strongSwan Installation Documentation

Distribution packages

There are currently packages for:

Compile yourself

Linux Kernel requirements

strongSwan should run on most distros' kernels. If you build your own kernel, include the required modules.

Building strongSwan

The GNU build system (Autotools) is used to build strongSwan.

There is an ever growing list of configure options available (note that many of these are enabled by default, and please check ./configure --help for the options actually available for your release).

Refer to the list of plugins to learn more about the plugins enabled with the above options.

Note: Some plugins have dependencies on third-party libraries. To compile such plugins the header files of those libraries are required. Make sure these are installed on your system, e.g. by installing the appropriate -dev package on Debian-based systems. Otherwise, the configure script will complain that it can't find the library or header files.

The build procedure is as with any autotools project:

  1. Download strongSwan:
  2. Unpack the tarball, navigate into the directory:
     tar xjvf strongswan-x.x.x.tar.bz2; cd strongswan-x.x.x
  3. Configure strongSwan using some of the available options (refer to ./configure --help):
     ./configure --prefix=/usr --sysconfdir=/etc --<your-options>
  4. Build the sources and install the binaries as root:
     sudo make install

Building strongSwan from the Git repository

To build strongSwan from the Git repository additional tools and steps are required, check source:HACKING for details.

Building strongSwan on other platforms

Monolithic Builds

Plugins can be included in their associated library in a so called monolithic build (--enable-monolithic). That way it's not necessary to
distribute separate shared object files for each plugin but only the major libraries and executables. The plugins that are loaded at runtime
may still be controlled with the options described here.

Static Builds

Since 5.5.3, a static build that only relies on third-party libraries, i.e. in which our own libraries and plugins are all statically linked into the
executables, can be achieved by configuring with --disable-shared --enable-static --enable-monolithic.

Including third-party static libraries requires manual modification of the Makefiles due to limitations of our build system (see the Makefile
for the fuzzzing targets for an example, source:fuzz/

Configuration Management for strongSwan

If you use CM to manage software, there are some options available to help configure strongSwan.


Useful cookbooks include:


Useful modules include: