2 # Copyright (C) 2012-2015 OpenWrt.org
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
8 include $(TOPDIR)/rules.mk
14 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
15 PKG_SOURCE_URL:=http://download.strongswan.org/ http://download2.strongswan.org/
16 PKG_MD5SUM:=4eba9474f7dc6c8c8d7037261358e68d
18 PKG_MAINTAINER:=Stijn Tintel <stijn@linux-ipv6.be>
94 PKG_CONFIG_DEPENDS:= \
95 CONFIG_STRONGSWAN_ROUTING_TABLE \
96 CONFIG_STRONGSWAN_ROUTING_TABLE_PRIO \
97 $(patsubst %,CONFIG_PACKAGE_strongswan-mod-%,$(PKG_MOD_AVAILABLE)) \
101 PKG_BUILD_PARALLEL:=1
103 include $(INCLUDE_DIR)/package.mk
105 define Package/strongswan/Default
110 URL:=http://www.strongswan.org/
113 define Package/strongswan/description/Default
114 StrongSwan is an OpenSource IPsec implementation for the Linux operating system.
117 define Package/strongswan
118 $(call Package/strongswan/Default)
119 DEPENDS:= +libpthread +ip \
120 +kmod-crypto-authenc \
121 +kmod-ipsec +kmod-ipsec4 +IPV6:kmod-ipsec6 \
122 +kmod-ipt-ipsec +iptables-mod-ipsec
125 define Package/strongswan/config
126 source "$(SOURCE)/Config.in"
129 define Package/strongswan/description
130 $(call Package/strongswan/description/Default)
131 This package contains shared libraries and scripts.
134 define Package/strongswan-full
135 $(call Package/strongswan/Default)
137 DEPENDS:= +strongswan \
139 +strongswan-mod-addrblock \
140 +strongswan-mod-aes \
141 +strongswan-mod-af-alg \
142 +strongswan-mod-agent \
143 +strongswan-mod-attr \
144 +strongswan-mod-attr-sql \
145 +strongswan-mod-blowfish \
146 +strongswan-mod-ccm \
147 +strongswan-mod-cmac \
148 +strongswan-mod-constraints \
149 +strongswan-mod-connmark \
150 +strongswan-mod-coupling \
151 +strongswan-mod-ctr \
152 +strongswan-mod-curl \
153 +strongswan-mod-des \
154 +strongswan-mod-dhcp \
155 +strongswan-mod-dnskey \
156 +strongswan-mod-duplicheck \
157 +strongswan-mod-eap-identity \
158 +strongswan-mod-eap-md5 \
159 +strongswan-mod-eap-mschapv2 \
160 +strongswan-mod-eap-radius \
161 +strongswan-mod-eap-tls \
162 +strongswan-mod-farp \
163 +strongswan-mod-fips-prf \
164 +strongswan-mod-forecast \
165 +strongswan-mod-gcm \
166 +strongswan-mod-gcrypt \
167 +strongswan-mod-gmp \
169 +strongswan-mod-hmac \
170 +strongswan-mod-kernel-netlink \
171 +strongswan-mod-ldap \
172 +strongswan-mod-led \
173 +strongswan-mod-load-tester \
174 +strongswan-mod-nonce \
175 +strongswan-mod-md4 \
176 +strongswan-mod-md5 \
177 +strongswan-mod-mysql \
178 +strongswan-mod-openssl \
179 +strongswan-mod-pem \
180 +strongswan-mod-pgp \
181 +strongswan-mod-pkcs1 \
182 +strongswan-mod-pkcs7 \
183 +strongswan-mod-pkcs8 \
184 +strongswan-mod-pkcs11 \
185 +strongswan-mod-pkcs12 \
186 +strongswan-mod-pubkey \
187 +strongswan-mod-random \
188 +strongswan-mod-rc2 \
189 +strongswan-mod-resolve \
190 +strongswan-mod-revocation \
191 +strongswan-mod-sha1 \
192 +strongswan-mod-sha2 \
193 +strongswan-mod-smp \
194 +strongswan-mod-socket-default \
195 +strongswan-mod-sql \
196 +strongswan-mod-sqlite \
197 +strongswan-mod-sshkey \
198 +strongswan-mod-stroke \
199 +strongswan-mod-test-vectors \
200 +strongswan-mod-uci \
201 +strongswan-mod-unity \
202 +strongswan-mod-updown \
203 +strongswan-mod-whitelist \
204 +strongswan-mod-x509 \
205 +strongswan-mod-xauth-eap \
206 +strongswan-mod-xauth-generic \
207 +strongswan-mod-xcbc \
212 define Package/strongswan-full/description
213 $(call Package/strongswan/description/Default)
214 This meta-package contains dependencies for all of the strongswan plugins
215 except kernel-libipsec,
216 socket-dynamic and which are omitted in favor of the kernel-netlink and
217 socket-default plugins.
