File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / INSTALL
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Jun 3 09:46:43 2020 UTC (4 years ago) by misho
Branches: strongswan, MAIN
CVS tags: v5_9_2p0, v5_8_4p7, HEAD
Strongswan

    1:                 -------------------------
    2:                 strongSwan - Installation
    3:                 -------------------------
    4: 
    5: 
    6: Contents
    7: --------
    8: 
    9:     1.   Overview
   10:     2.   Required packages
   11:     3.   Optional packages
   12:     3.1   HTTP fetcher
   13:     3.2   LDAP
   14:     3.3   Other pluggable modules
   15:     4.   Kernel configuration
   16: 
   17: 1.  Overview
   18:     --------
   19: 
   20:     Since version 4.x strongSwan uses the GNU build system (Autotools).
   21:     This simplifies the build process and package maintenance. First, check for
   22:     the availability of required packages on your system (section 2.). You may
   23:     want to include support for additional features, which require other
   24:     packages to be installed (section 3.).
   25: 
   26:     To compile an extracted tarball, run the ./configure script first:
   27: 
   28:       ./configure
   29: 
   30:     You may want to specify some arguments listed in section 3., or see the
   31:     available options of the script using "./configure --help".
   32: 
   33:     After a successful run of the script, run
   34: 
   35:       make
   36: 
   37:     followed by
   38: 
   39:       make install
   40: 
   41:     in the usual manner.
   42: 
   43:     To check if your kernel fulfills the requirements, see section 4.
   44: 
   45:     Next add your connections to "/etc/ipsec.conf" and your secrets to
   46:     "/etc/ipsec.secrets".
   47: 
   48:     At last start strongSwan with
   49: 
   50:       ipsec start
   51: 
   52: 
   53: 2.  Required packages
   54:     -----------------
   55: 
   56:     In order to be able to build strongSwan you'll need one of the following
   57:     cryptographic libraries:
   58: 
   59:       * The GNU Multiprecision Arithmetic Library (GMP, libgmp)
   60:         http://www.gmplib.org
   61:       * The OpenSSL cryptographic library (libcrypto)
   62:         http://www.openssl.org
   63:       * The GNU cryptographic library (libgcrypt)
   64:         http://www.gnupg.org
   65: 
   66:     If no other options are specified during ./configure libgmp will be used.
   67: 
   68:     The libraries and the corresponding header files are usually included in
   69:     the form of one or two packages in the major Linux distributions (for GMP on
   70:     Debian: libgmp3 and libgmp3-dev).
   71: 
   72: 
   73: 3.  Optional packages
   74:     -----------------
   75: 
   76: 3.1 HTTP Fetcher
   77:     ------------
   78: 
   79:     If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
   80:     from an HTTP server or as an alternative want to use the Online
   81:     Certificate Status Protocol (OCSP) then you will need the either of the
   82:     following libraries:
   83: 
   84:       * The cURL library (libcurl)
   85:         http://curl.haxx.se/libcurl/
   86:       * The LibSoup library (libsoup)
   87:         https://live.gnome.org/LibSoup
   88: 
   89:     In order to activate the use of either of these libraries in strongSwan you
   90:     must enable the appropriate ./configure switch.
   91: 
   92: 
   93: 3.2 LDAP
   94:     ----
   95: 
   96:     If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
   97:     from an LDAP server then you will need the libldap library available
   98:     from http://www.openldap.org/.
   99: 
  100:     OpenLDAP is usually included  with your Linux distribution. You will need
  101:     both the run-time and development environments (SuSE: openldap2,
  102:     openldap2-devel).
  103: 
  104:     In order to activate the use of the libldap library in strongSwan you must
  105:     enable the ./configure switch:
  106: 
  107:       ./configure [...] --enable-ldap
  108: 
  109:     LDAP Protocol version 2 is not supported anymore, --enable-ldap uses always
  110:     version 3 of the LDAP protocol
  111: 
  112: 
  113: 3.3 Other pluggable modules
  114:     -----------------------
  115: 
  116:     There are many other optional plugins that, for instance, provide support
  117:     for PKCS#11 or SQL databases.
  118:     For a more detailed description of these refer to our wiki:
  119: 
  120:       * http://wiki.strongswan.org
  121: 
  122: 
  123: 4.  Kernel configuration
  124:     --------------------
  125: 
  126:     Since version 4.x strongSwan only supports 2.6.x and 3.x kernels and its
  127:     native NETKEY IPsec stack. Please make sure that the following IPsec kernel
  128:     modules are available:
  129: 
  130:       * af_key
  131:       * ah4
  132:       * esp4
  133:       * ipcomp
  134:       * xfrm_user
  135:       * xfrm4_tunnel
  136: 
  137:     These may be built into the kernel or as modules. Modules get loaded
  138:     automatically at strongSwan startup.
  139: 
  140:     Also the built-in kernel Cryptoapi modules with selected encryption and
  141:     hash algorithms should be available.
  142: 
  143:     Support for multiple routing tables is also recommended.
  144: 
  145:     For a more up-to-date list of recommended modules refer to:
  146: 
  147:       * http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
  148: 

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>