1 -------------------------
2 strongSwan - Installation
3 -------------------------
14 3.3 Other pluggable modules
15 4. Kernel configuration
20 Since version 4.x strongSwan uses the GNU build system (Autotools).
21 This simplifies the build process and package maintenance. First, check for
22 the availability of required packages on your system (section 2.). You may
23 want to include support for additional features, which require other
24 packages to be installed (section 3.).
26 To compile an extracted tarball, run the ./configure script first:
30 You may want to specify some arguments listed in section 3., or see the
31 available options of the script using "./configure --help".
33 After a successful run of the script, run
43 To check if your kernel fulfills the requirements, see section 4.
45 Refer to README for configuration examples.
51 In order to be able to build strongSwan you'll need one of the following
52 cryptographic libraries:
54 * The OpenSSL Cryptographic Library (libcrypto)
55 https://www.openssl.org
56 * The wolfSSL Embedded TLS Library (libwolfssl)
57 https://www.wolfssl.com
58 * The Botan Crypto Library (libbotan)
59 https://botan.randombit.net
60 * The GNU Multiprecision Arithmetic Library (GMP, libgmp)
62 * The GNU Cryptographic Library (libgcrypt)
65 If no other options are specified during ./configure libgmp will be used.
67 The libraries and the corresponding header files are usually included in
68 the form of one or two packages in the major Linux distributions (for GMP on
69 Debian: libgmp3 and libgmp3-dev).
78 If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
79 from an HTTP server or as an alternative want to use the Online
80 Certificate Status Protocol (OCSP) then you will need the either of the
83 * The cURL library (libcurl)
84 https://curl.se/libcurl/
85 * The LibSoup library (libsoup)
86 https://live.gnome.org/LibSoup
88 In order to activate the use of either of these libraries in strongSwan you
89 must enable the appropriate ./configure switch.
95 If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
96 from an LDAP server then you will need the libldap library available
97 from https://www.openldap.org/.
99 OpenLDAP is usually included with your Linux distribution. You will need
100 both the run-time and development environments (SuSE: openldap2,
103 In order to activate the use of the libldap library in strongSwan you must
104 enable the ./configure switch:
106 ./configure [...] --enable-ldap
108 LDAP Protocol version 2 is not supported anymore, --enable-ldap uses always
109 version 3 of the LDAP protocol
112 3.3 Other pluggable modules
113 -----------------------
115 There are many other optional plugins that, for instance, provide support
116 for PKCS#11 or SQL databases.
117 For a more detailed description of these refer to our documentation:
119 * https://docs.strongswan.org
122 4. Kernel configuration
125 Please make sure that the following IPsec-related Linux kernel modules are
132 And for older kernels, mode-specific modules such as:
137 These may be built into the kernel or as modules. Modules should get loaded
138 automatically if necessary.
140 The built-in kernel Cryptoapi modules with selected encryption and
141 hash algorithms should also be available.
143 Support for multiple routing tables is also recommended.
145 For a more up-to-date list of recommended modules refer to:
147 * https://docs.strongswan.org/docs/5.9/install/kernelModules.html