summaryrefslogtreecommitdiffstats
path: root/rules/strongswan.in
blob: f34ef65d4c1ddfb5d08a71a3cd45d5ff30cae700 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
## SECTION=networking

menuconfig STRONGSWAN
	bool
	prompt "strongswan                    "
	select LIBGMP
	select LIBCURL if STRONGSWAN_LIBCURL
	select OPENSSL if STRONGSWAN_OPENSSL
	select SYSTEMD if STRONGSWAN_SYSTEMD_UNIT
	help
	  strongSwan is a complete IPsec implementation.
	  Please keep in mind to configure the kernel accordingly to fulfill
	  strongSwan's needs. See 'Required Kernel Modules' here:
	  http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules

if STRONGSWAN

config STRONGSWAN_LIBCURL
	bool
	default y
	prompt "CURL fetcher plugin to fetch files"
	help
	  If you intend to dynamically fetch Certificate Revocation Lists
	  (CRLs) from an HTTP server or as an alternative want to use
	  the Online Certificate Status Protocol (OCSP) say yes.

config STRONGSWAN_OPENSSL
	bool
	default n
	prompt "OpenSSL crypto library for IKE"
	help
	  This will add Elliptic Curve support in IKE Diffie-Hellman key exchange.

config STRONGSWAN_AFALG
	bool
	default y
	prompt "AF_ALG crypto interface to Linux Crypto API"
	help
	  Linux 2.6.38 introduced the AF_ALG Crypto API which makes the
	  crypto algorithms of the kernel available in userland.
	  If your strongswan configuration depends on this, be sure to
	  enable the appropriate crypto algorithm in your kernel.
	  For test configurations see af-alg-* categories here:
	  http://www.strongswan.org/uml/testresults4/index.html
	  For a list of cipher suite keywords see:
	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
	  http://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites

config STRONGSWAN_SYSTEMD_UNIT
	bool
	default y
	depends on INITMETHOD_SYSTEMD
	prompt "install systemd service file"

endif