diff --git a/pkgs/tools/networking/strongswan/default.nix b/pkgs/tools/networking/strongswan/default.nix
index 7d427ac9622..7a9edef5004 100644
--- a/pkgs/tools/networking/strongswan/default.nix
+++ b/pkgs/tools/networking/strongswan/default.nix
@@ -1,4 +1,6 @@
-{ stdenv, fetchurl, gmp, pkgconfig, python, autoreconfHook }:
+{ stdenv, fetchurl, gmp, pkgconfig, python, autoreconfHook
+, curl, trousers, sqlite
+, enableTNC ? false }:
 
 stdenv.mkDerivation rec {
   name = "strongswan-5.3.2";
@@ -10,7 +12,9 @@ stdenv.mkDerivation rec {
 
   dontPatchELF = true;
 
-  buildInputs = [ gmp pkgconfig python autoreconfHook ];
+  buildInputs =
+    [ gmp pkgconfig python autoreconfHook ]
+    ++ stdenv.lib.optionals enableTNC [ curl trousers sqlite ];
 
   patches = [
     ./ext_auth-path.patch
@@ -18,7 +22,17 @@ stdenv.mkDerivation rec {
     ./updown-path.patch
   ];
 
-  configureFlags = [ "--enable-swanctl" "--enable-cmd" ];
+  configureFlags =
+    [ "--enable-swanctl" "--enable-cmd" ]
+    ++ stdenv.lib.optionals enableTNC [
+         "--disable-gmp" "--disable-aes" "--disable-md5" "--disable-sha1" "--disable-sha2" "--disable-fips-prf"
+         "--enable-curl" "--enable-openssl" "--enable-eap-identity" "--enable-eap-md5" "--enable-eap-mschapv2"
+         "--enable-eap-tnc" "--enable-eap-ttls" "--enable-eap-dynamic" "--enable-tnccs-20"
+         "--enable-tnc-imc" "--enable-imc-os" "--enable-imc-attestation"
+         "--enable-tnc-imv" "--enable-imv-attestation"
+         "--with-tss=trousers"
+         "--enable-aikgen"
+         "--enable-sqlite" ];
 
   NIX_LDFLAGS = "-lgcc_s" ;
 
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 8c0a818b38f..de30cfb392c 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -3066,6 +3066,8 @@ let
 
   strongswan = callPackage ../tools/networking/strongswan { };
 
+  strongswanTNC = callPackage ../tools/networking/strongswan { enableTNC=true; };
+
   su = shadow.su;
 
   subsonic = callPackage ../servers/misc/subsonic { };