--- /dev/null
+comment "strongswan needs a toolchain w/ threads"
+ depends on BR2_USE_MMU
+ depends on !BR2_TOOLCHAIN_HAS_THREADS
+
+menuconfig BR2_PACKAGE_STRONGSWAN
+ bool "strongswan"
+ depends on BR2_USE_MMU # fork()
+ depends on BR2_TOOLCHAIN_HAS_THREADS
+ help
+ strongSwan is an OpenSource IPsec implementation for the
+ Linux operating system. It is based on the discontinued
+ FreeS/WAN project and the X.509 patch.
+
+ The focus is on:
+ - simplicity of configuration
+ - strong encryption and authentication methods
+ - powerful IPsec policies supporting large and complex VPN networks
+
+ strongSwan provide many plugins. Only a few are presented here.
+
+ http://www.strongswan.org/
+
+if BR2_PACKAGE_STRONGSWAN
+
+choice
+ prompt "Cryptographic backend"
+ default BR2_PACKAGE_STRONGSWAN_GMP
+
+config BR2_PACKAGE_STRONGSWAN_OPENSSL
+ bool "OpenSSL"
+ select BR2_PACKAGE_OPENSSL
+
+config BR2_PACKAGE_STRONGSWAN_GCRYPT
+ bool "libgcrypt"
+ select BR2_PACKAGE_LIBGCRYPT
+
+config BR2_PACKAGE_STRONGSWAN_GMP
+ bool "GNU MP (libgmp)"
+ select BR2_PACKAGE_GMP
+
+endchoice
+
+config BR2_PACKAGE_STRONGSWAN_AF_ALG
+ bool "Enable AF_ALG crypto interface to Linux Crypto API"
+
+config BR2_PACKAGE_STRONGSWAN_CURL
+ bool "Enable CURL fetcher plugin to fetch files via libcurl"
+ select BR2_PACKAGE_LIBCURL
+
+config BR2_PACKAGE_STRONGSWAN_CHARON
+ bool "Enable the IKEv1/IKEv2 keying daemon charon"
+ default y
+
+if BR2_PACKAGE_STRONGSWAN_CHARON
+
+config BR2_PACKAGE_STRONGSWAN_TNCCS_11
+ bool "Enable TNCCS 1.1 protocol module"
+ select BR2_PACKAGE_LIBXML2
+
+config BR2_PACKAGE_STRONGSWAN_TNCCS_20
+ bool "Enable TNCCS 2.0 protocol module"
+
+config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
+ bool "Enable dynamic TNCCS protocol discovery module"
+
+config BR2_PACKAGE_STRONGSWAN_EAP
+ bool "Enable EAP protocols"
+ help
+ Enable various EAP protocols:
+ - mschapv2
+ - tls
+ - ttls
+ - peap
+ - sim
+ - sim-file
+ - aka
+ - aka-3gpp2
+ - simaka-sql
+ - simaka-pseudonym
+ - simaka-reauth
+ - identity
+ - md5
+ - gtc
+ - tnc
+ - dynamic
+ - radius
+
+if BR2_PACKAGE_STRONGSWAN_EAP
+
+config BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC
+ bool "Enable EAP-SIM smart card backend"
+ depends on !BR2_STATIC_LIBS # pcsc-lite
+ select BR2_PACKAGE_PCSC_LITE
+
+endif
+
+config BR2_PACKAGE_STRONGSWAN_UNITY
+ bool "Enables Cisco Unity extension plugin"
+
+config BR2_PACKAGE_STRONGSWAN_STROKE
+ bool "Enable charons stroke configuration backend"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_SQL
+ bool "Enable SQL database configuration backend"
+ depends on BR2_PACKAGE_SQLITE || BR2_PACKAGE_MYSQL
+
+endif
+
+config BR2_PACKAGE_STRONGSWAN_PKI
+ bool "Enable pki certificate utility"
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_SCEP
+ bool "Enable SCEP client tool"
+
+config BR2_PACKAGE_STRONGSWAN_SCRIPTS
+ bool "Enable additional utilities (found in scripts directory)"
+ depends on BR2_PACKAGE_STRONGSWAN_CHARON
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_VICI
+ bool "Enable vici/swanctl"
+ depends on BR2_PACKAGE_STRONGSWAN_CHARON
+ default y
+
+endif