Hi Martin, Thanks for your reply. I've enabled all the kernel options set as described here:
http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules Despite this the setsockopt doesn't work. I added some more debugging output at the setsockopt function and this is what i get: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported 00[KNL] file strongswan/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c, function bypass_socket 00[KNL] XFRM_PPLICY_OUT sol = 0, ipsec_policy = 17, policy.sel.dport = 0 00[NET] installing IKE bypass policy failed Ok, so you're doing a setsockopt SO_PEERCRED call. Do you have any other hints for me what this could be happening? I am running linux 2.6.34 kernel for x86_64. Thanks, Jordan. On Mon, Aug 20, 2012 at 11:03 PM, Martin Willi <mar...@strongswan.org>wrote: > Hi Jordan, > > > 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported. > > This error is triggered at [1] while installing IPsec bypass policy for > the IKE socket. I don't think it is related to ESN, but something else > is missing in your kernel configuration. Please check that you have all > options included as seen in [2]. > > > I prefer to disable ESN instead of patching my kernel to limited other > > side effects to other code > > ESN is used only if you include it in your "esp" proposal in ipsec.conf, > otherwise ESN is disabled. > > Regards > Martin > > [1] > http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c;h=73d29005#l2583 > [2]http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules > >
_______________________________________________ Dev mailing list Dev@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/dev