221 define Package/strongswan-default
222 $(call Package/strongswan/Default)
224 DEPENDS:= +strongswan \
226 +strongswan-mod-aes \
227 +strongswan-mod-attr \
228 +strongswan-mod-connmark \
229 +strongswan-mod-constraints \
230 +strongswan-mod-des \
231 +strongswan-mod-dnskey \
232 +strongswan-mod-fips-prf \
233 +strongswan-mod-gmp \
234 +strongswan-mod-hmac \
235 +strongswan-mod-kernel-netlink \
236 +strongswan-mod-md5 \
237 +strongswan-mod-nonce \
238 +strongswan-mod-pem \
239 +strongswan-mod-pgp \
240 +strongswan-mod-pkcs1 \
241 +strongswan-mod-pubkey \
242 +strongswan-mod-random \
243 +strongswan-mod-rc2 \
244 +strongswan-mod-resolve \
245 +strongswan-mod-revocation \
246 +strongswan-mod-sha1 \
247 +strongswan-mod-sha2 \
248 +strongswan-mod-socket-default \
249 +strongswan-mod-sshkey \
250 +strongswan-mod-stroke \
251 +strongswan-mod-updown \
252 +strongswan-mod-x509 \
253 +strongswan-mod-xauth-generic \
254 +strongswan-mod-xcbc \
258 define Package/strongswan-default/description
259 $(call Package/strongswan/description/Default)
260 This meta-package contains only dependencies to match upstream defaults.
264 define Package/strongswan-isakmp
265 $(call Package/strongswan/Default)
267 DEPENDS:= +strongswan \
269 +strongswan-mod-aes \
270 +strongswan-mod-des \
271 +strongswan-mod-gmpdh \
272 +strongswan-mod-hmac \
273 +strongswan-mod-kernel-netlink \
274 +strongswan-mod-md5 \
275 +strongswan-mod-nonce \
276 +strongswan-mod-pubkey \
277 +strongswan-mod-random \
278 +strongswan-mod-sha1 \
279 +strongswan-mod-socket-default \
280 +strongswan-mod-stroke \
281 +strongswan-mod-uci \
282 +strongswan-mod-updown \
286 define Package/strongswan-isakmp/description
287 $(call Package/strongswan/description/Default)
288 This meta-package contains only dependencies to establish ISAKMP /
289 IKE PSK connections, dropping other capabilities in favor of small size
290 Can fit most routers even with 4Mb flash (after removing IPv6 support).
294 define Package/strongswan-minimal
295 $(call Package/strongswan/Default)
297 DEPENDS:= +strongswan \
299 +strongswan-mod-aes \
300 +strongswan-mod-gmp \
301 +strongswan-mod-hmac \
302 +strongswan-mod-kernel-netlink \
303 +strongswan-mod-nonce \
304 +strongswan-mod-pubkey \
305 +strongswan-mod-random \
306 +strongswan-mod-sha1 \
307 +strongswan-mod-socket-default \
308 +strongswan-mod-stroke \
309 +strongswan-mod-updown \
310 +strongswan-mod-x509 \
314 define Package/strongswan-minimal/description
315 $(call Package/strongswan/description/Default)
316 This meta-package contains only dependencies for a minimal IKEv2 setup.
319 define Package/strongswan-charon
320 $(call Package/strongswan/Default)
321 TITLE+= IKEv1/IKEv2 keying daemon
322 DEPENDS:= +strongswan
325 define Package/strongswan-charon/description
326 $(call Package/strongswan/description/Default)
327 This package contains charon, an IKEv2 keying daemon.
330 define Package/strongswan-utils
331 $(call Package/strongswan/Default)
333 DEPENDS:= +strongswan
336 define Package/strongswan-utils/description
337 $(call Package/strongswan/description/Default)
