strongSwan Installation Documentation » History » Version 16

Version 15 (Andreas Steffen, 05.12.2007 20:35) → Version 16/59 (Martin Willi, 14.12.2007 11:01)

= strongSwan Installation Documentation =

== Live testing system ==
We have built a [wiki:OpenWRTDemo small test system] to run strongSwan without installation or configuration. It is based on a UML kernel, two small OpenWRT images and should run on any x86 Linux system out of the box.

== Distribution packages ==

There are currently packages for:
* [ Debian]
* [ Ubuntu]
* [ openSUSE]
* [ Gentoo]

== Compile yourself ==

Kernel requirements === ==
strongSwan should run on most distros' kernels. If you build your own kernel, include [wiki:KernelModules the required modules].

=== Building == Autoconf Options ==

strongSwan ===
We have changed
can be built with the buid system following '''./configure''' options:

'''--dir options'''

to autotools put installation [''/usr/local'']. Most Linux distributions use ''"/usr"''.

program executables [''PREFIX/libexec'']

where to put configuration files [''PREFIX/etc'']. We strongly recommend ''"/etc"''.

'''--enable options'''

enable support of Cisco VPN client [''no''].

enable DBUS configuration and control interface [''no'']. Requires libdbus.

build SIM authentication module
for EAP [''no''].

enable OCSP and fetching of certificates and CRLs over HTTP [''no'']. Requires libcurl.

the 4.x releases. There integrity test of the crypto library [''no''].

enable fetching of CRLs from LDAP [''no'']. Requires OpenLDAP.

enable malloc hooks to find memory leaks [''no''].

build the FastCGI-based strongSwan manager.

enable NAT traversal with IPsec transport mode [''no''].

enable peer-to-peer NAT traversal [''no''].

enable smartcard support [''no''].

build the UML test framework [''no''].

enable XML configuration and control interface [''no'']. Requires libxml.

'''--disable options'''

disable the build of the IKEv2 keying daemon charon [''no''].
You should set ''charonstart=no'' in ''ipsec.conf''
to prevent starter from launching charon.

disable the build of the IKEv1 keying daemon pluto [''no'']. The IKEv2 keying daemon
charon does not use a RAW socket, as only one daemon
is a growing [wiki:Autoconf list running.
You should set ''plutostart=no'' in ''ipsec.conf''
to prevent [wiki:IpsecStarter starter] from launching pluto.

disable the self-test
of autoconf options] available. The the crypto library [''no''].

disable the
build procedure is as with any autotools project:
tar jxvf strongswan-your-version.tar.bz2; cd strongswan-your-version
./configure --your-options
sudo make install
of additional ipsec utilites
(currently [wiki:ScepClient scepclient] and [wiki:OpenAc openac]) [''no''].

disable the sending of the strongSwan vendor ID [''no''].

disable the sending of the XAUTH vendor ID [''no''].

'''--with options'''

path for pluggable configuration backend modules [''IPSECDIR/plugins/backends'']

set the default PKCS11 library [''/usr/lib/'']

path for pluggable EAP modules [''IPSECDIR/plugins/eap'']

[wiki:nonRoot change group] of the daemons to GID after startup [''0'']

path for pluggable control interface modules [''IPSECDIR/plugins/interfaces'']

installation path for ipsec tools [''LIBEXECDIR/ipsec'']

linux header files to be used [''../include'']

path for PID and UNIX socket files [''/var/run'']

set the device for true random data [''/dev/random'']

set the file to store DNS server information [''SYSCONFDIR/resolv.conf'']

routing table for IPsec source routes [''220'']

priority for IPsec routing table [''220'']

library containing the sim_run_alg() function for EAP-SIM []

[wiki:nonRoot change user] of the daemons to UID after startup [''0'']

set the device for pseudo random data [''/dev/urandom'']

set the path to the XAUTH module []