((. enable XAuth backend using EAP methods to verify password [ _no_ ].
488 24 Tobias Brunner
489 24 Tobias Brunner
--enable-xauth-noauth
490 24 Tobias Brunner
491 24 Tobias Brunner
p((. enable XAuth pseudo-backend that does not actually verify or even request any credentials [ _no_ ]. Since [[5.0.3]].
492 1 Andreas Steffen
493 22 Tobias Brunner
--enable-xauth-pam
494 22 Tobias Brunner
495 22 Tobias Brunner
p((. enable [[XAuthPam|XAuth backend using PAM]] to verify passwords [ _no_ ].
496 22 Tobias Brunner
497 1 Andreas Steffen
h2. --disable options
498 19 Tobias Brunner
499 19 Tobias Brunner
*The [[pluginlist|plugin list]] provides more information on specific plugins.*
500 19 Tobias Brunner
501 19 Tobias Brunner
--disable-aes
502 1 Andreas Steffen
503 1 Andreas Steffen
p((. disable default AES software implementation plugin [ _no_ ].
504 1 Andreas Steffen
505 1 Andreas Steffen
--disable-attr
506 1 Andreas Steffen
507 1 Andreas Steffen
p((. disable strongswan.conf based configuration of DNS and WINS server attributes [ _no_ ].
508 1 Andreas Steffen
 This is a plugin for VPN gateways only, serving internal DNS and WINS nameserver information.
509 1 Andreas Steffen
510 1 Andreas Steffen
--disable-charon
511 1 Andreas Steffen
512 20 Tobias Brunner
p((. disable the build of the IKEv1/IKEv2 keying daemon charon [ _no_ ].
513 7 Andreas Steffen
514 21 Tobias Brunner
--disable-cmac
515 21 Tobias Brunner
516 21 Tobias Brunner
p((. disable CMAC crypto implementation plugin [ _no_ ].
517 21 Tobias Brunner
518 7 Andreas Steffen
--disable-constraints
519 7 Andreas Steffen
520 7 Andreas Steffen
p((. disable advanced X.509 constraint checking plugin [ _no_ ].
521 1 Andreas Steffen
522 26 Tobias Brunner
--disable-defaults
523 26 Tobias Brunner
524 26 Tobias Brunner
p((. disable all features that are enabled by default [ _no_ ]. Basically it's short for adding all options listed in this section. Since [[5.0.3]].
525 26 Tobias Brunner
526 1 Andreas Steffen
--disable-des
527 1 Andreas Steffen
528 1 Andreas Steffen
p((. disable default DES/3DES software implementation plugin [ _no_ ].
529 1 Andreas Steffen
530 1 Andreas Steffen
--disable-dnskey
531 1 Andreas Steffen
532 1 Andreas Steffen
p((. disable DNS RR key decoding plugin [ _no_ ].
533 1 Andreas Steffen
534 1 Andreas Steffen
--disable-fips-prf
535 1 Andreas Steffen
536 1 Andreas Steffen
p((. disable default FIPS PRF software implementation plugin [ _no_ ].
537 1 Andreas Steffen
538 1 Andreas Steffen
--disable-gmp
539 1 Andreas Steffen
540 1 Andreas Steffen
p((. disable default GNU Multi Precision (libgmp) based public key cryptography implementation plugin [ _no_ ].
541 1 Andreas Steffen
542 1 Andreas Steffen
--disable-hmac
543 1 Andreas Steffen
544 1 Andreas Steffen
p((. disable default HMAC crypto implementation plugin [ _no_ ].
545 1 Andreas Steffen
546 20 Tobias Brunner
--disable-ikev1
547 20 Tobias Brunner
548 20 Tobias Brunner
p((. disable IKEv1 protocol support in charon [ _no_ ].
549 20 Tobias Brunner
550 20 Tobias Brunner
--disable-ikev2
551 20 Tobias Brunner
552 20 Tobias Brunner
p((. disable IKEv2 protocol support in charon [ _no_ ].
553 20 Tobias Brunner
554 1 Andreas Steffen
--disable-kernel-netlink
555 1 Andreas Steffen
556 1 Andreas Steffen
p((. disable default Netlink kernel interface [ _no_ ].
