INSTALL

   1                  ---------------------------
   2                   strongSwan - Installation
   3                  ---------------------------
   4
   5
   6 Contents
   7 --------
   8
   9    1.   Overview
  10    2.   Required packages
  11    3.   Optional packages
  12    3.1   HTTP fetcher
  13    3.2   LDAP
  14    3.3   Other pluggable modules
  15    4.   Kernel configuration
  16
  17 1.  Overview
  18     --------
  19
  20     Since version 4.x strongSwan uses the GNU build system (Autotools).
  21     This simplifies the build process and package maintenance. First, check for
  22     the availability of required packages on your system (section 2.). You may
  23     want to include support for additional features, which require other
  24     packages to be installed (section 3.).
  25
  26     To compile an extracted tarball, run the ./configure script first:
  27
  28       ./configure
  29
  30     You may want to specify some arguments listed in section 3., or see the
  31     available options of the script using "./configure --help".
  32
  33     After a successful run of the script, run
  34
  35       make
  36
  37     followed by
  38
  39       make install
  40
  41     in the usual manner.
  42
  43     To check if your kernel fulfills the requirements, see section 4.
  44
  45     Next add your connections to "/etc/ipsec.conf" and your secrets to
  46     "/etc/ipsec.secrets".
  47
  48     At last start strongSwan with
  49
  50       ipsec start
  51
  52
  53 2.  Required packages
  54     -----------------
  55
  56     In order to be able to build strongSwan you'll need one of the following
  57     cryptographic libraries:
  58
  59       * The GNU Multiprecision Arithmetic Library (GMP, libgmp)
  60         http://www.gmplib.org
  61       * The OpenSSL cryptographic library (libcrypto)
  62         http://www.openssl.org
  63       * The GNU cryptographic library (libgcrypt)
  64         http://www.gnupg.org
  65
  66     If no other options are specified during ./configure libgmp will be used.
  67
  68     The libraries and the corresponding header files are usually included in
  69     the form of one or two packages in the major Linux distributions (for GMP on
  70     Debian: libgmp3 and libgmp3-dev).
  71
  72
  73 3.  Optional packages
  74     -----------------
  75
  76 3.1 HTTP Fetcher
  77     ------------
  78
  79     If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
  80     from an HTTP server or as an alternative want to use the Online
  81     Certificate Status Protocol (OCSP) then you will need the either of the
  82     following libraries:
  83
  84       * The cURL library (libcurl)
  85         http://curl.haxx.se/libcurl/
  86       * The LibSoup library (libsoup)
  87         https://live.gnome.org/LibSoup
  88
  89     In order to activate the use of either of these libraries in strongSwan you
  90     must enable the appropriate ./configure switch.
  91
  92
  93 3.2 LDAP
  94     ----
  95
  96     If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
  97     from an LDAP server then you will need the libldap library available
  98     from http://www.openldap.org/.
  99
 100     OpenLDAP is usually included  with your Linux distribution. You will need
 101     both the run-time and development environments (SuSE: openldap2,
 102     openldap2-devel).
 103
 104     In order to activate the use of the libldap library in strongSwan you must
 105     enable the ./configure switch:
 106
 107        ./configure [...] --enable-ldap
 108
 109     LDAP Protocol version 2 is not supported anymore, --enable-ldap uses always
 110     version 3 of the LDAP protocol
 111
 112
 113 3.3 Other pluggable modules
 114     -----------------------
 115
 116     There are many other optional plugins that, for instance, provide support
 117     for PKCS#11 or SQL databases.
 118     For a more detailed description of these refer to our wiki:
 119
 120       * http://wiki.strongswan.org
 121
 122
 123 4.  Kernel configuration
 124     --------------------
 125
 126     Since version 4.x strongSwan only supports 2.6.x and 3.x kernels and its
 127     native NETKEY IPsec stack. Please make sure that the following IPsec kernel
 128     modules are available:
 129
 130       * af_key
 131       * ah4
 132       * esp4
 133       * ipcomp
 134       * xfrm_user
 135       * xfrm4_tunnel
 136
 137     These may be built into the kernel or as modules. Modules get loaded
 138     automatically at strongSwan startup.
 139
 140     Also the built-in kernel Cryptoapi modules with selected encryption and
 141     hash algorithms should be available.
 142
 143     Support for multiple routing tables is also recommended.
 144
 145     For a more up-to-date list of recommended modules refer to:
 146
 147      * http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
 148