From c4c70cf73f958ae50f51f4197315a9d1c4b305d4 Mon Sep 17 00:00:00 2001 From: Christian Ehrhardt Date: Thu, 4 May 2017 13:55:26 +0200 Subject: [PATCH] * Mass enablement of further plugins and features into *-extra-plugins This allows users to use strongswan for a variety of further use cases without having to rebuild. New plugins are added to the -extra- packages to avoid affecting common installations that won't need them. - d/control: Add required additional build-deps - d/control: Mention addtionally enabled plugins - d/rules: Enable features at configure stage - d/libbstrongswan-extra-plugins.install: Add plugins (so, lib, conf) - d/libcharon-extra-plugins.install: (so, conf) - d/strongswan-starter.install add pool for use by attr-sql plugin - d/*.install: move tpmtss to libcharon-extra-plugins as tnc related binaries there are the only users avoiding a circular dependency - d/control: add breaks/replaces for moving tpmtss between libstrongswan-extra-plugins and libcharon-extra-plugins Signed-off-by: Christian Ehrhardt --- debian/control | 53 ++++++++++++- debian/libcharon-extra-plugins.install | 78 +++++++++++++++++++ debian/libstrongswan-extra-plugins.install | 45 ++++++++++- debian/libstrongswan-standard-plugins.install | 3 + debian/rules | 47 +++++++++++ debian/strongswan-starter.install | 4 + 6 files changed, 224 insertions(+), 6 deletions(-) diff --git a/debian/control b/debian/control index 0ff2149dc..c816315e4 100644 --- a/debian/control +++ b/debian/control @@ -18,14 +18,21 @@ Build-Depends: bison, libcurl4-openssl-dev | libcurl3-dev | libcurl2-dev, libgcrypt20-dev | libgcrypt11-dev, libgmp3-dev, + libjson-c-dev, libkrb5-dev, libldap2-dev, + libldns-dev, + default-libmysqlclient-dev, libnm-dev [linux-any], libpam0g-dev, + libpcsclite-dev, + libsoup2.4-dev, libsqlite3-dev, libssl-dev (>= 0.9.8), libsystemd-dev [linux-any], libtool, + libtspi-dev, + libunbound-dev, libxml2-dev, pkg-config, po-debconf, @@ -64,6 +71,7 @@ Description: strongSwan utility and crypto library - fips-prf (PRF specified by FIPS, used by EAP-SIM/AKA algorithms) - gmp (RSA/DH crypto backend based on libgmp) - hmac (HMAC wrapper using various hashers) + - md4 (MD4 hasher software implementation) - md5 (MD5 hasher software implementation) - mgf1 (Mask Generation Functions based on the SHA-1, SHA-256 and SHA-512) - nonce (Default nonce generation plugin) @@ -95,6 +103,8 @@ Architecture: any Depends: libstrongswan (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Breaks: libstrongswan-extra-plugins (<< 5.8.0-3) +Replaces: libstrongswan-extra-plugins (<< 5.8.0-3) Description: strongSwan utility and crypto library (standard plugins) The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. @@ -107,6 +117,11 @@ Description: strongSwan utility and crypto library (standard plugins) - gcm (GCM cipher mode wrapper) - openssl (Crypto backend based on OpenSSL, provides RSA/ECDSA/DH/ECDH/ciphers/hashers/HMAC/X.509/CRL/RNG) + . + Also included are the libraries for: + - libtpmtss adding TPM support for some plugin + (https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin) + - nttfft for Number Theoretic Transform via the FFT algorithm Package: libstrongswan-extra-plugins Architecture: any @@ -123,25 +138,36 @@ Description: strongSwan utility and crypto library (extra plugins) cryptographic library. . Included plugins are: + - acert (Support of X.509 attribute certificates (since 5.1.3)) - af-alg [linux] (AF_ALG Linux crypto API interface, provides ciphers/hashers/hmac/xcbc) + - attr-sql (provide IKE attributes read from a database to peers) + - bliss (Bimodal Lattice Signature Scheme (BLISS) post-quantum computer + signature scheme) - ccm (CCM cipher mode wrapper) + - chapoly (ChaCha20/Poly1305 AEAD implementation) - cmac (CMAC cipher mode wrapper) - ctr (CTR cipher mode wrapper) + - coupling (Permanent peer certificate coupling) - curl (libcurl based HTTP/FTP fetcher) - curve25519 (support for Diffie-Hellman group 31 using Curve25519 and support for the Ed25519 digital signature algorithm for IKEv2) + - dnscert (authentication via CERT RRs protected by DNSSEC) - gcrypt (Crypto backend based on libgcrypt, provides RSA/DH/ciphers/hashers/rng) + - ipseckey (authentication via IPSECKEY RRs protected by DNSSEC) - ldap (LDAP fetching plugin based on libldap) + - mysql (database backend) + - ntru (key exchanged based on post-quantum computer NTRU) - padlock (VIA padlock crypto backend, provides AES128/SHA1) - pkcs11 (PKCS#11 smartcard backend) + - sql (SQL configuration and creds engine) + - sqlite (SQLite database backend) + - soup (libsoup based HTTP fetcher) - rdrand (High quality / high performance random source using the Intel rdrand instruction found on Ivy Bridge processors) - test-vectors (Set of test vectors for various algorithms) - . - Also included is the libtpmtss library adding support for TPM plugin - (https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin) + - unbound (DNSSEC enabled resolver using libunbound) Package: libcharon-extauth-plugins Architecture: any @@ -180,27 +206,48 @@ Description: strongSwan charon library (extra plugins) This package provides extra plugins for the charon library: - addrblock (Narrow traffic selectors to RFC 3779 address blocks in X.509 certificates) + - dhcp (Forwarding of DHCP requests for virtual IPs to DHCP server) - certexpire (Export expiration dates of used certificates) + - eap-aka-3gpp2 (EAP-AKA backend implementing standard 3GPP2 algorithm in + software) - eap-aka (Generic EAP-AKA protocol handler using different backends) + - eap-dynamic (EAP proxy plugin that dynamically selects an EAP method + requested/supported by the client (since 5.0.1)) - eap-gtc (EAP-GTC protocol handler authenticating with XAuth backends) - eap-identity (EAP-Identity identity exchange algorithm, to use with other EAP protocols) - eap-md5 (EAP-MD5 protocol handler using passwords) + - eap-peap (EAP-PEAP protocol handler, wraps other EAP methods securely) - eap-radius (EAP server proxy plugin forwarding EAP conversations to a RADIUS server) + - eap-sim (Generic EAP-SIM protocol handler using different backends) + - eap-sim-file (EAP-SIM backend reading triplets from a file) + - eap-sim-pcsc (EAP-SIM backend based on a PC/SC smartcard reader) + - eap-simaka-pseudonym (EAP-SIM/AKA in-memory pseudonym identity database) + - eap-simaka-reauth (EAP-SIM/AKA in-memory reauthentication identity database) + - eap-simaka-sql (EAP-SIM/AKA backend reading triplets/quintuplets from a SQL + database) - eap-tls (EAP-TLS protocol handler, to authenticate with certificates in EAP) - eap-tnc (EAP-TNC protocol handler, Trusted Network Connect in a TLS tunnel) - eap-ttls (EAP-TTLS protocol handler, wraps other EAP methods securely) - error-notify (Notification about errors via UNIX socket) + - farp (fake ARP responses for requests to virtual IP address) - ha (High-Availability clustering) - kernel-libipsec (Userspace IPsec Backend with TUN devices) - led (Let Linux LED subsystem LEDs blink on IKE activity) + - load-tester (perform IKE load tests against self or gateway) - lookip (Virtual IP lookup facility using a UNIX socket) + - radattr (inject and process custom RADIUS attributes as IKEv2 client) - tnc (Trusted Network Connect) + - tnc-imv (Trusted Network Connect Integrity Measurement Validators) + - tnc-imc (Trusted Network Connect Integrity Measurement Collectors) + - tools for imv attestation and strongTNC - unity (Cisco Unity extensions for IKEv1) + - whitelist (peer verification against a whitelist) - xauth-eap (XAuth backend that uses EAP methods to verify passwords) - xauth-pam (XAuth backend that uses PAM modules to verify passwords) + - xauth-noauth (XAuth backend that does not do any authentication) Package: strongswan-starter Architecture: any diff --git a/debian/libcharon-extra-plugins.install b/debian/libcharon-extra-plugins.install index 7765f2056..80425219f 100644 --- a/debian/libcharon-extra-plugins.install +++ b/debian/libcharon-extra-plugins.install @@ -1,11 +1,21 @@ # libcharon plugins usr/lib/ipsec/plugins/libstrongswan-addrblock.so +usr/lib/ipsec/plugins/libstrongswan-bliss.so usr/lib/ipsec/plugins/libstrongswan-certexpire.so +usr/lib/ipsec/plugins/libstrongswan-eap-aka-3gpp2.so usr/lib/ipsec/plugins/libstrongswan-eap-aka.so +usr/lib/ipsec/plugins/libstrongswan-eap-dynamic.so usr/lib/ipsec/plugins/libstrongswan-eap-gtc.so usr/lib/ipsec/plugins/libstrongswan-eap-identity.so usr/lib/ipsec/plugins/libstrongswan-eap-md5.so +usr/lib/ipsec/plugins/libstrongswan-eap-peap.so usr/lib/ipsec/plugins/libstrongswan-eap-radius.so +usr/lib/ipsec/plugins/libstrongswan-eap-sim-file.so +usr/lib/ipsec/plugins/libstrongswan-eap-sim-pcsc.so +usr/lib/ipsec/plugins/libstrongswan-eap-sim.so +usr/lib/ipsec/plugins/libstrongswan-eap-simaka-pseudonym.so +usr/lib/ipsec/plugins/libstrongswan-eap-simaka-reauth.so +usr/lib/ipsec/plugins/libstrongswan-eap-simaka-sql.so usr/lib/ipsec/plugins/libstrongswan-eap-tls.so usr/lib/ipsec/plugins/libstrongswan-eap-tnc.so usr/lib/ipsec/plugins/libstrongswan-eap-ttls.so @@ -13,21 +23,35 @@ usr/lib/ipsec/plugins/libstrongswan-error-notify.so usr/lib/ipsec/plugins/libstrongswan-ha.so usr/lib/ipsec/plugins/libstrongswan-kernel-libipsec.so usr/lib/ipsec/plugins/libstrongswan-led.so +usr/lib/ipsec/plugins/libstrongswan-load-tester.so usr/lib/ipsec/plugins/libstrongswan-lookip.so #usr/lib/ipsec/plugins/libstrongswan-medsrv.so #usr/lib/ipsec/plugins/libstrongswan-medcli.so +usr/lib/ipsec/plugins/libstrongswan-radattr.so usr/lib/ipsec/plugins/libstrongswan-tnc-tnccs.so usr/lib/ipsec/plugins/libstrongswan-unity.so +usr/lib/ipsec/plugins/libstrongswan-whitelist.so usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so +usr/lib/ipsec/plugins/libstrongswan-xauth-noauth.so usr/lib/ipsec/plugins/libstrongswan-xauth-pam.so # standard configuration files usr/share/strongswan/templates/config/plugins/addrblock.conf +usr/share/strongswan/templates/config/plugins/bliss.conf usr/share/strongswan/templates/config/plugins/certexpire.conf +usr/share/strongswan/templates/config/plugins/eap-aka-3gpp2.conf usr/share/strongswan/templates/config/plugins/eap-aka.conf +usr/share/strongswan/templates/config/plugins/eap-dynamic.conf usr/share/strongswan/templates/config/plugins/eap-gtc.conf usr/share/strongswan/templates/config/plugins/eap-identity.conf usr/share/strongswan/templates/config/plugins/eap-md5.conf +usr/share/strongswan/templates/config/plugins/eap-peap.conf usr/share/strongswan/templates/config/plugins/eap-radius.conf +usr/share/strongswan/templates/config/plugins/eap-sim-file.conf +usr/share/strongswan/templates/config/plugins/eap-sim-pcsc.conf +usr/share/strongswan/templates/config/plugins/eap-sim.conf +usr/share/strongswan/templates/config/plugins/eap-simaka-pseudonym.conf +usr/share/strongswan/templates/config/plugins/eap-simaka-reauth.conf +usr/share/strongswan/templates/config/plugins/eap-simaka-sql.conf usr/share/strongswan/templates/config/plugins/eap-tls.conf usr/share/strongswan/templates/config/plugins/eap-tnc.conf usr/share/strongswan/templates/config/plugins/eap-ttls.conf @@ -35,22 +59,36 @@ usr/share/strongswan/templates/config/plugins/error-notify.conf usr/share/strongswan/templates/config/plugins/ha.conf usr/share/strongswan/templates/config/plugins/kernel-libipsec.conf usr/share/strongswan/templates/config/plugins/led.conf +usr/share/strongswan/templates/config/plugins/load-tester.conf usr/share/strongswan/templates/config/plugins/lookip.conf #usr/share/strongswan/templates/config/plugins/medsrv.conf #usr/share/strongswan/templates/config/plugins/medcli.conf +usr/share/strongswan/templates/config/plugins/radattr.conf usr/share/strongswan/templates/config/plugins/tnc-tnccs.conf usr/share/strongswan/templates/config/plugins/unity.conf +usr/share/strongswan/templates/config/plugins/whitelist.conf usr/share/strongswan/templates/config/plugins/xauth-eap.conf +usr/share/strongswan/templates/config/plugins/xauth-noauth.conf usr/share/strongswan/templates/config/plugins/xauth-pam.conf usr/share/strongswan/templates/config/strongswan.d/tnc.conf etc/strongswan.d/tnc.conf etc/strongswan.d/charon/addrblock.conf +etc/strongswan.d/charon/bliss.conf etc/strongswan.d/charon/certexpire.conf +etc/strongswan.d/charon/eap-aka-3gpp2.conf etc/strongswan.d/charon/eap-aka.conf +etc/strongswan.d/charon/eap-dynamic.conf etc/strongswan.d/charon/eap-gtc.conf etc/strongswan.d/charon/eap-identity.conf etc/strongswan.d/charon/eap-md5.conf +etc/strongswan.d/charon/eap-peap.conf etc/strongswan.d/charon/eap-radius.conf +etc/strongswan.d/charon/eap-sim-file.conf +etc/strongswan.d/charon/eap-sim-pcsc.conf +etc/strongswan.d/charon/eap-sim.conf +etc/strongswan.d/charon/eap-simaka-pseudonym.conf +etc/strongswan.d/charon/eap-simaka-reauth.conf +etc/strongswan.d/charon/eap-simaka-sql.conf etc/strongswan.d/charon/eap-tls.conf etc/strongswan.d/charon/eap-tnc.conf etc/strongswan.d/charon/eap-ttls.conf @@ -58,12 +96,16 @@ etc/strongswan.d/charon/error-notify.conf etc/strongswan.d/charon/ha.conf etc/strongswan.d/charon/kernel-libipsec.conf etc/strongswan.d/charon/led.conf +etc/strongswan.d/charon/load-tester.conf etc/strongswan.d/charon/lookip.conf #etc/strongswan.d/charon/medsrv.conf #etc/strongswan.d/charon/medcli.conf +etc/strongswan.d/charon/radattr.conf etc/strongswan.d/charon/tnc-tnccs.conf etc/strongswan.d/charon/unity.conf +etc/strongswan.d/charon/whitelist.conf etc/strongswan.d/charon/xauth-eap.conf +etc/strongswan.d/charon/xauth-noauth.conf etc/strongswan.d/charon/xauth-pam.conf debian/usr.lib.ipsec.lookip /etc/apparmor.d/ # support libs @@ -74,9 +116,45 @@ usr/lib/ipsec/libradius.so* usr/lib/ipsec/libsimaka.so* usr/lib/ipsec/libtnccs.so* usr/lib/ipsec/libtls.so* +usr/lib/ipsec/libnttfft.so* # binaries usr/bin/pt-tls-client +usr/lib/ipsec/attest +usr/lib/ipsec/imv_policy_manager +usr/lib/ipsec/_imv_policy usr/lib/ipsec/error-notify usr/lib/ipsec/lookip +usr/lib/ipsec/load-tester +usr/lib/ipsec/whitelist # manpages usr/share/man/man1/pt-tls-client.1 +# Further more uncommon TNC IMV/INC related plugins and features +etc/strongswan.d/attest.conf +etc/strongswan.d/charon/tnc-ifmap.conf +etc/strongswan.d/charon/tnc-imc.conf +etc/strongswan.d/charon/tnc-imv.conf +etc/strongswan.d/charon/tnc-pdp.conf +etc/strongswan.d/charon/tnccs-11.conf +etc/strongswan.d/charon/tnccs-20.conf +etc/strongswan.d/charon/tnccs-dynamic.conf +etc/strongswan.d/imcv.conf +usr/lib/ipsec/imcvs/imc-*.so +usr/lib/ipsec/imcvs/imv-*.so +usr/lib/ipsec/libimcv.* +usr/lib/ipsec/libtnccs.so* +usr/lib/ipsec/plugins/libstrongswan-tnc-ifmap.so +usr/lib/ipsec/plugins/libstrongswan-tnc-imc.so +usr/lib/ipsec/plugins/libstrongswan-tnc-imv.so +usr/lib/ipsec/plugins/libstrongswan-tnc-pdp.so +usr/lib/ipsec/plugins/libstrongswan-tnccs-*.so +usr/share/strongswan/templates/config/plugins/tnc-ifmap.conf +usr/share/strongswan/templates/config/plugins/tnc-imc.conf +usr/share/strongswan/templates/config/plugins/tnc-imv.conf +usr/share/strongswan/templates/config/plugins/tnc-pdp.conf +usr/share/strongswan/templates/config/plugins/tnccs-11.conf +usr/share/strongswan/templates/config/plugins/tnccs-20.conf +usr/share/strongswan/templates/config/plugins/tnccs-dynamic.conf +usr/share/strongswan/templates/config/strongswan.d/attest.conf +usr/share/strongswan/templates/config/strongswan.d/imcv.conf +usr/share/strongswan/templates/database/imv/*.sql + diff --git a/debian/libstrongswan-extra-plugins.install b/debian/libstrongswan-extra-plugins.install index 2846e2155..1d5edbd9a 100644 --- a/debian/libstrongswan-extra-plugins.install +++ b/debian/libstrongswan-extra-plugins.install @@ -1,40 +1,79 @@ # Tool for TPM PCR extension usr/bin/tpm_extendpcr # libstrongswan plugins +usr/lib/ipsec/plugins/libstrongswan-acert.so +usr/lib/ipsec/plugins/libstrongswan-attr-sql.so usr/lib/ipsec/plugins/libstrongswan-ccm.so usr/lib/ipsec/plugins/libstrongswan-chapoly.so usr/lib/ipsec/plugins/libstrongswan-cmac.so +usr/lib/ipsec/plugins/libstrongswan-coupling.so usr/lib/ipsec/plugins/libstrongswan-ctr.so usr/lib/ipsec/plugins/libstrongswan-curl.so usr/lib/ipsec/plugins/libstrongswan-curve25519.so +usr/lib/ipsec/plugins/libstrongswan-dnscert.so usr/lib/ipsec/plugins/libstrongswan-gcrypt.so +usr/lib/ipsec/plugins/libstrongswan-ipseckey.so usr/lib/ipsec/plugins/libstrongswan-ldap.so +usr/lib/ipsec/plugins/libstrongswan-md4.so +usr/lib/ipsec/plugins/libstrongswan-mysql.so +usr/lib/ipsec/plugins/libstrongswan-ntru.so usr/lib/ipsec/plugins/libstrongswan-pkcs11.so +usr/lib/ipsec/plugins/libstrongswan-soup.so +usr/lib/ipsec/plugins/libstrongswan-sqlite.so +usr/lib/ipsec/plugins/libstrongswan-sql.so +usr/lib/ipsec/plugins/libstrongswan-systime-fix.so usr/lib/ipsec/plugins/libstrongswan-test-vectors.so usr/lib/ipsec/plugins/libstrongswan-tpm.so +usr/lib/ipsec/plugins/libstrongswan-unbound.so # default configuration files +usr/share/strongswan/templates/config/plugins/acert.conf +usr/share/strongswan/templates/config/plugins/attr-sql.conf usr/share/strongswan/templates/config/plugins/ccm.conf +usr/share/strongswan/templates/config/plugins/chapoly.conf usr/share/strongswan/templates/config/plugins/cmac.conf usr/share/strongswan/templates/config/plugins/chapoly.conf +usr/share/strongswan/templates/config/plugins/coupling.conf usr/share/strongswan/templates/config/plugins/ctr.conf usr/share/strongswan/templates/config/plugins/curl.conf usr/share/strongswan/templates/config/plugins/curve25519.conf +usr/share/strongswan/templates/config/plugins/dnscert.conf usr/share/strongswan/templates/config/plugins/gcrypt.conf +usr/share/strongswan/templates/config/plugins/ipseckey.conf usr/share/strongswan/templates/config/plugins/ldap.conf +usr/share/strongswan/templates/config/plugins/md4.conf +usr/share/strongswan/templates/config/plugins/mysql.conf +usr/share/strongswan/templates/config/plugins/ntru.conf usr/share/strongswan/templates/config/plugins/pkcs11.conf +usr/share/strongswan/templates/config/plugins/soup.conf +usr/share/strongswan/templates/config/plugins/sql.conf +usr/share/strongswan/templates/config/plugins/sqlite.conf +usr/share/strongswan/templates/config/plugins/systime-fix.conf usr/share/strongswan/templates/config/plugins/test-vectors.conf usr/share/strongswan/templates/config/plugins/tpm.conf +usr/share/strongswan/templates/config/plugins/unbound.conf +usr/share/strongswan/templates/database/sql/mysql.sql +usr/share/strongswan/templates/database/sql/sqlite.sql +etc/strongswan.d/charon/acert.conf +etc/strongswan.d/charon/attr-sql.conf etc/strongswan.d/charon/ccm.conf etc/strongswan.d/charon/chapoly.conf etc/strongswan.d/charon/cmac.conf +etc/strongswan.d/charon/coupling.conf etc/strongswan.d/charon/ctr.conf etc/strongswan.d/charon/curl.conf etc/strongswan.d/charon/curve25519.conf +etc/strongswan.d/charon/dnscert.conf etc/strongswan.d/charon/gcrypt.conf +etc/strongswan.d/charon/ipseckey.conf etc/strongswan.d/charon/ldap.conf +etc/strongswan.d/charon/md4.conf +etc/strongswan.d/charon/mysql.conf +etc/strongswan.d/charon/ntru.conf etc/strongswan.d/charon/pkcs11.conf +etc/strongswan.d/charon/soup.conf +etc/strongswan.d/charon/sql.conf +etc/strongswan.d/charon/sqlite.conf +etc/strongswan.d/charon/systime-fix.conf etc/strongswan.d/charon/test-vectors.conf etc/strongswan.d/charon/tpm.conf -# TPM libs -usr/lib/ipsec/libtpmtss.so.* -usr/lib/ipsec/libtpmtss.so +etc/strongswan.d/charon/unbound.conf diff --git a/debian/libstrongswan-standard-plugins.install b/debian/libstrongswan-standard-plugins.install index d97a36ae4..b94baa812 100644 --- a/debian/libstrongswan-standard-plugins.install +++ b/debian/libstrongswan-standard-plugins.install @@ -9,3 +9,6 @@ usr/share/strongswan/templates/config/plugins/openssl.conf etc/strongswan.d/charon/agent.conf etc/strongswan.d/charon/gcm.conf etc/strongswan.d/charon/openssl.conf +# TPM support libs +usr/lib/ipsec/libtpmtss.so.* +usr/lib/ipsec/libtpmtss.so diff --git a/debian/rules b/debian/rules index ef41a61c3..3526581e2 100755 --- a/debian/rules +++ b/debian/rules @@ -4,21 +4,36 @@ export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 export DEB_BUILD_MAINT_OPTIONS=hardening=+all CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \ + --with-tss=trousers \ + --enable-acert \ --enable-addrblock \ --enable-agent \ + --enable-attr-sql \ + --enable-bliss \ --enable-bypass-lan \ --enable-ccm \ --enable-certexpire \ --enable-chapoly \ --enable-cmd \ + --enable-coupling \ --enable-ctr \ --enable-curl \ + --enable-dnscert \ --enable-eap-aka \ + --enable-eap-aka-3gpp2 \ + --enable-eap-dynamic \ --enable-eap-gtc \ --enable-eap-identity \ --enable-eap-md5 \ --enable-eap-mschapv2 \ + --enable-eap-peap \ --enable-eap-radius \ + --enable-eap-sim \ + --enable-eap-simaka-pseudonym \ + --enable-eap-simaka-reauth \ + --enable-eap-simaka-sql \ + --enable-eap-sim-file \ + --enable-eap-sim-pcsc \ --enable-eap-tls \ --enable-eap-tnc \ --enable-eap-ttls \ @@ -26,17 +41,49 @@ CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \ --enable-gcm \ --enable-gcrypt \ --enable-ha \ + --enable-imc-attestation \ + --enable-imc-os \ + --enable-imc-scanner \ + --enable-imc-swid \ + --enable-imc-test \ + --enable-imv-attestation \ + --enable-imv-os \ + --enable-imv-scanner \ + --enable-imv-swid \ + --enable-imv-test \ + --enable-ipseckey \ --enable-kernel-libipsec \ --enable-ldap \ --enable-led \ + --enable-load-tester \ --enable-lookip \ --enable-mediation \ + --enable-md4 \ + --enable-mysql \ + --enable-ntru \ --enable-openssl \ --enable-pkcs11 \ + --enable-radattr \ + --enable-soup \ + --enable-sql \ + --enable-sqlite \ + --enable-systime-fix \ --enable-test-vectors \ --enable-tpm \ + --enable-tnccs-11 \ + --enable-tnccs-20 \ + --enable-tnccs-dynamic \ + --enable-tnc-ifmap \ + --enable-tnc-imc \ + --enable-tnc-imv \ + --enable-tnc-pdp \ + --enable-unbound \ + --enable-unit-tests \ --enable-unity \ + --enable-whitelist \ --enable-xauth-eap \ + --enable-xauth-generic \ + --enable-xauth-noauth \ --enable-xauth-pam \ --disable-blowfish \ --disable-fast \ diff --git a/debian/strongswan-starter.install b/debian/strongswan-starter.install index 9a4c0d169..b5250dc5d 100644 --- a/debian/strongswan-starter.install +++ b/debian/strongswan-starter.install @@ -16,3 +16,7 @@ usr/lib/ipsec/plugins/libstrongswan-stroke.so usr/share/strongswan/templates/config/plugins/stroke.conf etc/strongswan.d/charon/stroke.conf debian/usr.lib.ipsec.stroke /etc/apparmor.d/ +#pool +usr/lib/ipsec/pool +usr/share/strongswan/templates/config/strongswan.d/pool.conf +etc/strongswan.d/pool.conf -- GitLab