Annotation of embedaddon/strongswan/INSTALL, revision 1.1.1.1
1.1 misho 1: -------------------------
2: strongSwan - Installation
3: -------------------------
4:
5:
6: Contents
7: --------
8:
9: 1. Overview
10: 2. Required packages
11: 3. Optional packages
12: 3.1 HTTP fetcher
13: 3.2 LDAP
14: 3.3 Other pluggable modules
15: 4. Kernel configuration
16:
17: 1. Overview
18: --------
19:
20: Since version 4.x strongSwan uses the GNU build system (Autotools).
21: This simplifies the build process and package maintenance. First, check for
22: the availability of required packages on your system (section 2.). You may
23: want to include support for additional features, which require other
24: packages to be installed (section 3.).
25:
26: To compile an extracted tarball, run the ./configure script first:
27:
28: ./configure
29:
30: You may want to specify some arguments listed in section 3., or see the
31: available options of the script using "./configure --help".
32:
33: After a successful run of the script, run
34:
35: make
36:
37: followed by
38:
39: make install
40:
41: in the usual manner.
42:
43: To check if your kernel fulfills the requirements, see section 4.
44:
45: Next add your connections to "/etc/ipsec.conf" and your secrets to
46: "/etc/ipsec.secrets".
47:
48: At last start strongSwan with
49:
50: ipsec start
51:
52:
53: 2. Required packages
54: -----------------
55:
56: In order to be able to build strongSwan you'll need one of the following
57: cryptographic libraries:
58:
59: * The GNU Multiprecision Arithmetic Library (GMP, libgmp)
60: http://www.gmplib.org
61: * The OpenSSL cryptographic library (libcrypto)
62: http://www.openssl.org
63: * The GNU cryptographic library (libgcrypt)
64: http://www.gnupg.org
65:
66: If no other options are specified during ./configure libgmp will be used.
67:
68: The libraries and the corresponding header files are usually included in
69: the form of one or two packages in the major Linux distributions (for GMP on
70: Debian: libgmp3 and libgmp3-dev).
71:
72:
73: 3. Optional packages
74: -----------------
75:
76: 3.1 HTTP Fetcher
77: ------------
78:
79: If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
80: from an HTTP server or as an alternative want to use the Online
81: Certificate Status Protocol (OCSP) then you will need the either of the
82: following libraries:
83:
84: * The cURL library (libcurl)
85: http://curl.haxx.se/libcurl/
86: * The LibSoup library (libsoup)
87: https://live.gnome.org/LibSoup
88:
89: In order to activate the use of either of these libraries in strongSwan you
90: must enable the appropriate ./configure switch.
91:
92:
93: 3.2 LDAP
94: ----
95:
96: If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
97: from an LDAP server then you will need the libldap library available
98: from http://www.openldap.org/.
99:
100: OpenLDAP is usually included with your Linux distribution. You will need
101: both the run-time and development environments (SuSE: openldap2,
102: openldap2-devel).
103:
104: In order to activate the use of the libldap library in strongSwan you must
105: enable the ./configure switch:
106:
107: ./configure [...] --enable-ldap
108:
109: LDAP Protocol version 2 is not supported anymore, --enable-ldap uses always
110: version 3 of the LDAP protocol
111:
112:
113: 3.3 Other pluggable modules
114: -----------------------
115:
116: There are many other optional plugins that, for instance, provide support
117: for PKCS#11 or SQL databases.
118: For a more detailed description of these refer to our wiki:
119:
120: * http://wiki.strongswan.org
121:
122:
123: 4. Kernel configuration
124: --------------------
125:
126: Since version 4.x strongSwan only supports 2.6.x and 3.x kernels and its
127: native NETKEY IPsec stack. Please make sure that the following IPsec kernel
128: modules are available:
129:
130: * af_key
131: * ah4
132: * esp4
133: * ipcomp
134: * xfrm_user
135: * xfrm4_tunnel
136:
137: These may be built into the kernel or as modules. Modules get loaded
138: automatically at strongSwan startup.
139:
140: Also the built-in kernel Cryptoapi modules with selected encryption and
141: hash algorithms should be available.
142:
143: Support for multiple routing tables is also recommended.
144:
145: For a more up-to-date list of recommended modules refer to:
146:
147: * http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
148:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to INSTALL CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan