Installation Documentation

Distribution Packages

There are currently packages for:

  • Arch Linux

  • Debian / Ubuntu

    Note on Debian/Ubuntu packages

    When installing the strongswan metapackage, the legacy daemon and configuration backend are installed. To use swanctl/vici instead, install the charon-systemd and strongswan-swanctl packages and remove both the strongswan-starter and strongswan-charon packages. Make sure you only have either the charon-systemd or the strongswan-starter package installed (or at least disable one of the systemd units they install, which are strongswan.service and strongswan-starter.service, respectively).

  • openSUSE

  • Gentoo

  • Fedora

  • Red Hat Enterprise Linux and CentOS via EPEL

  • FreeBSD

  • Homebrew (macOS)

Compile strongSwan Yourself

Make sure no strongSwan-related distribution packages are installed before building and installing strongSwan from sources

Linux Kernel Requirements

strongSwan should run on most distros' kernels. If you build your own kernel, include the required kernel modules.

Building strongSwan

The GNU build system (Autotools) is used to build strongSwan. There is an ever growing list of ./configure options available.

Many of these configuration options are enabled by default. Thus please use ./configure --help to check which options are actually available for your strongSwan release.

Refer to the list of plugins to learn more about the plugins enabled with the above options.

Some plugins have dependencies on third-party libraries. To compile these plugins, the header files of those libraries are required. Make sure these are installed on your system, e.g. by installing the appropriate -dev package on Debian-based systems. Otherwise, the configure script will complain that it can’t find the library or header files.

The build procedure is as with any autotools project:

  1. Download strongSwan:

    wget https://download.strongswan.org/strongswan-x.x.x.tar.bz2
  2. Unpack the tarball and navigate into the directory:

    tar xjf strongswan-x.x.x.tar.bz2
    cd strongswan-x.x.x
  3. Configure strongSwan using the available options:

    ./configure --prefix=/usr --sysconfdir=/etc --<your-options>
  4. Build the sources and install the binaries as root:

    make
    sudo make install

Building from the Git Repository

To build strongSwan from the Git repository, additional tools and steps are required. Check HACKING for details.

Monolithic Builds

Plugins can be included in their associated library in a so called monolithic build (--enable-monolithic). That way it’s not necessary to distribute separate shared object files for each plugin but only the major libraries and executables. The plugins that are loaded at runtime may still be controlled with the options described here.

Static Builds

Since version 5.5.3 a static build that only relies on third-party libraries, i.e. in which our own libraries and plugins are all statically linked into the executables can be achieved by configuring with

--disable-shared --enable-static --enable-monolithic

Including third-party static libraries requires manual modification of the Makefiles due to limitations of our build system (see e.g. the Makefile for the fuzzing targets fuzz/Makefile.am).

Configuration Management

If you use CM to manage software, there are some options available to help configure strongSwan.

Chef

Useful cookbooks include:

Puppet

Useful modules include: