INSTALL

   1                 -------------------------
   2                 strongSwan - Installation
   3                 -------------------------
   4
   5
   6 Contents
   7 --------
   8
   9     1.   Overview
  10     2.   Required packages
  11     3.   Optional packages
  12     3.1   HTTP fetcher
  13     3.2   LDAP
  14     3.3   Other pluggable modules
  15     4.   Kernel configuration
  16
  17 1.  Overview
  18     --------
  19
  20     Since version 4.x strongSwan uses the GNU build system (Autotools).
  21     This simplifies the build process and package maintenance. First, check for
  22     the availability of required packages on your system (section 2.). You may
  23     want to include support for additional features, which require other
  24     packages to be installed (section 3.).
  25
  26     To compile an extracted tarball, run the ./configure script first:
  27
  28       ./configure
  29
  30     You may want to specify some arguments listed in section 3., or see the
  31     available options of the script using "./configure --help".
  32
  33     After a successful run of the script, run
  34
  35       make
  36
  37     followed by
  38
  39       make install
  40
  41     in the usual manner.
  42
  43     To check if your kernel fulfills the requirements, see section 4.
  44
  45     Refer to README for configuration examples.
  46
  47
  48 2.  Required packages
  49     -----------------
  50
  51     In order to be able to build strongSwan you'll need one of the following
  52     cryptographic libraries:
  53
  54       * The OpenSSL Cryptographic Library (libcrypto)
  55         https://www.openssl.org
  56       * The wolfSSL Embedded TLS Library (libwolfssl)
  57         https://www.wolfssl.com
  58       * The Botan Crypto Library (libbotan)
  59         https://botan.randombit.net
  60       * The GNU Multiprecision Arithmetic Library (GMP, libgmp)
  61         https://gmplib.org
  62       * The GNU Cryptographic Library (libgcrypt)
  63         https://www.gnupg.org
  64
  65     If no other options are specified during ./configure libgmp will be used.
  66
  67     The libraries and the corresponding header files are usually included in
  68     the form of one or two packages in the major Linux distributions (for GMP on
  69     Debian: libgmp3 and libgmp3-dev).
  70
  71
  72 3.  Optional packages
  73     -----------------
  74
  75 3.1 HTTP Fetcher
  76     ------------
  77
  78     If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
  79     from an HTTP server or as an alternative want to use the Online
  80     Certificate Status Protocol (OCSP) then you will need the either of the
  81     following libraries:
  82
  83       * The cURL library (libcurl)
  84         https://curl.se/libcurl/
  85       * The LibSoup library (libsoup)
  86         https://live.gnome.org/LibSoup
  87
  88     In order to activate the use of either of these libraries in strongSwan you
  89     must enable the appropriate ./configure switch.
  90
  91
  92 3.2 LDAP
  93     ----
  94
  95     If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
  96     from an LDAP server then you will need the libldap library available
  97     from https://www.openldap.org/.
  98
  99     OpenLDAP is usually included  with your Linux distribution. You will need
 100     both the run-time and development environments (SuSE: openldap2,
 101     openldap2-devel).
 102
 103     In order to activate the use of the libldap library in strongSwan you must
 104     enable the ./configure switch:
 105
 106       ./configure [...] --enable-ldap
 107
 108     LDAP Protocol version 2 is not supported anymore, --enable-ldap uses always
 109     version 3 of the LDAP protocol
 110
 111
 112 3.3 Other pluggable modules
 113     -----------------------
 114
 115     There are many other optional plugins that, for instance, provide support
 116     for PKCS#11 or SQL databases.
 117     For a more detailed description of these refer to our documentation:
 118
 119       * https://docs.strongswan.org
 120
 121
 122 4.  Kernel configuration
 123     --------------------
 124
 125     Please make sure that the following IPsec-related Linux kernel modules are
 126     available:
 127
 128       * esp4
 129       * esp6
 130       * xfrm_user
 131
 132     And for older kernels, mode-specific modules such as:
 133
 134       * xfrm4_tunnel
 135       * xfrm4_mode_tunnel
 136
 137     These may be built into the kernel or as modules. Modules should get loaded
 138     automatically if necessary.
 139
 140     The built-in kernel Cryptoapi modules with selected encryption and
 141     hash algorithms should also be available.
 142
 143     Support for multiple routing tables is also recommended.
 144
 145     For a more up-to-date list of recommended modules refer to:
 146
 147       * https://docs.strongswan.org/docs/5.9/install/kernelModules.html