Martin, Thank you for the tips. It helped me focus on the key issue - XFRM- and resolved it.
Thanks! Jordan. On Thu, Aug 23, 2012 at 11:52 PM, Martin Willi <[email protected]>wrote: > Hi Jordan, > > > 00[KNL] XFRM_PPLICY_OUT sol = 0, ipsec_policy = 17, policy.sel.dport 0 > > 00[NET] installing IKE bypass policy failed > > > > Ok, so you're doing a setsockopt SO_PEERCRED call. > > No. This setsockopt() works on the SOL_IP level, where 17 stands for > IP_XFRM_POLICY. > > The call installs a bypass IPsec policy for the IKE socket, forcing all > IKE communication to stay outside of any established IPsec tunnel. > > > Do you have any other hints for me what this could be happening? > > As already said, most likely is that your kernel (configuration) misses > support for XFRM. If that doesn't help, you might have to dig into the > kernel source and find out where and why Linux returns "not supported" > for this setsockopt operation. > > Regards > Martin > >
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
