Hi, > Is there a way to reduce the size of charon and strongswan
> #./configure CPPFLAGS=-Os Passing -Os as preprocessor flag does not work (and makes no sense), because strongSwan has default CFLAGS with -O2. Set -Os in CFLAGS instead. > --enable-monolithic A monolithic build can reduce the size slightly, so you should keep that. > -rw-r--r-- 1 root users 10998220 Sep 12 16:16 libcharon.a > -rwxr-xr-x 1 root users 974 Sep 12 16:16 libcharon.la > lrwxrwxrwx 1 root users 18 Sep 12 16:16 libcharon.so -> > libcharon.so.0.0.0 > lrwxrwxrwx 1 root users 18 Sep 12 16:16 libcharon.so.0 -> > libcharon.so.0.0.0 > -rwxr-xr-x 1 root users 4687143 Sep 12 16:16 libcharon.so.0.0.0 After make install, you can remove the *.a and *.la files, that should save a few kbytes. Also you should really strip shared libraries and binaries after installation with a "strip" tool of your choice. It also seems that LLVM can produce slightly smaller binaries than gcc, so if it is an option you can try to set CC=clang. Regarding plugins, you might consider disabling the following: * updown: if you don't need leftfirewall/leftupdown options * attr: if you don't set IKE attributes in strongswan.conf * x509: openssl has its own (but simpler) certificate support * constraints: if you don't need advanced x509 constraints checking * revocation: if you don't need CRL/OCSP checking * reslove: if you don't receive DNS configuration from an IKE server * pubkey: usually not needed * random: OpenSSL provides an RNG (for lower qualities) itself Disabling these plugins does not have a huge impact, though. OpenSSL by itself is huge, btw. If you have no other users for it, you should consider removing it and use our own crypto plugins instead. If you don't need IKEv1/IKEv2, you should disable these protocols accordingly. Following all these tips, it should be possible to reduce the overall strongSwan footprint to under 1MB. Regards Martin _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users