aboutsummaryrefslogtreecommitdiff
path: root/package/strongswan/Config.in
blob: b49435c8c7935dd2a7b34476abd0a26a96ce4481 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
comment "strongswan needs a toolchain w/ threads, dynamic library"
	depends on BR2_USE_MMU
	depends on BR2_TOOLCHAIN_HAS_ATOMIC
	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS

menuconfig BR2_PACKAGE_STRONGSWAN
	bool "strongswan"
	depends on BR2_USE_MMU # fork()
	depends on BR2_TOOLCHAIN_HAS_THREADS
	depends on BR2_TOOLCHAIN_HAS_ATOMIC
	depends on !BR2_STATIC_LIBS
	help
	  strongSwan is an OpenSource IPsec implementation for the
	  Linux operating system. It is based on the discontinued
	  FreeS/WAN project and the X.509 patch.

	  The focus is on:
	     - simplicity of configuration
	     - strong encryption and authentication methods
	     - powerful IPsec policies supporting large and complex VPN networks

	  strongSwan provide many plugins. Only a few are presented here.

	  http://www.strongswan.org/

if BR2_PACKAGE_STRONGSWAN

choice
	prompt "Cryptographic backend"
	default BR2_PACKAGE_STRONGSWAN_GMP

config BR2_PACKAGE_STRONGSWAN_OPENSSL
	bool "OpenSSL"
	select BR2_PACKAGE_OPENSSL

config BR2_PACKAGE_STRONGSWAN_GCRYPT
	bool "libgcrypt"
	select BR2_PACKAGE_LIBGCRYPT

config BR2_PACKAGE_STRONGSWAN_GMP
	bool "GNU MP (libgmp)"
	select BR2_PACKAGE_GMP

endchoice

config BR2_PACKAGE_STRONGSWAN_AF_ALG
	bool "Enable AF_ALG crypto interface to Linux Crypto API"

config BR2_PACKAGE_STRONGSWAN_CURL
	bool "Enable CURL fetcher plugin to fetch files via libcurl"
	select BR2_PACKAGE_LIBCURL

config BR2_PACKAGE_STRONGSWAN_CHARON
	bool "Enable the IKEv1/IKEv2 keying daemon charon"
	default y

if BR2_PACKAGE_STRONGSWAN_CHARON

config BR2_PACKAGE_STRONGSWAN_TNCCS_11
	bool "Enable TNCCS 1.1 protocol module"
	select BR2_PACKAGE_LIBXML2

config BR2_PACKAGE_STRONGSWAN_TNCCS_20
	bool "Enable TNCCS 2.0 protocol module"

config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
	bool "Enable dynamic TNCCS protocol discovery module"

config BR2_PACKAGE_STRONGSWAN_EAP
	bool "Enable EAP protocols"
	help
	  Enable various EAP protocols:
	    - mschapv2
	    - tls
	    - ttls
	    - peap
	    - sim
	    - sim-file
	    - aka
	    - aka-3gpp2
	    - simaka-sql
	    - simaka-pseudonym
	    - simaka-reauth
	    - identity
	    - md5
	    - gtc
	    - tnc
	    - dynamic
	    - radius

if BR2_PACKAGE_STRONGSWAN_EAP

config BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC
	bool "Enable EAP-SIM smart card backend"
	depends on !BR2_STATIC_LIBS # pcsc-lite
	select BR2_PACKAGE_PCSC_LITE

endif

config BR2_PACKAGE_STRONGSWAN_UNITY
	bool "Enables Cisco Unity extension plugin"

config BR2_PACKAGE_STRONGSWAN_STROKE
	bool "Enable charons stroke configuration backend"
	default y

config BR2_PACKAGE_STRONGSWAN_SQL
	bool "Enable SQL database configuration backend"
	depends on BR2_PACKAGE_SQLITE || BR2_PACKAGE_MYSQL

endif

config BR2_PACKAGE_STRONGSWAN_PKI
	bool "Enable pki certificate utility"
	default y

config BR2_PACKAGE_STRONGSWAN_SCEP
	bool "Enable SCEP client tool"

config BR2_PACKAGE_STRONGSWAN_SCRIPTS
	bool "Enable additional utilities (found in scripts directory)"
	depends on BR2_PACKAGE_STRONGSWAN_CHARON
	default y

config BR2_PACKAGE_STRONGSWAN_VICI
	bool "Enable vici/swanctl"
	depends on BR2_PACKAGE_STRONGSWAN_CHARON
	default y

endif