[strongSwan] updated packages for Ubuntu

Florin Andrei florin at andrei.myip.org
Wed Oct 28 02:29:43 CET 2015 

Made it work with the build script below. Some packages need to be 
installed to finish the build; this might be the whole build 
prerequisite list but I'm not 100% sure:

apt-get install libgmp3-dev libxml2-dev libtspi-dev libjson-c-dev 
libsqlite3-dev network-manager-dev libnm-glib-vpn-dev libnm-dev 
libpam-dev

After installing the package on the VPN instance, the file 
/etc/tnc_config needs to be created with the content:

IMV "Test"	/opt/strongswan/lib/ipsec/imcvs/imv-test.so
IMV "Scanner"	/opt/strongswan/lib/ipsec/imcvs/imv-scanner.so

Also, the libtspi1 package needs to be installed after installing the SS 
package. I know these steps could be automated from the SS package but I 
didn't have time for that.

The build script requires fpm:

https://github.com/jordansissel/fpm

I've tested the resulting package on Ubuntu 14.04 and it seems to work 
well.

This is the build script:

#######################################
#!/bin/bash

ver="5.3.3"
iter="1trusty"
epoch="1"

rm -f *.deb
rm -rf strongswan-${ver}
rm -rf fake-root

mkdir fake-root
tar -jxvf strongswan-${ver}.tar.bz2
pushd strongswan-${ver}
./configure --prefix=/opt/strongswan \
     --disable-static \
     --with-ipsec-script=strongswan \
     --with-fips-mode=0 \
     --with-tss=trousers \
     --enable-nm \
     --enable-openssl \
     --enable-md4 \
     --enable-xauth-eap \
     --enable-xauth-pam \
     --enable-xauth-noauth \
     --enable-eap-md5 \
     --enable-eap-gtc \
     --enable-eap-tls \
     --enable-eap-ttls \
     --enable-eap-peap \
     --enable-eap-mschapv2 \
     --enable-farp \
     --enable-dhcp \
     --enable-sqlite \
     --enable-tnc-ifmap \
     --enable-tnc-pdp \
     --enable-imc-test \
     --enable-imv-test \
     --enable-imc-scanner \
     --enable-imv-scanner  \
     --enable-imc-attestation \
     --enable-imv-attestation \
     --enable-imv-os \
     --enable-imc-os \
     --enable-imc-swid \
     --enable-imv-swid \
     --enable-eap-tnc \
     --enable-tnccs-20 \
     --enable-tnccs-11 \
     --enable-tnccs-dynamic \
     --enable-tnc-imc \
     --enable-tnc-imv \
     --enable-eap-radius \
     --enable-curl \
     --enable-eap-identity \
     --enable-cmd \
     --enable-acert \
     --enable-aikgen \
     --enable-vici \
     --enable-swanctl \
     --enable-kernel-libipsec \
     --enable-unity
make

make install DESTDIR=`pwd`/../fake-root
popd

fpm -s dir -t deb -n strongswan -v ${ver} --iteration ${iter} --epoch 
${epoch} -C fake-root \
     --license GPL --maintainer "Florin Andrei" \
     --vendor email at redacted.com --url "https://www.strongswan.org/" \
     --description "the OpenSource IPsec-based VPN Solution"
#######################################

-- 
Florin Andrei
http://florin.myip.org/

More information about the Users mailing list