Presently, the strongswan defaults are too minimal to be used with most common VPN setups. This commit enables support for a number of things that should make strongswan much more usable in Guix. --- gnu/packages/networking.scm | 47 +++++++++++++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 8bcaa98fbb..bfaf8a8535 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -2861,16 +2861,59 @@ displays the results in real time.") #t))) #:configure-flags (list - ;; Disable bsd-4 licensed plugins. + ;; Disable bsd-4 licensed plugins (Blowfish, DES). + "--disable-blowfish" "--disable-des" - "--disable-blowfish"))) + "--disable-ldap" + "--disable-mysql" + "--disable-systemd" + "--enable-aesni" + "--enable-attr-sql" + "--enable-chapoly" + "--enable-curl" + "--enable-dhcp" + "--enable-eap-aka" + "--enable-eap-aka-3gpp" + "--enable-eap-dynamic" + "--enable-eap-identity" + "--enable-eap-md5" + "--enable-eap-mschapv2" + "--enable-eap-peap" + "--enable-eap-radius" + "--enable-eap-sim" + "--enable-eap-sim-file" + "--enable-eap-simaka-pseudonym" + "--enable-eap-simaka-reauth" + "--enable-eap-simaka-sql" + "--enable-eap-tls" + "--enable-eap-tnc" + "--enable-eap-ttls" + "--enable-ext-auth" + "--enable-farp" + "--enable-ha" + "--enable-led" + "--enable-md4" + "--enable-mediation" + "--enable-openssl" + "--enable-soup" + "--enable-sql" + "--enable-sqlite" + "--enable-xauth-eap" + "--enable-xauth-noauth" + "--enable-xauth-pam" + ;; Use libcap by default + "--with-capabilities=libcap"))) (inputs `(("curl" ,curl) ("gmp" ,gmp) + ("libcap" ,libcap) ("libgcrypt" ,libgcrypt) + ("libsoup" ,libsoup) + ("linux-pam" ,linux-pam) ("openssl" ,openssl))) (native-inputs `(("coreutils" ,coreutils) + ("pkg-config" ,pkg-config) ("tzdata" ,tzdata-for-tests))) (synopsis "IKEv1/v2 keying daemon") (description "StrongSwan is an IPsec implementation originally based upon -- 2.31.1