Project

General

Profile

strongSwan Installation Documentation » History » Version 16

Version 15 (Andreas Steffen, 05.12.2007 20:35) → Version 16/59 (Martin Willi, 14.12.2007 11:01)

= strongSwan Installation Documentation =

== Live testing system ==
We have built a [wiki:OpenWRTDemo small test system] to run strongSwan without installation or configuration. It is based on a UML kernel, two small OpenWRT images and should run on any x86 Linux system out of the box.

== Distribution packages ==

There are currently packages for:
* [http://packages.debian.org/search?keywords=strongswan&searchon=names&suite=all&section=all Debian]
* [http://packages.ubuntu.com/cgi-bin/search_packages.pl?searchon=names&version=all&exact=1&keywords=strongswan Ubuntu]
* [http://software.opensuse.org/search?p=1&q=strongswan openSUSE]
* [http://packages.gentoo.org/search/?sstring=strongswan Gentoo]

== Compile yourself ==

===
Kernel requirements === ==
strongSwan should run on most distros' kernels. If you build your own kernel, include [wiki:KernelModules the required modules].

=== Building == Autoconf Options ==

strongSwan ===
We have changed
can be built with the buid system following '''./configure''' options:

'''--dir options'''

''--prefix=PREFIX''
where
to autotools put installation [''/usr/local'']. Most Linux distributions use ''"/usr"''.

''--libexecdir=LIBEXECDIR''
program executables [''PREFIX/libexec'']

''--sysconfdir=SYSCONFDIR''
where to put configuration files [''PREFIX/etc'']. We strongly recommend ''"/etc"''.

'''--enable options'''

''--enable-cisco-quirks''
enable support of Cisco VPN client [''no''].

''--enable-dbus''
enable DBUS configuration and control interface [''no'']. Requires libdbus.

''--enable-eap-sim''
build SIM authentication module
for EAP [''no''].

''--enable-http''
enable OCSP and fetching of certificates and CRLs over HTTP [''no'']. Requires libcurl.

''--enable-integrity-test''
enable
the 4.x releases. There integrity test of the crypto library [''no''].

''--enable-ldap''
enable fetching of CRLs from LDAP [''no'']. Requires OpenLDAP.

''--enable-leak-detective''
enable malloc hooks to find memory leaks [''no''].

''--enable-manager''
build the FastCGI-based strongSwan manager.

''--enable-nat-transport''
enable NAT traversal with IPsec transport mode [''no''].

''--enable-p2p''
enable peer-to-peer NAT traversal [''no''].

''--enable-smartcard''
enable smartcard support [''no''].

''--enable-uml''
build the UML test framework [''no''].

''--enable-xml''
enable XML configuration and control interface [''no'']. Requires libxml.

'''--disable options'''

''--disable-charon''
disable the build of the IKEv2 keying daemon charon [''no''].
You should set ''charonstart=no'' in ''ipsec.conf''
to prevent starter from launching charon.

''--disable-pluto''
disable the build of the IKEv1 keying daemon pluto [''no'']. The IKEv2 keying daemon
charon does not use a RAW socket, as only one daemon
is a growing [wiki:Autoconf list running.
You should set ''plutostart=no'' in ''ipsec.conf''
to prevent [wiki:IpsecStarter starter] from launching pluto.

''--disable-self-test''
disable the self-test
of autoconf options] available. The the crypto library [''no''].

''--disable-tools''
disable the
build procedure is as with any autotools project:
{{{
wget http://download.strongswan.org/strongswan-your-version.tar.bz2
tar jxvf strongswan-your-version.tar.bz2; cd strongswan-your-version
./configure --your-options
make
sudo make install
}}}
of additional ipsec utilites
(currently [wiki:ScepClient scepclient] and [wiki:OpenAc openac]) [''no''].

''--disable-vendor-id''
disable the sending of the strongSwan vendor ID [''no''].

''--disable-xauth-vid''
disable the sending of the XAUTH vendor ID [''no''].

'''--with options'''

''--with-backenddir=DIR''
path for pluggable configuration backend modules [''IPSECDIR/plugins/backends'']

''--with-default-pkcs11=LIB''
set the default PKCS11 library [''/usr/lib/opensc-pkcs11.so'']

''--with-eapdir=DIR''
path for pluggable EAP modules [''IPSECDIR/plugins/eap'']

''--with-gid=GID''
[wiki:nonRoot change group] of the daemons to GID after startup [''0'']

''--with-interfacedir=DIR''
path for pluggable control interface modules [''IPSECDIR/plugins/interfaces'']

''--with-ipsecdir=IPSECDIR''
installation path for ipsec tools [''LIBEXECDIR/ipsec'']

''--with-linux-headers=DIR''
linux header files to be used [''../include'']

''--with-piddir=DIR''
path for PID and UNIX socket files [''/var/run'']

''--with-random-device=DEV''
set the device for true random data [''/dev/random'']

''-with-resolv-conf=FILE''
set the file to store DNS server information [''SYSCONFDIR/resolv.conf'']

''--with-routing-table=NUM''
routing table for IPsec source routes [''220'']

''--with-routing-table-prio=PRIO''
priority for IPsec routing table [''220'']

''--with-sim-reader=LIB''
library containing the sim_run_alg() function for EAP-SIM []

''--with-uid=UID''
[wiki:nonRoot change user] of the daemons to UID after startup [''0'']

''--with-urandom-device=DEV''
set the device for pseudo random data [''/dev/urandom'']

''--with-xauth-module=LIB''
set the path to the XAUTH module []