sudo
is not required to install strongSwan, but is later needed when running ipsec, swanctl, or charon-cmd.--disable-kernel-netlink
- Required to disable the Linux-specific kernel interface--enable-kernel-pfroute
- Required to enable the interface to the Mac OS X network stack--enable-kernel-pfkey
- Required to enable the interface to the Mac OS X IPsec stack. Alternatively, the --enable-kernel-libipsec
option may be used to enable strongSwan's userland IPsec implementation that provides support for AES-GCM (depending on plugin configuration) in IPsec processing, which the Mac OS X kernel currently does not--disable-gmp --enable-openssl
- Recommended to avoid additional dependencies by using the system's OpenSSL library instead of the GMP library for public key cryptography--enable-osx-attr
- Recommended to enable DNS server installation via SystemConfiguration--disable-scripts
- Required because these scripts are not fully portable--with-lib-prefix=/opt/local
- Required because MacPorts installs libraries and header files in /opt/local
--disable-pluto
.