[strongSwan-dev] strongswan dependencies

Jan Willem Beusink jan.willem.beusink at ti-wmc.nl
Mon Mar 8 16:58:39 CET 2010


after Martin Willi's comments on bug #110
(http://wiki.strongswan.org/issues/110) I'd thought I'd ask here what
the dependencies actually are.

The reason I ask is because I'm integrating strongswan on an openwrt
device and thus requiring a small footprint. While I'm at it I also
intend to adapt strongSwan to perform authorization using the PERMIS
reasoning engine, using a WebDAV repository for the certificates.

As I am interested in ikev2 with elliptic curve cryptography I enable

1. Using --enable-openssl obsoletes (to my knowledge) gmp, thus I can
--disable-gmp without any problems, right?

2. strongSwan depends on several kernel crypto modules. some of which
are selected by a 2.6 kernel in combination with ipsec (core, des, hmac,
md5, sha-1) others are selected by kmod-mac80211 (core, aes, arc4). So
these will get installed on my target device. But does strongSwan itself
rely on / need these?

3. what about kmod-crypto-authenc? does strongSwan need this?

4. In light of previous questions: there are several configure options
disabling 'own' crypto plugin. What is meant by 'own'  and which can I
disable if I enable openssl (or gmp for that matter)?

5. "ipsec is a wrapper script for controlling starter, whack and stroke"
So if I wish to use the charon daemon, what is the preferred starting
method? the up-down scripts?

yours sincerely

Jan Willem Beusink

More information about the Dev mailing list