557 1 Andreas Steffen
558 1 Andreas Steffen
--disable-load-warning
559 1 Andreas Steffen
560 20 Tobias Brunner
p((. disable the charon plugin load option warning in starter [ _no_ ]
561 16 Tobias Brunner
562 16 Tobias Brunner
--disable-md5
563 16 Tobias Brunner
564 16 Tobias Brunner
p((. disable default MD5 software implementation plugin [ _no_ ].
565 1 Andreas Steffen
566 20 Tobias Brunner
--disable-nonce
567 20 Tobias Brunner
568 20 Tobias Brunner
p((. disable nonce generation plugin [ _no_ ].
569 20 Tobias Brunner
570 1 Andreas Steffen
--disable-pem
571 1 Andreas Steffen
572 1 Andreas Steffen
p((. disable PEM decoding plugin [ _no_ ].
573 1 Andreas Steffen
574 1 Andreas Steffen
--disable-pgp
575 19 Tobias Brunner
576 1 Andreas Steffen
p((. disable PGP key decoding plugin [ _no_ ].
577 19 Tobias Brunner
578 19 Tobias Brunner
--disable-pkcs1
579 19 Tobias Brunner
580 19 Tobias Brunner
p((. disable PKCS#1 key decoding plugin [ _no_ ].
581 1 Andreas Steffen
582 23 Tobias Brunner
--disable-pkcs7
583 23 Tobias Brunner
584 23 Tobias Brunner
p((. disable PKCS#7 container support plugin [ _no_ ].
585 23 Tobias Brunner
586 1 Andreas Steffen
--disable-pkcs8
587 1 Andreas Steffen
588 1 Andreas Steffen
p((. disable PKCS#8 private key decoding plugin [ _no_ ].
589 1 Andreas Steffen
590 28 Tobias Brunner
--disable-pkcs12
591 28 Tobias Brunner
592 1 Andreas Steffen
p((. disable PKCS#12 container support plugin [ _no_ ]. Since [[5.1.0]].
593 1 Andreas Steffen
594 35 Tobias Brunner
--disable-pki
595 35 Tobias Brunner
596 35 Tobias Brunner
p((. disable [[ipsecpki|pki]] certificate utility [ _no_ ]. Separate option since [[5.2.0]], was included in _--disable-tools_ before.
597 35 Tobias Brunner
598 1 Andreas Steffen
--disable-pubkey
599 1 Andreas Steffen
600 1 Andreas Steffen
p((. disable default RAW public key support plugin [ _no_ ].
601 1 Andreas Steffen
602 1 Andreas Steffen
--disable-random
603 1 Andreas Steffen
604 1 Andreas Steffen
p((. disable default RNG implementation using the raw /dev/(u)random devices [ _no_ ].
605 1 Andreas Steffen
606 28 Tobias Brunner
--disable-rc2
607 28 Tobias Brunner
608 28 Tobias Brunner
p((. disable RC2 software implementation plugin [ _no_ ]. Since [[5.1.0]].
609 1 Andreas Steffen
610 1 Andreas Steffen
--disable-resolve
611 1 Andreas Steffen
612 1 Andreas Steffen
p((. disable writing DNS information received via configuration payload to /etc/resolv.conf [ _no_ ].
613 7 Andreas Steffen
 This is a plugin for VPN clients only.
614 1 Andreas Steffen
615 1 Andreas Steffen
--disable-revocation
616 1 Andreas Steffen
617 1 Andreas Steffen
p((. disable X.509 CRL/OCSP revocation check plugin [ _no_ ].
618 1 Andreas Steffen
619 36 Tobias Brunner
--disable-scepclient
620 36 Tobias Brunner
621 36 Tobias Brunner
p((. disable [[ScepClient|SCEP client]] tool [ _no_ ]. Separate option since [[5.2.0]], was included in _--disable-tools_ before.
622 36 Tobias Brunner
623 1 Andreas Steffen
--disable-scripts
624 1 Andreas Steffen
625 1 Andreas Steffen
p((. disable the build of additional utilities (found in directory scripts) [ _no_ ].
626 1 Andreas Steffen
627 1 Andreas Steffen
--disable-sha1
628 1 Andreas Steffen
629 16 Tobias Brunner
p((. disable default SHA-1 software implementation plugin [ _no_ ].
