                -------------------------
                strongSwan - Installation
                -------------------------


Contents
--------

    1.   Overview
    2.   Required packages
    3.   Optional packages
    3.1   HTTP fetcher
    3.2   LDAP
    3.3   Other pluggable modules
    4.   Kernel configuration

1.  Overview
    --------

    Since version 4.x strongSwan uses the GNU build system (Autotools).
    This simplifies the build process and package maintenance. First, check for
    the availability of required packages on your system (section 2.). You may
    want to include support for additional features, which require other
    packages to be installed (section 3.).

    To compile an extracted tarball, run the ./configure script first:

      ./configure

    You may want to specify some arguments listed in section 3., or see the
    available options of the script using "./configure --help".

    After a successful run of the script, run

      make

    followed by

      make install

    in the usual manner.

    To check if your kernel fulfills the requirements, see section 4.

    Refer to README for configuration examples.


2.  Required packages
    -----------------

    In order to be able to build strongSwan you'll need one of the following
    cryptographic libraries:

      * The OpenSSL Cryptographic Library (libcrypto)
        https://www.openssl.org
      * The wolfSSL Embedded TLS Library (libwolfssl)
        https://www.wolfssl.com
      * The Botan Crypto Library (libbotan)
        https://botan.randombit.net
      * The GNU Multiprecision Arithmetic Library (GMP, libgmp)
        https://gmplib.org
      * The GNU Cryptographic Library (libgcrypt)
        https://www.gnupg.org

    If no other options are specified during ./configure libgmp will be used.

    The libraries and the corresponding header files are usually included in
    the form of one or two packages in the major Linux distributions (for GMP on
    Debian: libgmp3 and libgmp3-dev).


3.  Optional packages
    -----------------

3.1 HTTP Fetcher
    ------------

    If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
    from an HTTP server or as an alternative want to use the Online
    Certificate Status Protocol (OCSP) then you will need the either of the
    following libraries:

      * The cURL library (libcurl)
        https://curl.se/libcurl/
      * The LibSoup library (libsoup)
        https://live.gnome.org/LibSoup

    In order to activate the use of either of these libraries in strongSwan you
    must enable the appropriate ./configure switch.


3.2 LDAP
    ----

    If you intend to dynamically fetch Certificate Revocation Lists (CRLs)
    from an LDAP server then you will need the libldap library available
    from https://www.openldap.org/.

    OpenLDAP is usually included  with your Linux distribution. You will need
    both the run-time and development environments (SuSE: openldap2,
    openldap2-devel).

    In order to activate the use of the libldap library in strongSwan you must
    enable the ./configure switch:

      ./configure [...] --enable-ldap

    LDAP Protocol version 2 is not supported anymore, --enable-ldap uses always
    version 3 of the LDAP protocol


3.3 Other pluggable modules
    -----------------------

    There are many other optional plugins that, for instance, provide support
    for PKCS#11 or SQL databases.
    For a more detailed description of these refer to our documentation:

      * https://docs.strongswan.org


4.  Kernel configuration
    --------------------

    Please make sure that the following IPsec-related Linux kernel modules are
    available:

      * esp4
      * esp6
      * xfrm_user

    And for older kernels, mode-specific modules such as:

      * xfrm4_tunnel
      * xfrm4_mode_tunnel

    These may be built into the kernel or as modules. Modules should get loaded
    automatically if necessary.

    The built-in kernel Cryptoapi modules with selected encryption and
    hash algorithms should also be available.

    Support for multiple routing tables is also recommended.

    For a more up-to-date list of recommended modules refer to:

      * https://docs.strongswan.org/docs/latest/install/kernelModules.html
