[strongSwan-dev] strongswan dependencies
Jan Willem Beusink
jan.willem.beusink at ti-wmc.nl
Mon Mar 8 16:58:39 CET 2010
L.S.,
after Martin Willi's comments on bug #110
(http://wiki.strongswan.org/issues/110) I'd thought I'd ask here what
the dependencies actually are.
The reason I ask is because I'm integrating strongswan on an openwrt
device and thus requiring a small footprint. While I'm at it I also
intend to adapt strongSwan to perform authorization using the PERMIS
reasoning engine, using a WebDAV repository for the certificates.
As I am interested in ikev2 with elliptic curve cryptography I enable
openssl.
1. Using --enable-openssl obsoletes (to my knowledge) gmp, thus I can
--disable-gmp without any problems, right?
2. strongSwan depends on several kernel crypto modules. some of which
are selected by a 2.6 kernel in combination with ipsec (core, des, hmac,
md5, sha-1) others are selected by kmod-mac80211 (core, aes, arc4). So
these will get installed on my target device. But does strongSwan itself
rely on / need these?
3. what about kmod-crypto-authenc? does strongSwan need this?
4. In light of previous questions: there are several configure options
disabling 'own' crypto plugin. What is meant by 'own' and which can I
disable if I enable openssl (or gmp for that matter)?
5. "ipsec is a wrapper script for controlling starter, whack and stroke"
So if I wish to use the charon daemon, what is the preferred starting
method? the up-down scripts?
yours sincerely
Jan Willem Beusink
More information about the Dev
mailing list