comment "strongswan needs a toolchain w/ threads, dynamic library"
|
depends on BR2_USE_MMU
|
depends on BR2_TOOLCHAIN_HAS_ATOMIC
|
depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
|
|
menuconfig BR2_PACKAGE_STRONGSWAN
|
bool "strongswan"
|
depends on BR2_USE_MMU # fork()
|
depends on BR2_TOOLCHAIN_HAS_THREADS
|
depends on BR2_TOOLCHAIN_HAS_ATOMIC
|
depends on !BR2_STATIC_LIBS
|
help
|
strongSwan is an OpenSource IPsec implementation for the
|
Linux operating system. It is based on the discontinued
|
FreeS/WAN project and the X.509 patch.
|
|
The focus is on:
|
- simplicity of configuration
|
- strong encryption and authentication methods
|
- powerful IPsec policies supporting large and complex
|
VPN networks
|
|
strongSwan provide many plugins. Only a few are presented
|
here.
|
|
http://www.strongswan.org/
|
|
if BR2_PACKAGE_STRONGSWAN
|
|
choice
|
prompt "Cryptographic backend"
|
default BR2_PACKAGE_STRONGSWAN_GMP
|
|
config BR2_PACKAGE_STRONGSWAN_OPENSSL
|
bool "OpenSSL"
|
select BR2_PACKAGE_OPENSSL
|
|
config BR2_PACKAGE_STRONGSWAN_GCRYPT
|
bool "libgcrypt"
|
depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgcrypt
|
select BR2_PACKAGE_LIBGCRYPT
|
|
config BR2_PACKAGE_STRONGSWAN_GMP
|
bool "GNU MP (libgmp)"
|
select BR2_PACKAGE_GMP
|
|
endchoice
|
|
config BR2_PACKAGE_STRONGSWAN_AF_ALG
|
bool "Enable AF_ALG crypto interface to Linux Crypto API"
|
|
config BR2_PACKAGE_STRONGSWAN_CURL
|
bool "Enable CURL fetcher plugin to fetch files via libcurl"
|
select BR2_PACKAGE_LIBCURL
|
|
config BR2_PACKAGE_STRONGSWAN_CHARON
|
bool "Enable the IKEv1/IKEv2 keying daemon charon"
|
default y
|
|
if BR2_PACKAGE_STRONGSWAN_CHARON
|
|
config BR2_PACKAGE_STRONGSWAN_TNCCS_11
|
bool "Enable TNCCS 1.1 protocol module"
|
select BR2_PACKAGE_LIBXML2
|
|
config BR2_PACKAGE_STRONGSWAN_TNCCS_20
|
bool "Enable TNCCS 2.0 protocol module"
|
|
config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
|
bool "Enable dynamic TNCCS protocol discovery module"
|
|
config BR2_PACKAGE_STRONGSWAN_EAP
|
bool "Enable EAP protocols"
|
help
|
Enable various EAP protocols:
|
- mschapv2
|
- tls
|
- ttls
|
- peap
|
- sim
|
- sim-file
|
- aka
|
- aka-3gpp2
|
- simaka-sql
|
- simaka-pseudonym
|
- simaka-reauth
|
- identity
|
- md5
|
- gtc
|
- tnc
|
- dynamic
|
- radius
|
|
if BR2_PACKAGE_STRONGSWAN_EAP
|
|
config BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC
|
bool "Enable EAP-SIM smart card backend"
|
depends on !BR2_STATIC_LIBS # pcsc-lite
|
select BR2_PACKAGE_PCSC_LITE
|
|
endif
|
|
config BR2_PACKAGE_STRONGSWAN_UNITY
|
bool "Enables Cisco Unity extension plugin"
|
|
config BR2_PACKAGE_STRONGSWAN_STROKE
|
bool "Enable charons stroke configuration backend"
|
default y
|
|
config BR2_PACKAGE_STRONGSWAN_SQL
|
bool "Enable SQL database configuration backend"
|
depends on BR2_PACKAGE_SQLITE || BR2_PACKAGE_MYSQL
|
|
endif
|
|
config BR2_PACKAGE_STRONGSWAN_PKI
|
bool "Enable pki certificate utility"
|
default y
|
|
config BR2_PACKAGE_STRONGSWAN_SCEP
|
bool "Enable SCEP client tool"
|
|
config BR2_PACKAGE_STRONGSWAN_SCRIPTS
|
bool "Enable additional utilities (found in scripts directory)"
|
default y
|
depends on BR2_PACKAGE_STRONGSWAN_CHARON
|
|
config BR2_PACKAGE_STRONGSWAN_VICI
|
bool "Enable vici/swanctl"
|
default y
|
depends on BR2_PACKAGE_STRONGSWAN_CHARON
|
|
endif
|
