Autoconf options for strongSwan 4.6 releases¶
- Table of contents
- Autoconf options for strongSwan 4.6 releases
Please note: This page documents the ./configure options for the latest release of the 4.6 branch. The ./configure options for 5.0 releases are documented on a separate page. Anyway, you should always use ./configure --help to check which options are actually available for the release you are using.
--dir options¶
Some directories can be configure through --with options.
--prefix=PREFIX
where to put installation [ /usr/local ]. Most Linux distributions use "/usr".
--libexecdir=LIBEXECDIR
program executables [ PREFIX/libexec ]
--libdir=LIBDIR
shared libraries [ PREFIX/lib ]
--sysconfdir=SYSCONFDIR
where to put configuration files [ PREFIX/etc ]. We strongly recommend "/etc".
--enable options¶
The plugin list provides more information on specific plugins.
--enable-addrblock
enable RFC 3779 address block constraint support plugin.
--enable-af-alg
enable AF_ALG crypto interface to Linux Crypto API [ no ].
--enable-agent
enable the ssh-agent signing plugin [ no ].
--enable-android
enable the Android specific plugin [ no ].
--enable-attr-sql
enable the SQL based configuration attribute plugin [ no ].
This is a plugin for VPN gateways only, serving virtual IP addresses
--enable-blowfish
enable Blowfish software implementation plugin [ no ].
--enable-ccm
enable the CCM AEAD wrapper crypto plugin [ no ].
--enable-certexpire
enable CSV export of expiration dates of used certificates [ no ].
--enable-cisco-quirks
enable support of Cisco VPN client [ no ].
--enable-conftest
enforce Suite B conformance test framework [ no ].
--enable-coupling
enable IKEv2 plugin to couple peer certificates permanently to authentication [ no ].
--enable-ctr
enable the counter mode wrapper crypto plugin [ no ].
--enable-curl
enable plugin to fetch files (CRL/OCSP) via libcurl [ no ]. Requires libcurl.
--enable-dhcp
enable DHCP based attribute provider plugin. [ no ].
--enable-dumm
build the new UML test framework [ no ]. See DUMM.
--enable-duplicheck
enable advanced duplicate checking plugin using liveness checks [ no ].
--enable-eap-aka
build EAP AKA authentication module [ no ].
--enable-eap-aka-3gpp2
build EAP AKA backend module implementing 3GPP2 algorithm in software [ no ]. Requires libgmp.
--enable-eap-gtc
build PAM-based EAP GTC authentication module [ no ]
--enable-eap-identity
build EAP module providing EAP-Identity helper [ no ].
--enable-eap-md5
build EAP MD5 (CHAP) authentication module [ no ].
--enable-eap-mschapv2
enable EAP MS-CHAPv2 authentication module [ no ].
--enable-eap-peap
enable EAP PEAP authentication plugin [ no ].
--enable-eap-radius
enable RADIUS proxy authentication module for EAP [ no ].
--enable-eap-sim
enable EAP-SIM authentication module [ no ].
--enable-eap-sim-file
enable EAP-SIM back end based on a triplets file [ no ].
--enable-eap-sim-pcsc
enable EAP-SIM back end based on a smartcard reader [ no ]. Requires libpcsclite.
--enable-eap-simaka-pseudonym
enable EAP-SIM/AKA pseudonym storage [ no ].
--enable-eap-simaka-reauth
enable EAP-SIM/AKA reauthentication data storage [ no ].
--enable-eap-simaka-sql
enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database [ no ].
--enable-eap-tls
enable EAP TLS authentication plugin [ no ].
--enable-eap-tnc
enable EAP TNC trusted network connect plugin [ no ].
--enable-eap-ttls
enable EAP TTLS authentication plugin [ no ].
--enable-farp
enable ARP faking plugin that responds to ARP requests for virtual IPs assigned to peers [ no ].
--enable-fast
build libfast (FastCGI Application Server w/ templates) [ no ]. See libfast.
--enable-gcm
enable the GCM AEAD wrapper crypto plugin [ no ].
--enable-gcrypt
enable the libgcrypt plugin [ no ]. Requires the GNU Libgcrypt library.
--enable-ha
enable the high availability cluster plugin [ no ].
--enable-imc-attestation
enable IMC attestation modle [ no ].
--enable-imc-scanner
enable IMC port scanner module [ no ].
--enable-imc-test
enable IMC test module [ no ].
--enable-imv-attestation
enable IMV attestation module [ no ].