338 This package contains the pki & scepclient utilities.
341 define Package/strongswan-libtls
342 $(call Package/strongswan/Default)
344 DEPENDS:= +strongswan
347 define Package/strongswan-libtls/description
348 $(call Package/strongswan/description/Default)
349 This package contains libtls for strongSwan plugins eap-tls, eap-ttls,
354 define Package/strongswan-mod-$(1)
355 $$(call Package/strongswan/Default)
356 TITLE:= StrongSwan $(2) plugin
357 DEPENDS:= +strongswan $(3)
360 define Package/strongswan-mod-$(1)/install
361 $(INSTALL_DIR) $$(1)/etc/strongswan.d/charon
362 if [ -f $(PKG_INSTALL_DIR)/etc/strongswan.d/charon/$(1).conf ]; then \
363 $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/strongswan.d/charon/$(1).conf $$(1)/etc/strongswan.d/charon/; fi
364 $(INSTALL_DIR) $$(1)/usr/lib/ipsec/plugins
365 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-$(1).so \
366 $$(1)/usr/lib/ipsec/plugins/
367 $(call Plugin/$(1)/install,$$(1))
370 $$(eval $$(call BuildPackage,strongswan-mod-$(1)))
378 --with-systemdsystemunitdir=no \
379 $(if $(CONFIG_PACKAGE_strongswan-utils),--enable-pki --enable-scepclient,--disable-pki --disable-scepclient) \
380 --with-random-device=/dev/random \
381 --with-urandom-device=/dev/urandom \
382 --with-routing-table="$(call qstrip,$(CONFIG_STRONGSWAN_ROUTING_TABLE))" \
383 --with-routing-table-prio="$(call qstrip,$(CONFIG_STRONGSWAN_ROUTING_TABLE_PRIO))" \
384 $(foreach m,$(PKG_MOD_AVAILABLE), \
385 $(if $(CONFIG_PACKAGE_strongswan-mod-$(m)),--enable-$(m),--disable-$(m)) \
387 ac_cv_search___atomic_load=no
389 EXTRA_LDFLAGS+= -Wl,-rpath-link,$(STAGING_DIR)/usr/lib
391 define Package/strongswan/conffiles
400 define Package/strongswan/install
401 $(INSTALL_DIR) $(1)/etc
402 $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/ipsec.conf $(1)/etc/
403 $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/strongswan.conf $(1)/etc/
404 $(INSTALL_DIR) $(1)/usr/lib/ipsec
405 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libstrongswan.so.* $(1)/usr/lib/ipsec/
406 $(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/
407 $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/
408 $(INSTALL_DIR) $(1)/etc/init.d
409 $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
412 define Package/strongswan-default/install
416 define Package/strongswan-full/install
420 define Package/strongswan-isakmp/install
424 define Package/strongswan-minimal/install
428 define Package/strongswan-charon/install
429 $(INSTALL_DIR) $(1)/usr/lib/ipsec
430 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/charon $(1)/usr/lib/ipsec/
431 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libcharon.so.* $(1)/usr/lib/ipsec/
434 define Package/strongswan-utils/install
435 $(INSTALL_DIR) $(1)/usr/sbin
436 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
437 $(INSTALL_DIR) $(1)/usr/bin
438 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/pki $(1)/usr/bin/
439 $(INSTALL_DIR) $(1)/usr/lib/ipsec
440 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/scepclient $(1)/usr/lib/ipsec/
443 define Package/strongswan-libtls/install
444 $(INSTALL_DIR) $(1)/usr/lib/ipsec
445 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libtls.so.* $(1)/usr/lib/ipsec/
448 define Plugin/duplicheck/install
449 $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins
450 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/duplicheck $(1)/usr/lib/ipsec/
451 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-duplicheck.so $(1)/usr/lib/ipsec/plugins/
454 define Plugin/eap-radius/install