630 19 Tobias Brunner
631 16 Tobias Brunner
--disable-sha2
632 1 Andreas Steffen
633 1 Andreas Steffen
p((. disable default SHA-256/SHA-384/SHA-512 software implementation plugin [ _no_ ].
634 1 Andreas Steffen
635 1 Andreas Steffen
--disable-socket-default
636 1 Andreas Steffen
637 28 Tobias Brunner
p((. disable default socket implementation for charon [ _no_ ].
638 28 Tobias Brunner
639 28 Tobias Brunner
--disable-sshkey
640 28 Tobias Brunner
641 1 Andreas Steffen
p((. disable SSH key decoding plugin [ _no_ ]. Since [[5.1.0]].
642 1 Andreas Steffen
643 1 Andreas Steffen
--disable-stroke
644 1 Andreas Steffen
645 35 Tobias Brunner
p((. disable charon's stroke configuration backend [ _no_ ].
646 1 Andreas Steffen
647 1 Andreas Steffen
--disable-updown
648 1 Andreas Steffen
649 1 Andreas Steffen
p((. disable updown firewall script plugin [ _no_ ].  
650 1 Andreas Steffen
651 1 Andreas Steffen
--disable-x509
652 1 Andreas Steffen
653 19 Tobias Brunner
p((. disable default X.509 certificate implementation plugin [ _no_ ].
654 16 Tobias Brunner
655 20 Tobias Brunner
--disable-xauth-generic
656 16 Tobias Brunner
657 20 Tobias Brunner
p((. disable generic XAauth backend [ _no_ ].
658 1 Andreas Steffen
659 16 Tobias Brunner
--disable-xcbc
660 16 Tobias Brunner
661 16 Tobias Brunner
p((. disable default XCBC crypto implementation plugin [ _no_ ].
662 1 Andreas Steffen
663 1 Andreas Steffen
h2. --with options
664 1 Andreas Steffen
665 1 Andreas Steffen
--with-capabilities=LIBCAP
666 1 Andreas Steffen
667 1 Andreas Steffen
p((. set capability dropping library. Currently supported values are _libcap_ and _native_ [ _no_ ].
668 22 Tobias Brunner
669 22 Tobias Brunner
--with-charon-udp-port=PORT
670 22 Tobias Brunner
671 22 Tobias Brunner
p((. UDP port used by charon locally. Set to 0 to allocate randomly. [ _500_ ]
672 22 Tobias Brunner
673 22 Tobias Brunner
--with-charon-natt-port=PORT
674 22 Tobias Brunner
675 22 Tobias Brunner
p((. UDP port used by charon locally in case a NAT is detected (must be different from charon-udp-port). Set to 0 to allocate randomly. [ _4500_ ]
676 22 Tobias Brunner
677 22 Tobias Brunner
--with-dev-headers=DIR
678 22 Tobias Brunner
679 22 Tobias Brunner
p((. install strongSwan development headers to DIR [ _no_ ].
680 19 Tobias Brunner
681 27 Tobias Brunner
--with-fips-mode=MODE
682 27 Tobias Brunner
683 27 Tobias Brunner
p((. set OpenSSL FIPS mode: disabled (0), enabled (1), Suite B enabled (2) [ _0_ ].
684 27 Tobias Brunner
685 1 Andreas Steffen
--with-group=GROUP
686 16 Tobias Brunner
687 19 Tobias Brunner
p((. [[ReducedPrivileges|change group]] of the daemons to GROUP after startup [ _root_ ].
688 1 Andreas Steffen
689 1 Andreas Steffen
--with-imcvdir=IMCVDIR
690 1 Andreas Steffen
691 1 Andreas Steffen
p((. set the installation path of IMC and IMV dynamic libraries [ _IPSECLIBDIR/imcvs_ ].
692 1 Andreas Steffen
693 1 Andreas Steffen
--with-ipsecdir=IPSECDIR
694 16 Tobias Brunner
695 1 Andreas Steffen
p((. installation path for ipsec tools [ _LIBEXECDIR/ipsec_ ].
696 1 Andreas Steffen
697 1 Andreas Steffen
--with-ipseclibdir=IPSECLIBDIR
698 1 Andreas Steffen
699 1 Andreas Steffen
p((. installation path for ipsec libraries (libstrongswan, libhydra, libcharon etc.) [ _LIBDIR/ipsec_ ].
