config BR2_PACKAGE_IPSEC_TOOLS
bool "ipsec-tools"
- default n
- select BR2_PACKAGE_OPENSSL
+ depends on BR2_USE_MMU # fork()
+ depends on !BR2_TOOLCHAIN_USES_MUSL # Use __P() macro all over the tree
+ select BR2_PACKAGE_OPENSSL
+ select BR2_PACKAGE_FLEX
help
This package is required to support IPSec for Linux 2.6+
+ http://ipsec-tools.sourceforge.net/
+
+if BR2_PACKAGE_IPSEC_TOOLS
+
config BR2_PACKAGE_IPSEC_TOOLS_ADMINPORT
+ bool "Enable racoonctl(8)"
default y
- depends on BR2_PACKAGE_IPSEC_TOOLS
- bool "Enable racoonctl(8)."
help
- Lets racoon to listen to racoon admin port, which is to
- be contacted by racoonctl(8).
+ Lets racoon to listen to racoon admin port, which is to
+ be contacted by racoonctl(8).
config BR2_PACKAGE_IPSEC_TOOLS_NATT
- default n
- depends on BR2_PACKAGE_IPSEC_TOOLS
bool "Enable NAT-Traversal"
help
- This needs kernel support, which is available on Linux. On
- NetBSD, NAT-Traversal kernel support has not been integrated
- yet, you can get it from here:
+ This needs kernel support, which is available on Linux. On
+ NetBSD, NAT-Traversal kernel support has not been integrated
+ yet, you can get it from here:
- http://ipsec-tools.sourceforge.net/netbsd_nat-t.diff If you
-
- live in a country where software patents are legal, using
- NAT-Traversal might infringe a patent.
+ http://ipsec-tools.sourceforge.net/netbsd_nat-t.diff If you
+ live in a country where software patents are legal, using
+ NAT-Traversal might infringe a patent.
config BR2_PACKAGE_IPSEC_TOOLS_FRAG
- default n
- depends on BR2_PACKAGE_IPSEC_TOOLS
- bool "Enable IKE fragmentation."
+ bool "Enable IKE fragmentation"
help
- Enable IKE fragmentation, which is a workaround for
- broken routers that drop fragmented packets
+ Enable IKE fragmentation, which is a workaround for
+ broken routers that drop fragmented packets
-config BR2_PACKAGE_IPSEC_TOOLS_STATS
- default y
- depends on BR2_PACKAGE_IPSEC_TOOLS
- bool "Enable statistics logging function."
+config BR2_PACKAGE_IPSEC_TOOLS_DPD
+ bool "Enable DPD (Dead Peer Detection)"
+ help
+ Enable dead peer detection support
-config BR2_PACKAGE_IPSEC_TOOLS_IPV6
+config BR2_PACKAGE_IPSEC_TOOLS_STATS
+ bool "Enable statistics logging function"
default y
- depends on BR2_PACKAGE_IPSEC_TOOLS
- bool "Enable IPv6 support"
- help
- This option has no effect if uClibc has been compiled without
- IPv6 support.
config BR2_PACKAGE_IPSEC_TOOLS_READLINE
- default n
- depends on BR2_PACKAGE_IPSEC_TOOLS
- select BR2_READLINE
- bool "Enable readline input support if available."
+ bool "Enable readline input support"
+ select BR2_PACKAGE_READLINE
-config BR2_PACKAGE_IPSEC_TOOLS_LIBS
- bool "Install IPSec libraries under staging_dir/lib"
- default y
- depends on BR2_PACKAGE_IPSEC_TOOLS
+config BR2_PACKAGE_IPSEC_TOOLS_HYBRID
+ bool "Enable hybrid, both mode-cfg and xauth support"
+ help
+ Hybrid mode is required for successful interoperability
+ (e.g. Cisco VPN Client).
+
+choice
+ prompt "Security context"
+ default BR2_PACKAGE_IPSEC_TOOLS_SECCTX_DISABLE
help
- Install libipsec.a and libracoon.a under staging_dir/lib for further
- development on a host machine.
+ Selects whether or not to enable security context support.
+
+config BR2_PACKAGE_IPSEC_TOOLS_SECCTX_DISABLE
+ bool "Disable security context support"
+
+config BR2_PACKAGE_IPSEC_TOOLS_SECCTX_ENABLE
+ bool "Enable SELinux security context support"
+
+config BR2_PACKAGE_IPSEC_TOOLS_SECCTX_KERNEL
+ bool "Enable kernel security context"
+
+endchoice
+
+endif