[strongSwan-dev] StrongSwan with reduced priveleges

meenakshi bangad mbangad at gmail.com
Wed May 13 20:56:21 CEST 2015


I want to run ipsec as a non root user. I followed the instructions from

1) Ran configur as root
./configure --prefix=/usr --sysconfdir=/etc --enable-curl --enable-ldap
--enable-pkcs11 --enable-md4 --enable-openssl --enable-ccm --enable-gcm
--enable-farp --enable-eap-identity --enable-eap-aka --enable-eap-aka-3gpp2
--enable-eap-md5 --enable-eap-gtc --enable-eap-mschapv2
--enable-eap-dynamic --enable-eap-radius --enable-eap-tls --enable-eap-ttls
--enable-eap-peap --enable-eap-tnc --enable-xauth-eap --enable-dhcp
--enable-charon --enable-xauth-pam --enable-xauth-noauth  --disable-resolve
--with-capabilities=libcap --with-user=vpn --with-group=vpn

2) Ran make as root, but with these errors:

make[4]: *** [farp_spoofer.lo] Error 1
make[4]: Leaving directory
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/root/iswan/src/strongswan/strongswan-5.3.0/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/iswan/src/strongswan/strongswan-5.3.0'
make: *** [all] Error 2

If i disable the capabilities options make runs fine. can you please guide
me on this?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20150513/d325230d/attachment.html>

More information about the Dev mailing list