]>
Commit | Line | Data |
---|---|---|
53f8ac3d TB |
1 | ------------------------- |
2 | strongSwan - Installation | |
3 | ------------------------- | |
997358a6 MW |
4 | |
5 | ||
6 | Contents | |
7 | -------- | |
8 | ||
53f8ac3d TB |
9 | 1. Overview |
10 | 2. Required packages | |
11 | 3. Optional packages | |
12 | 3.1 HTTP fetcher | |
13 | 3.2 LDAP | |
14 | 3.3 Other pluggable modules | |
15 | 4. Kernel configuration | |
c0d63ac9 MW |
16 | |
17 | 1. Overview | |
18 | -------- | |
997358a6 | 19 | |
2015c469 TB |
20 | Since version 4.x strongSwan uses the GNU build system (Autotools). |
21 | This simplifies the build process and package maintenance. First, check for | |
22 | the availability of required packages on your system (section 2.). You may | |
23 | want to include support for additional features, which require other | |
24 | packages to be installed (section 3.). | |
25 | ||
c0d63ac9 | 26 | To compile an extracted tarball, run the ./configure script first: |
997358a6 | 27 | |
c0d63ac9 | 28 | ./configure |
997358a6 | 29 | |
c0d63ac9 MW |
30 | You may want to specify some arguments listed in section 3., or see the |
31 | available options of the script using "./configure --help". | |
997358a6 | 32 | |
c0d63ac9 | 33 | After a successful run of the script, run |
997358a6 | 34 | |
c0d63ac9 | 35 | make |
997358a6 | 36 | |
c0d63ac9 | 37 | followed by |
997358a6 | 38 | |
c0d63ac9 | 39 | make install |
997358a6 | 40 | |
c0d63ac9 | 41 | in the usual manner. |
997358a6 | 42 | |
2015c469 | 43 | To check if your kernel fulfills the requirements, see section 4. |
997358a6 | 44 | |
df18934d | 45 | Refer to README for configuration examples. |
997358a6 | 46 | |
997358a6 | 47 | |
c0d63ac9 MW |
48 | 2. Required packages |
49 | ----------------- | |
997358a6 | 50 | |
2015c469 TB |
51 | In order to be able to build strongSwan you'll need one of the following |
52 | cryptographic libraries: | |
53 | ||
df18934d TB |
54 | * The OpenSSL Cryptographic Library (libcrypto) |
55 | https://www.openssl.org | |
56 | * The wolfSSL Embedded TLS Library (libwolfssl) | |
57 | https://www.wolfssl.com | |
58 | * The Botan Crypto Library (libbotan) | |
59 | https://botan.randombit.net | |
2015c469 | 60 | * The GNU Multiprecision Arithmetic Library (GMP, libgmp) |
df18934d TB |
61 | https://gmplib.org |
62 | * The GNU Cryptographic Library (libgcrypt) | |
63 | https://www.gnupg.org | |
2015c469 TB |
64 | |
65 | If no other options are specified during ./configure libgmp will be used. | |
997358a6 | 66 | |
2015c469 TB |
67 | The libraries and the corresponding header files are usually included in |
68 | the form of one or two packages in the major Linux distributions (for GMP on | |
69 | Debian: libgmp3 and libgmp3-dev). | |
997358a6 | 70 | |
997358a6 | 71 | |
c0d63ac9 MW |
72 | 3. Optional packages |
73 | ----------------- | |
997358a6 | 74 | |
2015c469 TB |
75 | 3.1 HTTP Fetcher |
76 | ------------ | |
c0d63ac9 MW |
77 | |
78 | If you intend to dynamically fetch Certificate Revocation Lists (CRLs) | |
79 | from an HTTP server or as an alternative want to use the Online | |
2015c469 TB |
80 | Certificate Status Protocol (OCSP) then you will need the either of the |
81 | following libraries: | |
c0d63ac9 | 82 | |
2015c469 | 83 | * The cURL library (libcurl) |
df18934d | 84 | https://curl.se/libcurl/ |
2015c469 TB |
85 | * The LibSoup library (libsoup) |
86 | https://live.gnome.org/LibSoup | |
997358a6 | 87 | |
2015c469 TB |
88 | In order to activate the use of either of these libraries in strongSwan you |
89 | must enable the appropriate ./configure switch. | |
c0d63ac9 | 90 | |
997358a6 | 91 | |
2015c469 TB |
92 | 3.2 LDAP |
93 | ---- | |
997358a6 | 94 | |
c0d63ac9 MW |
95 | If you intend to dynamically fetch Certificate Revocation Lists (CRLs) |
96 | from an LDAP server then you will need the libldap library available | |
df18934d | 97 | from https://www.openldap.org/. |
997358a6 | 98 | |
c0d63ac9 MW |
99 | OpenLDAP is usually included with your Linux distribution. You will need |
100 | both the run-time and development environments (SuSE: openldap2, | |
101 | openldap2-devel). | |
997358a6 | 102 | |
c0d63ac9 MW |
103 | In order to activate the use of the libldap library in strongSwan you must |
104 | enable the ./configure switch: | |
997358a6 | 105 | |
53f8ac3d | 106 | ./configure [...] --enable-ldap |
997358a6 | 107 | |
2015c469 | 108 | LDAP Protocol version 2 is not supported anymore, --enable-ldap uses always |
c0d63ac9 | 109 | version 3 of the LDAP protocol |
997358a6 | 110 | |
997358a6 | 111 | |
2015c469 TB |
112 | 3.3 Other pluggable modules |
113 | ----------------------- | |
997358a6 | 114 | |
2015c469 TB |
115 | There are many other optional plugins that, for instance, provide support |
116 | for PKCS#11 or SQL databases. | |
df18934d | 117 | For a more detailed description of these refer to our documentation: |
997358a6 | 118 | |
df18934d | 119 | * https://docs.strongswan.org |
997358a6 | 120 | |
997358a6 | 121 | |
c0d63ac9 MW |
122 | 4. Kernel configuration |
123 | -------------------- | |
997358a6 | 124 | |
df18934d TB |
125 | Please make sure that the following IPsec-related Linux kernel modules are |
126 | available: | |
9820c0e2 | 127 | |
2015c469 | 128 | * esp4 |
df18934d | 129 | * esp6 |
2015c469 | 130 | * xfrm_user |
df18934d TB |
131 | |
132 | And for older kernels, mode-specific modules such as: | |
133 | ||
2015c469 | 134 | * xfrm4_tunnel |
df18934d | 135 | * xfrm4_mode_tunnel |
997358a6 | 136 | |
df18934d TB |
137 | These may be built into the kernel or as modules. Modules should get loaded |
138 | automatically if necessary. | |
997358a6 | 139 | |
df18934d TB |
140 | The built-in kernel Cryptoapi modules with selected encryption and |
141 | hash algorithms should also be available. | |
997358a6 | 142 | |
2015c469 TB |
143 | Support for multiple routing tables is also recommended. |
144 | ||
145 | For a more up-to-date list of recommended modules refer to: | |
146 | ||
df18934d | 147 | * https://docs.strongswan.org/docs/5.9/install/kernelModules.html |