--enable-imv-scanner
enable IMV port scanner module [ no ].
--enable-imv-test
enable IMV test module [ no ].
--enable-integrity-test
enable integrity testing of the daemon, libraries and loaded plugins [ no ].
--enable-kernel-klips
enable the PF_KEYv2 KLIPS kernel interface [ no ].
--enable-kernel-pfkey
enable the PF_KEYv2 NETKEY kernel interface [ no ].
--enable-kernel-pfroute
enable the PF_ROUTE kernel interface [ no ]. Required for FreeBSD and Mac OS X.
--enable-ldap
enable LDAP fetcher to fetch files (CRLs) from an LDAP server [ no ]. Requires OpenLDAP.
--enable-leak-detective
enable malloc hooks to find memory leaks [ no ].
--enable-led
enable plugin to control LEDs on IKEv2 activity using the Linux kernel LED subsystem [ no ].
--enable-load-tester
enable load testing plugin for IKEv2 daemon [ no ].
--enable-lock-profiler
enable lock/mutex profiling code [ no ].
--enable-maemo
enable the Maemo specific plugin [ no ].
--enable-manager
build the strongSwan manager web application [ no ]. See Manager.
--enable-md4
enable MD4 software implementation plugin. Required for eap-mschapv2 plugin [ no ].
--enable-medcli
enable mediation client web front end and daemon plugin [ no ].
--enable-mediation
enable IKEv2 Mediation Extension [ no ].
--enable-medsrv
enable mediation server web front end and daemon plugin [ no ].
--enable-monolithic
build monolithic versions of libstrongswan, libhydra, and libcharon that include all enabled plugins [ no ].
--enable-mysql
enable MySQL database support [ no ]. Requires libmysqlclient_r.
--enable-nat-transport
enable NAT traversal with IPsec transport mode in pluto [ no ].
--enable-nm
enable the NetworkManager plugin [ no ].
--enable-openssl
enable the OpenSSL crypto plugin [ no ]. Requires libcrypto.so.0.9.8.
--enable-padlock
enable the padlock crypto plugin [ no ]. Requires a VIA Padlock crypto engine.
--enable-pkcs11
enable the PKCS#11 crypto token support plugin [ no ].
--enable-smartcard
enable smartcard support (only relevant for pluto and scepclient) [ no ].
--enable-smp
enable XML configuration and control interface [ no ]. Requires libxml. See SMP.
--enable-socket-dynamic
enable dynamic socket implementation for charon [ no ].
--enable-socket-raw
enable raw socket implementation for charon, enforced if pluto is enabled [ no ].
--enable-soup
enable soup fetcher plugin to fetch from HTTP URIs. [ no ]. Requires libsoup.
--enable-sql
enable SQL database configuration backend [ no ]. See SQL.
--enable-sqlite
enable SQLite database support [ no ]. Requires libsqlite3.
--enable-test-vectors
enable crypto test vectors plugin [ no ].
--enable-tnccs-11
enable TNCCS 1.1 protocol module [ no ]. Requires libxml2.
--enable-tnccs-20
enable TNCCS 2.0 protocol module [ no ].
--enable-tnccs-dynamic
enable dynamic TNCCS protocol discovery module [ no ].
--enable-tnc-ifmap
enable TNC IF-MAP module [ no ].
--enable-tnc-imc
enable TNC IMC integrity measurement collector module [ no ].
-enable-tnc-imv
enable TNC IMV integrity measurement verifier module [ no ].
--enable-uci
enable the OpenWRT UCI configuration plugin [ no ].
--enable-unit-tester
enable unit tests on IKEv2 daemon startup [ no ].
--enable-vstr
enforce the use of the Vstr string library to replace glibc-like printf hooks [ no ].
--enable-whitelist
enable peer identity whitelisting plugin [ no ].
--disable options¶
The plugin list provides more information on specific plugins.
--disable-adns
disable the use of adns in pluto (disables opportunistic encryption) [ no ].
--disable-aes
disable default AES software implementation plugin [ no ].
--disable-attr
disable strongswan.conf based configuration of DNS and WINS server attributes [ no ].
This is a plugin for VPN gateways only, serving internal DNS and WINS nameserver information.
--disable-charon
disable the build of the IKEv2 keying daemon charon [ no ].
--disable-constraints
disable advanced X.509 constraint checking plugin [ no ].
--disable-des
disable default DES/3DES software implementation plugin [ no ].
--disable-dnskey
disable DNS RR key decoding plugin [ no ].
