| comment "strongswan needs a toolchain w/ threads, dynamic library" |
| depends on BR2_USE_MMU |
| depends on BR2_TOOLCHAIN_HAS_ATOMIC |
| depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS |
| |
| menuconfig BR2_PACKAGE_STRONGSWAN |
| bool "strongswan" |
| depends on BR2_USE_MMU # fork() |
| depends on BR2_TOOLCHAIN_HAS_THREADS |
| depends on BR2_TOOLCHAIN_HAS_ATOMIC |
| depends on !BR2_STATIC_LIBS |
| help |
| strongSwan is an OpenSource IPsec implementation for the |
| Linux operating system. It is based on the discontinued |
| FreeS/WAN project and the X.509 patch. |
| |
| The focus is on: |
| - simplicity of configuration |
| - strong encryption and authentication methods |
| - powerful IPsec policies supporting large and complex |
| VPN networks |
| |
| strongSwan provide many plugins. Only a few are presented |
| here. |
| |
| http://www.strongswan.org/ |
| |
| if BR2_PACKAGE_STRONGSWAN |
| |
| choice |
| prompt "Cryptographic backend" |
| default BR2_PACKAGE_STRONGSWAN_GMP |
| |
| config BR2_PACKAGE_STRONGSWAN_BOTAN |
| bool "botan" |
| depends on BR2_PACKAGE_BOTAN_ARCH_SUPPORTS |
| depends on BR2_INSTALL_LIBSTDCPP |
| depends on BR2_TOOLCHAIN_GCC_AT_LEAST_10 # botan |
| select BR2_PACKAGE_BOTAN |
| |
| comment "botan backend needs a toolchain w/ C++, gcc >= 10" |
| depends on !BR2_INSTALL_LIBSTDCPP \ |
| || !BR2_TOOLCHAIN_GCC_AT_LEAST_10 |
| depends on BR2_PACKAGE_BOTAN_ARCH_SUPPORTS |
| |
| config BR2_PACKAGE_STRONGSWAN_OPENSSL |
| bool "OpenSSL" |
| select BR2_PACKAGE_OPENSSL |
| |
| config BR2_PACKAGE_STRONGSWAN_GCRYPT |
| bool "libgcrypt" |
| depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgcrypt |
| select BR2_PACKAGE_LIBGCRYPT |
| |
| config BR2_PACKAGE_STRONGSWAN_GMP |
| bool "GNU MP (libgmp)" |
| select BR2_PACKAGE_GMP |
| |
| config BR2_PACKAGE_STRONGSWAN_WOLFSSL |
| bool "wolfssl" |
| select BR2_PACKAGE_WOLFSSL |
| |
| endchoice |
| |
| config BR2_PACKAGE_STRONGSWAN_AF_ALG |
| bool "Enable AF_ALG crypto interface to Linux Crypto API" |
| |
| config BR2_PACKAGE_STRONGSWAN_CURL |
| bool "Enable CURL fetcher plugin to fetch files via libcurl" |
| select BR2_PACKAGE_LIBCURL |
| |
| config BR2_PACKAGE_STRONGSWAN_MD4 |
| bool "Enable MD4 hash algorithm" |
| |
| config BR2_PACKAGE_STRONGSWAN_CHARON |
| bool "Enable the IKEv1/IKEv2 keying daemon charon" |
| default y |
| |
| if BR2_PACKAGE_STRONGSWAN_CHARON |
| |
| config BR2_PACKAGE_STRONGSWAN_TNCCS_11 |
| bool "Enable TNCCS 1.1 protocol module" |
| select BR2_PACKAGE_LIBXML2 |
| |
| config BR2_PACKAGE_STRONGSWAN_TNCCS_20 |
| bool "Enable TNCCS 2.0 protocol module" |
| |
| config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC |
| bool "Enable dynamic TNCCS protocol discovery module" |
| |
| config BR2_PACKAGE_STRONGSWAN_SYSTIME_FIX |
| bool "Enable systime-fix plugin" |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_SIM |
| bool "Enable EAP-SIM" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_SIM_FILE |
| bool "Enable EAP-SIM file backend" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| select BR2_PACKAGE_STRONGSWAN_EAP_SIM |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC |
| bool "Enable EAP-SIM smart card backend" |
| depends on !BR2_STATIC_LIBS # pcsc-lite |
| depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 # pcsc-lite |
| select BR2_PACKAGE_PCSC_LITE |
| select BR2_PACKAGE_STRONGSWAN_EAP_SIM |
| |
| comment "EAP-SIM smart backend needs a toolchain w/ dynamic library, gcc >= 4.9" |
| depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_AKA |
| bool "Enable EAP-AKA" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_AKA_3GPP2 |
| bool "Enable EAP-AKA 3GPP2 algorithms" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| select BR2_PACKAGE_GMP |
| select BR2_PACKAGE_STRONGSWAN_EAP_AKA |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_SQL |
| bool "Enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| select BR2_PACKAGE_STRONGSWAN_EAP_AKA |
| select BR2_PACKAGE_STRONGSWAN_EAP_SIM |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_PSEUDONYM |
| bool "Enable EAP-SIM/AKA pseudonym storage" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| select BR2_PACKAGE_STRONGSWAN_EAP_AKA |
| select BR2_PACKAGE_STRONGSWAN_EAP_SIM |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_SIMAKA_REAUTH |
| bool "Enable EAP-SIM/AKA reauthentication data storage" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| select BR2_PACKAGE_STRONGSWAN_EAP_AKA |
| select BR2_PACKAGE_STRONGSWAN_EAP_SIM |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_IDENTITY |
| bool "Enable EAP-Identity" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_MD5 |
| bool "Enable EAP-MD5" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_GTC |
| bool "Enable EAP-GDC" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_MSCHAPV2 |
| bool "Enable EAP-MSCHAPv2" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| select BR2_PACKAGE_STRONGSWAN_MD4 |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_PEAP |
| bool "Enable EAP-PEAP" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_RADIUS |
| bool "Enable EAP-RADIUS" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_TLS |
| bool "Enable EAP-TLS" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_TTLS |
| bool "Enable EAP-TTLS" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_DYNAMIC |
| bool "Enable EAP-DYNAMIC" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| |
| config BR2_PACKAGE_STRONGSWAN_EAP_TNC |
| bool "Enable EAP-TNC" |
| default y if BR2_PACKAGE_STRONGSWAN_EAP # legacy |
| |
| config BR2_PACKAGE_STRONGSWAN_UNITY |
| bool "Enables Cisco Unity extension plugin" |
| |
| config BR2_PACKAGE_STRONGSWAN_STROKE |
| bool "Enable charons stroke configuration backend" |
| default y |
| |
| config BR2_PACKAGE_STRONGSWAN_SQL |
| bool "Enable SQL database configuration backend" |
| depends on BR2_PACKAGE_SQLITE || BR2_PACKAGE_MARIADB |
| |
| config BR2_PACKAGE_STRONGSWAN_BYPASS_LAN |
| bool "Enable BYPASS-LAN plugin" |
| |
| endif |
| |
| config BR2_PACKAGE_STRONGSWAN_PKI |
| bool "Enable pki certificate utility" |
| default y |
| |
| config BR2_PACKAGE_STRONGSWAN_SCRIPTS |
| bool "Enable additional utilities (found in scripts directory)" |
| default y |
| depends on BR2_PACKAGE_STRONGSWAN_CHARON |
| |
| config BR2_PACKAGE_STRONGSWAN_VICI |
| bool "Enable vici/swanctl" |
| default y |
| depends on BR2_PACKAGE_STRONGSWAN_CHARON |
| |
| endif |