455 $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins
456 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libradius.so.* $(1)/usr/lib/ipsec/
457 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-eap-radius.so $(1)/usr/lib/ipsec/plugins/
460 define Plugin/attr-sql/install
461 $(INSTALL_DIR) $(1)/usr/lib/ipsec
462 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/pool $(1)/usr/lib/ipsec/
465 define Plugin/stroke/install
466 $(INSTALL_DIR) $(1)/etc/ipsec.d/aacerts
467 $(INSTALL_DIR) $(1)/etc/ipsec.d/acerts
468 $(INSTALL_DIR) $(1)/etc/ipsec.d/cacerts
469 $(INSTALL_DIR) $(1)/etc/ipsec.d/certs
470 $(INSTALL_DIR) $(1)/etc/ipsec.d/crls
471 $(INSTALL_DIR) $(1)/etc/ipsec.d/ocspcerts
472 $(INSTALL_DIR) $(1)/etc/ipsec.d/private
473 $(INSTALL_DIR) $(1)/etc/ipsec.d/reqs
475 $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins
476 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{starter,stroke} $(1)/usr/lib/ipsec/
477 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-stroke.so $(1)/usr/lib/ipsec/plugins/
480 define Plugin/updown/install
481 $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins
482 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/_updown $(1)/usr/lib/ipsec/
483 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-updown.so $(1)/usr/lib/ipsec/plugins/
484 $(INSTALL_DIR) $(1)/etc
487 define Plugin/whitelist/install
488 $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins
489 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/whitelist $(1)/usr/lib/ipsec/
490 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-whitelist.so $(1)/usr/lib/ipsec/plugins/
493 define Plugin/kernel-libipsec/install
494 $(INSTALL_DIR) $(1)/usr/lib/ipsec
495 $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libipsec.so.* $(1)/usr/lib/ipsec/
498 $(eval $(call BuildPackage,strongswan))
499 $(eval $(call BuildPackage,strongswan-default))
500 $(eval $(call BuildPackage,strongswan-full))
501 $(eval $(call BuildPackage,strongswan-minimal))
502 $(eval $(call BuildPackage,strongswan-isakmp))
503 $(eval $(call BuildPackage,strongswan-charon))
504 $(eval $(call BuildPackage,strongswan-utils))
505 $(eval $(call BuildPackage,strongswan-libtls))
506 $(eval $(call BuildPlugin,addrblock,RFC 3779 address block constraint support,))
507 $(eval $(call BuildPlugin,aes,AES crypto,))
508 $(eval $(call BuildPlugin,af-alg,AF_ALG crypto interface to Linux Crypto API,+kmod-crypto-user))
509 $(eval $(call BuildPlugin,agent,SSH agent signing,))
510 $(eval $(call BuildPlugin,attr,file based config,))
511 $(eval $(call BuildPlugin,attr-sql,SQL based config,+strongswan-charon))
512 $(eval $(call BuildPlugin,blowfish,Blowfish crypto,))
513 $(eval $(call BuildPlugin,ccm,CCM AEAD wrapper crypto,))
514 $(eval $(call BuildPlugin,cmac,CMAC crypto,))
515 $(eval $(call BuildPlugin,connmark,netfilter connection marking,))
516 $(eval $(call BuildPlugin,constraints,advanced X509 constraint checking,))
517 $(eval $(call BuildPlugin,coupling,IKEv2 plugin to couple peer certificates permanently to authentication,))
518 $(eval $(call BuildPlugin,ctr,Counter Mode wrapper crypto,))
519 $(eval $(call BuildPlugin,curl,cURL fetcher plugin,+PACKAGE_strongswan-mod-curl:libcurl))
520 $(eval $(call BuildPlugin,des,DES crypto,))
521 $(eval $(call BuildPlugin,dhcp,DHCP based attribute provider,))
522 $(eval $(call BuildPlugin,dnskey,DNS RR key decoding,))
523 $(eval $(call BuildPlugin,duplicheck,advanced duplicate checking,))
524 $(eval $(call BuildPlugin,eap-identity,EAP identity helper,))
525 $(eval $(call BuildPlugin,eap-md5,EAP MD5 (CHAP) EAP auth,))