700 1 Andreas Steffen
701 20 Tobias Brunner
--with-ipsec-script=SCRIPTNAME
702 20 Tobias Brunner
703 20 Tobias Brunner
p((. change the name of the ipsec script [ _ipsec_].
704 20 Tobias Brunner
705 1 Andreas Steffen
--with-linux-headers=DIR
706 16 Tobias Brunner
707 1 Andreas Steffen
p((. linux header files to be used [ _../include_ ].
708 1 Andreas Steffen
709 19 Tobias Brunner
--with-mpz_powm_sec=YES|NO
710 19 Tobias Brunner
711 19 Tobias Brunner
p((. use the more side-channel resistant mpz_powm_sec in libgmp, if available [ _yes_ ].
712 19 Tobias Brunner
713 16 Tobias Brunner
--with-nm-ca-dir=NMCADIR
714 16 Tobias Brunner
715 20 Tobias Brunner
p((. directory the NM backend uses to look up trusted root certificates [ _/usr/share/ca-certificates_ ].
716 16 Tobias Brunner
717 1 Andreas Steffen
--with-piddir=DIR
718 1 Andreas Steffen
719 1 Andreas Steffen
p((. path for PID and UNIX socket files [ _/var/run_ ].
720 1 Andreas Steffen
721 1 Andreas Steffen
--with-plugindir=PLUGINDIR
722 1 Andreas Steffen
723 1 Andreas Steffen
p((. installation path for plugins [ _IPSECLIBDIR/plugins_ ].
724 34 Tobias Brunner
725 34 Tobias Brunner
--with-printf-hooks=IMPL
726 34 Tobias Brunner
727 34 Tobias Brunner
p((. force the use of a specific printf()-hook implementation (auto, builtin, glibc, vstr) [ _auto_ ], since [[5.1.3]].
728 16 Tobias Brunner
729 1 Andreas Steffen
--with-random-device=DEV
730 1 Andreas Steffen
731 16 Tobias Brunner
p((. set the device for true random data [ _/dev/random_ ].
732 1 Andreas Steffen
733 1 Andreas Steffen
--with-resolv-conf=FILE
734 1 Andreas Steffen
735 19 Tobias Brunner
p((. set the file to store DNS server information [ _SYSCONFDIR/resolv.conf_ ].
736 1 Andreas Steffen
737 1 Andreas Steffen
--with-routing-table=NUM
738 1 Andreas Steffen
739 1 Andreas Steffen
p((. routing table for IPsec source routes (set to 0 to use default routing table) [ _220_ ].
740 1 Andreas Steffen
741 19 Tobias Brunner
--with-routing-table-prio=PRIO
742 19 Tobias Brunner
743 19 Tobias Brunner
p((. priority for IPsec routing table [ _220_ ].
744 19 Tobias Brunner
745 19 Tobias Brunner
--with-strongswan-conf=FILE
746 19 Tobias Brunner
747 19 Tobias Brunner
p((. set the strongswan.conf file location [ _SYSCONFDIR/strongswan.conf_ ].
748 19 Tobias Brunner
749 1 Andreas Steffen
--with-systemdsystemunitdir=arg
750 1 Andreas Steffen
751 1 Andreas Steffen
p((. directory for systemd service files [ _$systemdsystemunitdir_default_ ].
752 35 Tobias Brunner
753 35 Tobias Brunner
--with-swanctldir=arg
754 35 Tobias Brunner
755 35 Tobias Brunner
p((. base directory for [[swanctl]] configuration files and credentials [ _SYSCONFDIR/swanctl_ ]. Since [[5.2.0]].
756 23 Tobias Brunner
757 23 Tobias Brunner
--with-tss=TSS
758 23 Tobias Brunner
759 23 Tobias Brunner
p((. set implementation of the Trusted Computing Group's Software Stack (TSS). Currently the only supported value is "trousers".
760 1 Andreas Steffen
761 1 Andreas Steffen
--with-urandom-device=DEV
762 1 Andreas Steffen
763 1 Andreas Steffen
p((. set the device for pseudo random data [ _/dev/urandom_ ].
764 1 Andreas Steffen
765 1 Andreas Steffen
--with-user=USER
766 1 Andreas Steffen
767 19 Tobias Brunner
p((. [[nonRoot|change user]] of the daemons to USER after startup [ _root_ ].