strongSwan on FreeBSD » History » Version 1
strongSwan on FreeBSD¶
This document describes how to install strongSwan on FreeBSD 7.2.
The generic FreeBSD kernel does not come with IPsec support. So you will have to compile your own kernel.
Also, the kernel sources do not include NAT traversal. If you need that, you'll have to apply a patch.
Then you will also need some additional packages to compile strongSwan.
Basic information on how to build a custom kernel can be found in the FreeBSD Handbook.
You'll need to add the following options to your kernel configuration files:
options IPSEC device crypto
If you need NAT Traversal, apply one of the patches provided by Yvan Vanhullebus.
Our test-system was installed using the Developer and Kern-Developer distributions in sysinstall. So there are maybe additional packages required on your system.
The packages required to build strongSwan are as follows:
- Build system:
- bison is required because our parsers are not fully YACC compatible.
- Although FreeBSD supports the GNU specific register_printf_function function, the implementation in the C library contains a bug that prevents this from working in a multi-thread program. Therefore the vstr string library is required.
- libgcrypt is required because our configure script depends on some M4 macros provided by it.
Get the latest tarball and configure strongSwan as follows:
./configure --enable-kernel-pfkey --enable-kernel-pfroute --disable-kernel-netlink --enable-vstr --disable-tools --disable-pluto --with-lib-prefix=/usr/local
- Due to the lack of policy based routes, virtual IPs can not be used (client-side).
- The kernel interface misses some last