- import of strongswan-2.7.0

[thirdparty/strongswan.git] / linux / net / ipsec / defconfig

#
# RCSID $Id: defconfig,v 1.2 2004/03/22 21:53:19 as Exp $
#

#
# FreeS/WAN IPSec implementation, KLIPS kernel config defaults
#

#
# First, lets override stuff already set or not in the kernel config.
#
# We can't even think about leaving this off...
CONFIG_INET=y

#
# This must be on for subnet protection.
CONFIG_IP_FORWARD=y

# Shut off IPSEC masquerading if it has been enabled, since it will 
# break the compile.  IPPROTO_ESP and IPPROTO_AH were included in 
# net/ipv4/ip_masq.c when they should have gone into include/linux/in.h.
CONFIG_IP_MASQUERADE_IPSEC=n

#
# Next, lets set the recommended FreeS/WAN configuration.
#

# To config as static (preferred), 'y'.  To config as module, 'm'.
CONFIG_IPSEC=y

# To do tunnel mode IPSec, this must be enabled.
CONFIG_IPSEC_IPIP=y

# To enable authentication, say 'y'.   (Highly recommended)
CONFIG_IPSEC_AH=y

# Authentication algorithm(s):
CONFIG_IPSEC_AUTH_HMAC_MD5=y
CONFIG_IPSEC_AUTH_HMAC_SHA1=y

# To enable encryption, say 'y'.   (Highly recommended)
CONFIG_IPSEC_ESP=y

# Encryption algorithm(s):
CONFIG_IPSEC_ENC_3DES=y

# modular algo extensions (and new ALGOs)
CONFIG_IPSEC_ALG=y
CONFIG_IPSEC_ALG_3DES=m
CONFIG_IPSEC_ALG_AES=m
CONFIG_IPSEC_ALG_TWOFISH=m
CONFIG_IPSEC_ALG_BLOWFISH=m
CONFIG_IPSEC_ALG_SERPENT=m
CONFIG_IPSEC_ALG_MD5=m
CONFIG_IPSEC_ALG_SHA1=m
CONFIG_IPSEC_ALG_SHA2=m
#CONFIG_IPSEC_ALG_CAST=n
#CONFIG_IPSEC_ALG_NULL=n

# Use CryptoAPI for ALG?
CONFIG_IPSEC_ALG_CRYPTOAPI=m


# IP Compression: new, probably still has minor bugs.
CONFIG_IPSEC_IPCOMP=y

# To enable userspace-switchable KLIPS debugging, say 'y'.
CONFIG_IPSEC_DEBUG=y

# NAT Traversal
CONFIG_IPSEC_NAT_TRAVERSAL=y

#
#
# $Log: defconfig,v $
# Revision 1.2  2004/03/22 21:53:19  as
# merged alg-0.8.1 branch with HEAD
#
# Revision 1.1.2.1.2.1  2004/03/16 09:48:19  as
# alg-0.8.1rc12 patch merged
#
# Revision 1.1.2.1  2004/03/15 22:30:06  as
# nat-0.6c patch merged
#
# Revision 1.1  2004/03/15 20:35:26  as
# added files from freeswan-2.04-x509-1.5.3
#
# Revision 1.22  2003/02/24 19:37:27  mcr
#       changed default compilation mode to static.
#
# Revision 1.21  2002/04/24 07:36:27  mcr
# Moved from ./klips/net/ipsec/defconfig,v
#
# Revision 1.20  2002/04/02 04:07:40  mcr
#       default build is now 'm'odule for KLIPS
#
# Revision 1.19  2002/03/08 18:57:17  rgb
# Added a blank line at the beginning of the file to make it easier for
# other projects to patch ./arch/i386/defconfig, for example
# LIDS+grSecurity requested by Jason Pattie.
#
# Revision 1.18  2000/11/30 17:26:56  rgb
# Cleaned out unused options and enabled ipcomp by default.
#
# Revision 1.17  2000/09/15 11:37:01  rgb
# Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
# IPCOMP zlib deflate code.
#
# Revision 1.16  2000/09/08 19:12:55  rgb
# Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
#
# Revision 1.15  2000/05/24 19:37:13  rgb
# *** empty log message ***
#
# Revision 1.14  2000/05/11 21:14:57  henry
# just commenting the FOOBAR=y lines out is not enough
#
# Revision 1.13  2000/05/10 20:17:58  rgb
# Comment out netlink defaults, which are no longer needed.
#
# Revision 1.12  2000/05/10 19:13:38  rgb
# Added configure option to shut off no eroute passthrough.
#
# Revision 1.11  2000/03/16 07:09:46  rgb
# Hardcode PF_KEYv2 support.
# Disable IPSEC_ICMP by default.
# Remove DES config option from defaults file.
#
# Revision 1.10  2000/01/11 03:09:42  rgb
# Added a default of 'y' to PF_KEYv2 keying I/F.
#
# Revision 1.9  1999/05/08 21:23:12  rgb
# Added support for 2.2.x kernels.
#
# Revision 1.8  1999/04/06 04:54:25  rgb
# Fix/Add RCSID Id: and Log: bits to make PHMDs happy.  This includes
# patch shell fixes.
#
#