Annotation of embedaddon/strongswan/INSTALL, revision 1.1
1.1 ! misho 1: -------------------------
! 2: strongSwan - Installation
! 3: -------------------------
! 4:
! 5:
! 6: Contents
! 7: --------
! 8:
! 9: 1. Overview
! 10: 2. Required packages
! 11: 3. Optional packages
! 12: 3.1 HTTP fetcher
! 13: 3.2 LDAP
! 14: 3.3 Other pluggable modules
! 15: 4. Kernel configuration
! 16:
! 17: 1. Overview
! 18: --------
! 19:
! 20: Since version 4.x strongSwan uses the GNU build system (Autotools).
! 21: This simplifies the build process and package maintenance. First, check for
! 22: the availability of required packages on your system (section 2.). You may
! 23: want to include support for additional features, which require other
! 24: packages to be installed (section 3.).
! 25:
! 26: To compile an extracted tarball, run the ./configure script first:
! 27:
! 28: ./configure
! 29:
! 30: You may want to specify some arguments listed in section 3., or see the
! 31: available options of the script using "./configure --help".
! 32:
! 33: After a successful run of the script, run
! 34:
! 35: make
! 36:
! 37: followed by
! 38:
! 39: make install
! 40:
! 41: in the usual manner.
! 42:
! 43: To check if your kernel fulfills the requirements, see section 4.
! 44:
! 45: Next add your connections to "/etc/ipsec.conf" and your secrets to
! 46: "/etc/ipsec.secrets".
! 47:
! 48: At last start strongSwan with
! 49:
! 50: ipsec start
! 51:
! 52:
! 53: 2. Required packages
! 54: -----------------
! 55:
! 56: In order to be able to build strongSwan you'll need one of the following
! 57: cryptographic libraries:
! 58:
! 59: * The GNU Multiprecision Arithmetic Library (GMP, libgmp)
! 60: http://www.gmplib.org
! 61: * The OpenSSL cryptographic library (libcrypto)
! 62: http://www.openssl.org
! 63: * The GNU cryptographic library (libgcrypt)
! 64: http://www.gnupg.org
! 65:
! 66: If no other options are specified during ./configure libgmp will be used.
! 67:
! 68: The libraries and the corresponding header files are usually included in
! 69: the form of one or two packages in the major Linux distributions (for GMP on
! 70: Debian: libgmp3 and libgmp3-dev).
! 71:
! 72:
! 73: 3. Optional packages
! 74: -----------------
! 75:
! 76: 3.1 HTTP Fetcher
! 77: ------------
! 78:
! 79: If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
! 80: from an HTTP server or as an alternative want to use the Online
! 81: Certificate Status Protocol (OCSP) then you will need the either of the
! 82: following libraries:
! 83:
! 84: * The cURL library (libcurl)
! 85: http://curl.haxx.se/libcurl/
! 86: * The LibSoup library (libsoup)
! 87: https://live.gnome.org/LibSoup
! 88:
! 89: In order to activate the use of either of these libraries in strongSwan you
! 90: must enable the appropriate ./configure switch.
! 91:
! 92:
! 93: 3.2 LDAP
! 94: ----
! 95:
! 96: If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
! 97: from an LDAP server then you will need the libldap library available
! 98: from http://www.openldap.org/.
! 99:
! 100: OpenLDAP is usually included with your Linux distribution. You will need
! 101: both the run-time and development environments (SuSE: openldap2,
! 102: openldap2-devel).
! 103:
! 104: In order to activate the use of the libldap library in strongSwan you must
! 105: enable the ./configure switch:
! 106:
! 107: ./configure [...] --enable-ldap
! 108:
! 109: LDAP Protocol version 2 is not supported anymore, --enable-ldap uses always
! 110: version 3 of the LDAP protocol
! 111:
! 112:
! 113: 3.3 Other pluggable modules
! 114: -----------------------
! 115:
! 116: There are many other optional plugins that, for instance, provide support
! 117: for PKCS#11 or SQL databases.
! 118: For a more detailed description of these refer to our wiki:
! 119:
! 120: * http://wiki.strongswan.org
! 121:
! 122:
! 123: 4. Kernel configuration
! 124: --------------------
! 125:
! 126: Since version 4.x strongSwan only supports 2.6.x and 3.x kernels and its
! 127: native NETKEY IPsec stack. Please make sure that the following IPsec kernel
! 128: modules are available:
! 129:
! 130: * af_key
! 131: * ah4
! 132: * esp4
! 133: * ipcomp
! 134: * xfrm_user
! 135: * xfrm4_tunnel
! 136:
! 137: These may be built into the kernel or as modules. Modules get loaded
! 138: automatically at strongSwan startup.
! 139:
! 140: Also the built-in kernel Cryptoapi modules with selected encryption and
! 141: hash algorithms should be available.
! 142:
! 143: Support for multiple routing tables is also recommended.
! 144:
! 145: For a more up-to-date list of recommended modules refer to:
! 146:
! 147: * http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
! 148:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to INSTALL CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan