diff options
author | Domagoj Stolfa <ds815@gmx.com> | 2021-05-24 21:11:55 +0100 |
---|---|---|
committer | Tobias Geerinckx-Rice <me@tobias.gr> | 2021-06-06 15:35:47 +0200 |
commit | 77056478a2de22db6613d24ed37f7496afba42db (patch) | |
tree | db5a18693265ba3f5570014e543f8900492f3657 /gnu | |
parent | f7331f06dbabd855ac536ff0ec367bb5e25ea959 (diff) | |
download | guix-77056478a2de22db6613d24ed37f7496afba42db.tar guix-77056478a2de22db6613d24ed37f7496afba42db.tar.gz |
gnu: strongswan: Configure more sensible defaults.
* gnu/packages/networking.scm (strongswan)[arguments]<#:configure-flags>:
Enable aesni, attr-sql, chapoly, curl, dhcp, eap-aka, eap-aka-3gpp,
eap-dynamic, eap-identity, eap-md5, eap-mschapv2, eap-peap, eap-radius,
eap-sim, eap-sim-file, eap-simaka-pseudonym, eap-simaka-reauth,
eap-simaka-sql, eap-tls, eap-tnc, eap-ttls, ext-auth, farp, ha, led, md4,
mediation, openssl, soup, sql, sqlite, xauth-eap, xauth-noauth, and
xauth-pam support.
Disable ldap, mysql, and systemd support.
Use libcap by default.
[inputs]: Add libcap, libsoup, and linux-pam.
[native-inputs]: Add pkg-config.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/packages/networking.scm | 53 |
1 files changed, 51 insertions, 2 deletions
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index d0bf86c0b8..82c7a0161a 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -2881,16 +2881,65 @@ displays the results in real time.") #t))) #:configure-flags (list - ;; Disable bsd-4 licensed plugins. + "--disable-ldap" + "--disable-mysql" + "--disable-systemd" + + ;; Disable BSD-4 licensed plugins. + "--disable-blowfish" "--disable-des" - "--disable-blowfish"))) + + ;; Make it usable. The default configuration is far too minimal to be + ;; used with most common VPN set-ups. + ;; See <https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf>. + "--enable-aesni" + "--enable-attr-sql" + "--enable-chapoly" + "--enable-curl" + "--enable-dhcp" + "--enable-eap-aka" + "--enable-eap-aka-3gpp" + "--enable-eap-dynamic" + "--enable-eap-identity" + "--enable-eap-md5" + "--enable-eap-mschapv2" + "--enable-eap-peap" + "--enable-eap-radius" + "--enable-eap-sim" + "--enable-eap-sim-file" + "--enable-eap-simaka-pseudonym" + "--enable-eap-simaka-reauth" + "--enable-eap-simaka-sql" + "--enable-eap-tls" + "--enable-eap-tnc" + "--enable-eap-ttls" + "--enable-ext-auth" + "--enable-farp" + "--enable-ha" + "--enable-led" + "--enable-md4" + "--enable-mediation" + "--enable-openssl" + "--enable-soup" + "--enable-sql" + "--enable-sqlite" + "--enable-xauth-eap" + "--enable-xauth-noauth" + "--enable-xauth-pam" + + ;; Use libcap by default. + "--with-capabilities=libcap"))) (inputs `(("curl" ,curl) ("gmp" ,gmp) + ("libcap" ,libcap) ("libgcrypt" ,libgcrypt) + ("libsoup" ,libsoup) + ("linux-pam" ,linux-pam) ("openssl" ,openssl))) (native-inputs `(("coreutils" ,coreutils) + ("pkg-config" ,pkg-config) ("tzdata" ,tzdata-for-tests))) (synopsis "IKEv1/v2 keying daemon") (description "StrongSwan is an IPsec implementation originally based upon |