--disable-fips-prf
disable default FIPS PRF software implementation plugin [ no ].
--disable-gmp
disable default GNU Multi Precision (libgmp) based public key cryptography implementation plugin [ no ].
--disable-hmac
disable default HMAC crypto implementation plugin [ no ].
--disable-kernel-netlink
disable default Netlink kernel interface [ no ].
--disable-load-warning
disable the charon/pluto plugin load option warning in starter [ no ]
--disable-md5
disable default MD5 software implementation plugin [ no ].
--disable-pem
disable PEM decoding plugin [ no ].
--disable-pgp
disable PGP key decoding plugin [ no ].
--disable-pkcs1
disable PKCS#1 key decoding plugin [ no ].
--disable-pkcs8
disable PKCS#8 private key decoding plugin [ no ].
--disable-pluto
disable the build of the IKEv1 keying daemon pluto [ no ].
The IKEv2 keying daemon charon does not use a RAW socket, as only one daemon is running.
--disable-pubkey
disable default RAW public key support plugin [ no ].
--disable-random
disable default RNG implementation using the raw /dev/(u)random devices [ no ].
--disable-resolve
disable writing DNS information received via configuration payload to /etc/resolv.conf [ no ].
This is a plugin for VPN clients only.
--disable-revocation
disable X.509 CRL/OCSP revocation check plugin [ no ].
--disable-scripts
disable the build of additional utilities (found in directory scripts) [ no ].
--disable-sha1
disable default SHA-1 software implementation plugin [ no ].
--disable-sha2
disable default SHA-256/SHA-384/SHA-512 software implementation plugin [ no ].
--disable-socket-default
disable default socket implementation for charon [ no ].
--disable-stroke
disable charons stroke (pluto compatibility) configuration backend [ no ].
--disable-tools
disable the build of additional ipsec utilites (currently scepclient, openac and pki) [ no ].
--disable-updown
disable updown firewall script plugin [ no ].
--disable-vendor-id
disable the sending of the strongSwan vendor ID [ no ].
--disable-x509
disable default X.509 certificate implementation plugin [ no ].
--disable-xauth
disable pluto's XAUTH plugin [ no ].
--disable-xauth-vid
disable the sending of the XAUTH vendor ID in pluto [ no ].
--disable-xcbc
disable default XCBC crypto implementation plugin [ no ].
--with options¶
--with-capabilities=LIBCAP
set capability dropping library. Currently supported values are libcap and native [ no ].
--with-default-pkcs11=LIB
set the default PKCS#11 library used by pluto [ /usr/lib/opensc-pkcs11.so ].
--with-group=GROUP
change group of the daemons to GROUP after startup [ root ].
--with-imcvdir=IMCVDIR
set the installation path of IMC and IMV dynamic libraries [ IPSECLIBDIR/imcvs ].
--with-ipsecdir=IPSECDIR
installation path for ipsec tools [ LIBEXECDIR/ipsec ].
--with-ipseclibdir=IPSECLIBDIR
installation path for ipsec libraries (libstrongswan, libhydra, libcharon etc.) [ LIBDIR/ipsec ].
--with-linux-headers=DIR
linux header files to be used [ ../include ].
--with-mpz_powm_sec=YES|NO
use the more side-channel resistant mpz_powm_sec in libgmp, if available [ yes ].
--with-nm-ca-dir=NMCADIR
directory the NM plugin uses to look up trusted root certificates [ /usr/share/ca-certificates ].
--with-piddir=DIR
path for PID and UNIX socket files [ /var/run ].
--with-plugindir=PLUGINDIR
installation path for plugins [ IPSECLIBDIR/plugins ].
--with-random-device=DEV
set the device for true random data [ /dev/random ].
--with-resolv-conf=FILE
set the file to store DNS server information [ SYSCONFDIR/resolv.conf ].
--with-routing-table=NUM
routing table for IPsec source routes (set to 0 to use default routing table) [ 220 ].
--with-routing-table-prio=PRIO
priority for IPsec routing table [ 220 ].
--with-strongswan-conf=FILE
set the strongswan.conf file location [ SYSCONFDIR/strongswan.conf ].
--with-systemdsystemunitdir=arg
directory for systemd service files [ $systemdsystemunitdir_default ].
--with-urandom-device=DEV
set the device for pseudo random data [ /dev/urandom ].
--with-user=USER
change user of the daemons to USER after startup [ root ].
--with-xauth-module=LIB
set the path to the XAUTH module used by pluto [].