class Strongswan < Formula desc "VPN based on IPsec" homepage 'https://www.strongswan.org' url 'https://download.strongswan.org/strongswan-5.3.2.tar.bz2' sha256 "a4a9bc8c4e42bdc4366a87a05a02bf9f425169a7ab0c6f4482d347e44acbf225" bottle do sha256 "dcb83dc117ee1f0b145408d14ef5a832ea8931cedd6d2f3a7c97c157cc577bff" => :yosemite sha256 "bc642bdf33694216316a17fd2d64054b6b7aac5bc73cf5cd231aa868b1108b88" => :mavericks sha256 "f3601206f55048e0d67802fc4d32091cfe3a6bef4c98fa38a2f1e9ddbb832e85" => :mountain_lion end option 'with-curl', 'Build with libcurl based fetcher' option 'with-suite-b', 'Build with Suite B support (does not use the IPsec implementation provided by the kernel)' depends_on 'openssl' depends_on 'curl' => :optional def install args = %W[ --disable-dependency-tracking --prefix=#{prefix} --sbindir=#{bin} --sysconfdir=#{etc} --disable-defaults --enable-charon --enable-cmd --enable-constraints --enable-eap-gtc --enable-eap-identity --enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2 --enable-kernel-pfroute --enable-nonce --enable-openssl --enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1 --enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation --enable-scepclient --enable-socket-default --enable-sshkey --enable-stroke --enable-swanctl --enable-unity --enable-updown --enable-x509 --enable-xauth-generic ] args << "--enable-curl" if build.with? 'curl' args << "--enable-kernel-pfkey" if build.without? 'suite-b' args << "--enable-kernel-libipsec" if build.with? 'suite-b' system "./configure", *args system "make", "install" end def caveats msg = <<-EOS.undent strongSwan's configuration files are placed in: #{etc} You will have to run both 'ipsec' and 'charon-cmd' with 'sudo'. EOS if build.with? 'suite-b' msg += <<-EOS.undent If you previously ran strongSwan without Suite B support it might be required to execute 'sudo sysctl -w net.inet.ipsec.esp_port=0' in order to receive packets. EOS end return msg end end