<html><head></head><body data-blackberry-caret-color="#00a8df" style="background-color: rgb(255, 255, 255); line-height: initial;"><div id="BB10_response_div" style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><span style="font-size: initial; line-height: initial; text-align: initial;"><br></span></div> <table width="100%" style="background-color:white;border-spacing:0px;"> <tbody><tr><td id="_persistentHeaderContainer" colspan="2" style="font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <div id="_persistentHeader" style="border-style: solid none none; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding: 3pt 0in 0in; font-family: Tahoma, 'BB Alpha Sans', 'Slate Pro'; font-size: 10pt;"> <div><b>From: </b>Naveen Neelakanta</div><div><b>Sent: </b>Freitag, 30. August 2013 20:19</div><div><b>To: </b>users@lists.strongswan.org</div><div><b>Subject: </b>[strongSwan] Strongswan packages selection</div></div></td></tr></tbody></table><div id="_persistentHeaderEnd" style="border-style: solid none none; border-top-color: rgb(186, 188, 209); border-top-width: 1pt; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div><br><div id="_originalContent" style=""><div dir="ltr">Hi <div>I am new to strongswan, I have been able to successfully establish tunnel</div><div>between to linux PC . How ever i want to reduce the size of the strongswan image </div><div>and hence i have used the below compilation options .</div>
<div><br></div><div>" --disable-curl --disable-soup --disable-ldap \</div><div><div> --enable-gmp --disable-mysql --disable-sqlite \</div><div> --enable-openssl --enable-curl=no --enable-unbound=no --enable- soup=no --enable-ldap=no --enable-blowfish=no --disable-rc2 --disable-fips-prf --disable-gmp \</div>
<div>--enable-rdrand=no --disable-nonce --disable-x509 --disable-revocation --disable-constraints --disable-pubkey --disable-pkcs1 \</div><div>--disable-pkcs7 --disable-pkcs8 --disable-pkcs12 --disable-pgp --disable-sshkey --disable-dnskey --disable-pem --enable-test-vectors=no \</div>
<div>--enable-mysql=no --enable-sqlite=no --disable-stroke --enable-medsrv=no --enable-medcli=no --enable-sql=no --enable-leak-detective=no \</div><div>--enable-shared --enable-static=no</div></div><div>"</div><div>
I got it compiled but when i run the below command </div><div>#ipsec start<br></div><div>/usr/sbin/ipsec: exec: line 326: /usr/libexec/ipsec/starter: not found<br></div><div><br></div><div>Can you please let me know is the above configuartion that i have used is </div>
<div>good for my below requirement.</div><div>I want to just make use of openssl has crypto library and IKEV2 client only and </div><div>i am using linux kernel for ipsec functionality with xfrm and netlink modules </div>
<div>built in kernel. </div><div><br></div><div>Appreciate your response.</div><div> </div><div>Thanks</div><div>Naveen</div><div><br></div><div><br></div><div>Hi, Naveen</div><div><br></div><div>By disabling stroke you nuked your starter script. You will most likely not want that and it's causing the error.</div><div>Also You cannot start Charon without the nonce plugin. You can however disable aes, des, sha1, sha2, md5, random and hmac in favor of openssl. xauth-generic is also not necessary, as well as attr and resolve. And if You do not want automatic Firewall configuration you can drop updown, too. If I were you, I'd build the plug in all and then pimp the strongswan.conf to only load the required ones. That's more flexible. Check out the strongswan Wiki for more information on that.</div><div>Auto correct added all spelling mistakes. </div><div>Cheers, Thomas.</div></div>
<!--end of _originalContent --></div></body></html>