1 -------------------------
2 strongSwan - Installation
3 -------------------------
14 3.3 Other pluggable modules
15 4. Kernel configuration
20 Since version 4.x strongSwan uses the GNU build system (Autotools).
21 This simplifies the build process and package maintenance. First, check for
22 the availability of required packages on your system (section 2.). You may
23 want to include support for additional features, which require other
24 packages to be installed (section 3.).
26 To compile an extracted tarball, run the ./configure script first:
30 You may want to specify some arguments listed in section 3., or see the
31 available options of the script using "./configure --help".
33 After a successful run of the script, run
43 To check if your kernel fulfills the requirements, see section 4.
45 Next add your connections to "/etc/ipsec.conf" and your secrets to
48 At last start strongSwan with
56 In order to be able to build strongSwan you'll need one of the following
57 cryptographic libraries:
59 * The GNU Multiprecision Arithmetic Library (GMP, libgmp)
61 * The OpenSSL cryptographic library (libcrypto)
62 http://www.openssl.org
63 * The GNU cryptographic library (libgcrypt)
66 If no other options are specified during ./configure libgmp will be used.
68 The libraries and the corresponding header files are usually included in
69 the form of one or two packages in the major Linux distributions (for GMP on
70 Debian: libgmp3 and libgmp3-dev).
79 If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
80 from an HTTP server or as an alternative want to use the Online
81 Certificate Status Protocol (OCSP) then you will need the either of the
84 * The cURL library (libcurl)
85 http://curl.haxx.se/libcurl/
86 * The LibSoup library (libsoup)
87 https://live.gnome.org/LibSoup
89 In order to activate the use of either of these libraries in strongSwan you
90 must enable the appropriate ./configure switch.
96 If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
97 from an LDAP server then you will need the libldap library available
98 from http://www.openldap.org/.
100 OpenLDAP is usually included with your Linux distribution. You will need
101 both the run-time and development environments (SuSE: openldap2,
104 In order to activate the use of the libldap library in strongSwan you must
105 enable the ./configure switch:
107 ./configure [...] --enable-ldap
109 LDAP Protocol version 2 is not supported anymore, --enable-ldap uses always
110 version 3 of the LDAP protocol
113 3.3 Other pluggable modules
114 -----------------------
116 There are many other optional plugins that, for instance, provide support
117 for PKCS#11 or SQL databases.
118 For a more detailed description of these refer to our wiki:
120 * http://wiki.strongswan.org
123 4. Kernel configuration
126 Since version 4.x strongSwan only supports 2.6.x and 3.x kernels and its
127 native NETKEY IPsec stack. Please make sure that the following IPsec kernel
128 modules are available:
137 These may be built into the kernel or as modules. Modules get loaded
138 automatically at strongSwan startup.
140 Also the built-in kernel Cryptoapi modules with selected encryption and
141 hash algorithms should be available.
143 Support for multiple routing tables is also recommended.
145 For a more up-to-date list of recommended modules refer to:
147 * http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules