Re: [strongSwan] Strongswan packages selection

Fri, 30 Aug 2013 15:22:19 -0700


From: Naveen Neelakanta
Sent: Freitag, 30. August 2013 20:19
To: users@lists.strongswan.org
Subject: [strongSwan] Strongswan packages selection

Hi 
I am new to strongswan, I have been able to successfully  establish tunnel
between to linux PC . How ever i want to reduce the size of the strongswan image 
and hence i have used the below compilation options .

"       --disable-curl --disable-soup --disable-ldap \
        --enable-gmp --disable-mysql --disable-sqlite \
        --enable-openssl --enable-curl=no --enable-unbound=no  --enable-     soup=no --enable-ldap=no --enable-blowfish=no --disable-rc2  --disable-fips-prf --disable-gmp \
--enable-rdrand=no --disable-nonce --disable-x509 --disable-revocation --disable-constraints --disable-pubkey --disable-pkcs1 \
--disable-pkcs7 --disable-pkcs8 --disable-pkcs12   --disable-pgp --disable-sshkey  --disable-dnskey --disable-pem --enable-test-vectors=no \
--enable-mysql=no --enable-sqlite=no --disable-stroke --enable-medsrv=no --enable-medcli=no --enable-sql=no --enable-leak-detective=no \
--enable-shared  --enable-static=no
"
I got it compiled but when i run the below command 
#ipsec start
/usr/sbin/ipsec: exec: line 326: /usr/libexec/ipsec/starter: not found

Can you please let me know is the above configuartion that i have used is 
good for my below requirement.
I want to just make use of openssl has crypto library and IKEV2 client only and 
i am using linux kernel for ipsec functionality with xfrm and netlink modules 
built in kernel. 

Appreciate your response.
 
Thanks
Naveen


Hi, Naveen

By disabling stroke you nuked your starter script. You will most likely not want that and it's causing the error.
Also You cannot start Charon without the nonce plugin. You can however disable aes, des, sha1, sha2, md5, random and hmac in favor of openssl. xauth-generic is also not necessary, as well as attr and resolve. And if You do not want automatic Firewall configuration you can drop updown, too. If I were you, I'd build the plug in all and then pimp the strongswan.conf to only load the required ones. That's more flexible.‎ Check out the strongswan Wiki for more information on that.
Auto correct added all spelling mistakes. 
Cheers, Thomas.
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to