strongSwan Installation Documentation » History » Version 15

« Previous - Version 15/59 (diff) - Next » - Current version
Andreas Steffen, 05.12.2007 20:35
changed the position of the default value

= strongSwan Installation Documentation =

Kernel requirements
strongSwan should run on most distros' kernels. If you build your own kernel, include [wiki:KernelModules the required modules]. Autoconf Options

strongSwan can be built with the following '''./configure''' options:

'''--dir options'''

where to put installation [''/usr/local'']. Most Linux distributions use ''"/usr"''.

program executables [''PREFIX/libexec'']

where to put configuration files [''PREFIX/etc'']. We strongly recommend ''"/etc"''.

'''--enable options'''

enable support of Cisco VPN client [''no''].

enable DBUS configuration and control interface [''no'']. Requires libdbus.

build SIM authentication module for EAP [''no''].

enable OCSP and fetching of certificates and CRLs over HTTP [''no'']. Requires libcurl.

enable the integrity test of the crypto library [''no''].

enable fetching of CRLs from LDAP [''no'']. Requires OpenLDAP.

enable malloc hooks to find memory leaks [''no''].

build the FastCGI-based strongSwan manager.

enable NAT traversal with IPsec transport mode [''no''].

enable peer-to-peer NAT traversal [''no''].

enable smartcard support [''no''].

build the UML test framework [''no''].

enable XML configuration and control interface [''no'']. Requires libxml.

'''--disable options'''

disable the build of the IKEv2 keying daemon charon [''no''].
You should set ''charonstart=no'' in ''ipsec.conf''
to prevent starter from launching charon.

disable the build of the IKEv1 keying daemon pluto [''no'']. The IKEv2 keying daemon
charon does not use a RAW socket, as only one daemon is running.
You should set ''plutostart=no'' in ''ipsec.conf''
to prevent [wiki:IpsecStarter starter] from launching pluto.

disable the self-test of the crypto library [''no''].

disable the build of additional ipsec utilites
(currently [wiki:ScepClient scepclient] and [wiki:OpenAc openac]) [''no''].

disable the sending of the strongSwan vendor ID [''no''].

disable the sending of the XAUTH vendor ID [''no''].

'''--with options'''

path for pluggable configuration backend modules [''IPSECDIR/plugins/backends'']

set the default PKCS11 library [''/usr/lib/'']

path for pluggable EAP modules [''IPSECDIR/plugins/eap'']

[wiki:nonRoot change group] of the daemons to GID after startup [''0'']

path for pluggable control interface modules [''IPSECDIR/plugins/interfaces'']

installation path for ipsec tools [''LIBEXECDIR/ipsec'']

linux header files to be used [''../include'']

path for PID and UNIX socket files [''/var/run'']

set the device for true random data [''/dev/random'']

set the file to store DNS server information [''SYSCONFDIR/resolv.conf'']

routing table for IPsec source routes [''220'']

priority for IPsec routing table [''220'']

library containing the sim_run_alg() function for EAP-SIM []

[wiki:nonRoot change user] of the daemons to UID after startup [''0'']

set the device for pseudo random data [''/dev/urandom'']

set the path to the XAUTH module []