526 $(eval $(call BuildPlugin,eap-mschapv2,EAP MS-CHAPv2 EAP auth,+strongswan-mod-md4 +strongswan-mod-des))
527 $(eval $(call BuildPlugin,eap-radius,EAP RADIUS auth,))
528 $(eval $(call BuildPlugin,eap-tls,EAP TLS auth,+strongswan-libtls))
529 $(eval $(call BuildPlugin,farp,fake arp respsonses,))
530 $(eval $(call BuildPlugin,fips-prf,FIPS PRF crypto,+strongswan-mod-sha1))
531 $(eval $(call BuildPlugin,forecast,forward multi/broadcast traffic,+kmod-ipt-conntrack-extra))
532 $(eval $(call BuildPlugin,gcm,GCM AEAD wrapper crypto,))
533 $(eval $(call BuildPlugin,gcrypt,libgcrypt,+PACKAGE_strongswan-mod-gcrypt:libgcrypt))
534 $(eval $(call BuildPlugin,gmp,libgmp,+PACKAGE_strongswan-mod-gmp:libgmp))
535 $(eval $(call BuildPlugin,gmpdh,DH-Groups; no libgmp dep,))
536 $(eval $(call BuildPlugin,ha,high availability cluster,))
537 $(eval $(call BuildPlugin,hmac,HMAC crypto,))
538 $(eval $(call BuildPlugin,kernel-libipsec,libipsec kernel interface,))
539 $(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,))
540 $(eval $(call BuildPlugin,ldap,LDAP,+PACKAGE_strongswan-mod-ldap:libopenldap))
541 $(eval $(call BuildPlugin,led,LED blink on IKE activity,))
542 $(eval $(call BuildPlugin,load-tester,load testing,))
543 $(eval $(call BuildPlugin,nonce,nonce genereation,))
544 $(eval $(call BuildPlugin,md4,MD4 crypto,))
545 $(eval $(call BuildPlugin,md5,MD5 crypto,))
546 $(eval $(call BuildPlugin,mysql,MySQL database interface,+strongswan-mod-sql +PACKAGE_strongswan-mod-mysql:libmysqlclient-r))
547 $(eval $(call BuildPlugin,openssl,OpenSSL crypto,+PACKAGE_strongswan-mod-openssl:libopenssl))
548 $(eval $(call BuildPlugin,pem,PEM decoding,))
549 $(eval $(call BuildPlugin,pgp,PGP key decoding,))
550 $(eval $(call BuildPlugin,pkcs1,PKCS1 key decoding,))
551 $(eval $(call BuildPlugin,pkcs7,PKCS7 key decoding,))
552 $(eval $(call BuildPlugin,pkcs8,PKCS8 key decoding,))
553 $(eval $(call BuildPlugin,pkcs11,PKCS11 key decoding,))
554 $(eval $(call BuildPlugin,pkcs12,PKCS12 key decoding,))
555 $(eval $(call BuildPlugin,pubkey,raw public key,))
556 $(eval $(call BuildPlugin,random,RNG,))
557 $(eval $(call BuildPlugin,rc2,RC2 crypto,))
558 $(eval $(call BuildPlugin,resolve,DNS resolver,))
559 $(eval $(call BuildPlugin,revocation,X509 CRL/OCSP revocation,))
560 $(eval $(call BuildPlugin,sha1,SHA1 crypto,))
561 $(eval $(call BuildPlugin,sha2,SHA2 crypto,))
562 $(eval $(call BuildPlugin,smp,SMP configuration and control interface,+PACKAGE_strongswan-mod-smp:libxml2))
563 $(eval $(call BuildPlugin,socket-default,default socket implementation for charon,))
564 $(eval $(call BuildPlugin,socket-dynamic,dynamic socket implementation for charon,))
565 $(eval $(call BuildPlugin,sql,SQL database interface,))
566 $(eval $(call BuildPlugin,sqlite,SQLite database interface,+strongswan-mod-sql +PACKAGE_strongswan-mod-sqlite:libsqlite3))
567 $(eval $(call BuildPlugin,sshkey,SSH key decoding,))
568 $(eval $(call BuildPlugin,stroke,Stroke,+strongswan-charon +strongswan-utils))
569 $(eval $(call BuildPlugin,test-vectors,crypto test vectors,))
570 $(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan-mod-uci:libuci))
571 $(eval $(call BuildPlugin,unity,Cisco Unity extension,))
572 $(eval $(call BuildPlugin,updown,updown firewall,))
573 $(eval $(call BuildPlugin,whitelist,peer identity whitelisting,))
574 $(eval $(call BuildPlugin,x509,x509 certificate,))
575 $(eval $(call BuildPlugin,xauth-eap,EAP XAuth backend,))
576 $(eval $(call BuildPlugin,xauth-generic,generic XAuth backend,))
577 $(eval $(call BuildPlugin,xcbc,xcbc crypto,))