Project

General

Profile

strongSwan on FreeBSD » History » Version 1

Tobias Brunner, 14.07.2009 15:20
Started How-To for FreeBSD

1 1 Tobias Brunner
h1. strongSwan on FreeBSD
2 1 Tobias Brunner
3 1 Tobias Brunner
The IKEv2 daemon charon has recently been ported to "FreeBSD":http://www.freebsd.org. There are some [[FreeBSD#Limitations|limitations]] and it is not thoroughly tested.
4 1 Tobias Brunner
5 1 Tobias Brunner
This document describes how to install strongSwan on FreeBSD 7.2.
6 1 Tobias Brunner
7 1 Tobias Brunner
h2. Prepare FreeBSD
8 1 Tobias Brunner
9 1 Tobias Brunner
The generic FreeBSD kernel does not come with IPsec support. So you will have to compile your own kernel.
10 1 Tobias Brunner
Also, the kernel sources do not include NAT traversal. If you need that, you'll have to apply a patch.
11 1 Tobias Brunner
Then you will also need some additional packages to compile strongSwan.
12 1 Tobias Brunner
13 1 Tobias Brunner
h3. The Kernel
14 1 Tobias Brunner
15 1 Tobias Brunner
Basic information on how to build a custom kernel can be found in the "FreeBSD Handbook":http://www.freebsd.org/doc/handbook/.
16 1 Tobias Brunner
17 1 Tobias Brunner
You'll need to add the following options to your kernel configuration files:
18 1 Tobias Brunner
19 1 Tobias Brunner
<pre>
20 1 Tobias Brunner
options   IPSEC
21 1 Tobias Brunner
device    crypto
22 1 Tobias Brunner
</pre>
23 1 Tobias Brunner
24 1 Tobias Brunner
If you need NAT Traversal, apply one of the "patches":http://vanhu.free.fr/FreeBSD/ provided by Yvan Vanhullebus.
25 1 Tobias Brunner
26 1 Tobias Brunner
h3. Install Packages
27 1 Tobias Brunner
28 1 Tobias Brunner
Our test-system was installed using the Developer and Kern-Developer distributions in sysinstall. So there are maybe additional packages required on your system.
29 1 Tobias Brunner
30 1 Tobias Brunner
The packages required to build strongSwan are as follows:
31 1 Tobias Brunner
32 1 Tobias Brunner
* Build system:
33 1 Tobias Brunner
** automake110
34 1 Tobias Brunner
** automake-wrapper
35 1 Tobias Brunner
** autoconf262
36 1 Tobias Brunner
** autoconf-wrapper
37 1 Tobias Brunner
** libtool
38 1 Tobias Brunner
** bison
39 1 Tobias Brunner
* Libraries
40 1 Tobias Brunner
** vstr
41 1 Tobias Brunner
** libgmp
42 1 Tobias Brunner
** libgcrypt
43 1 Tobias Brunner
44 1 Tobias Brunner
Notes:
45 1 Tobias Brunner
* *bison* is required because our parsers are not fully YACC compatible.
46 1 Tobias Brunner
* Although FreeBSD supports the GNU specific register_printf_function function, the implementation in the C library contains a "bug":http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/133776 that prevents this from working in a multi-thread program. Therefore the *vstr* string library is required.
47 1 Tobias Brunner
* *libgcrypt* is required because our configure script depends on some M4 macros provided by it.
48 1 Tobias Brunner
49 1 Tobias Brunner
h2. Building strongSwan
50 1 Tobias Brunner
51 1 Tobias Brunner
Get the latest tarball and configure strongSwan as follows:
52 1 Tobias Brunner
53 1 Tobias Brunner
<pre>
54 1 Tobias Brunner
./configure --enable-kernel-pfkey --enable-kernel-pfroute --disable-kernel-netlink --enable-vstr --disable-tools --disable-pluto --with-lib-prefix=/usr/local
55 1 Tobias Brunner
</pre>
56 1 Tobias Brunner
57 1 Tobias Brunner
58 1 Tobias Brunner
59 1 Tobias Brunner
60 1 Tobias Brunner
h2. Limitations
61 1 Tobias Brunner
62 1 Tobias Brunner
* Due to the lack of policy based routes, virtual IPs can not be used (client-side).
63 1 Tobias Brunner
* The kernel interface misses some last