Hi,

> If we only want Ipv4 support, can this required kernel modules list be 
> shortened?

Yes.

> It seems that I I remove all of the Ipv6 modules the IPsec doesn't work 

Make sure to have at least a 2.6.29 kernel, apply the kernel patch [1]
or use the workaround patch for strongSwan (attached, breaks mixed v4/v6
tunnels).

Regards
Martin

[1]http://kerneltrap.org/mailarchive/linux-netdev/2008/11/25/4231304

Index: src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
===================================================================
--- src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c	(revision 4695)
+++ src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c	(working copy)
@@ -895,10 +895,6 @@
 	sa->id.proto = proto_ike2kernel(protocol);
 	sa->family = src->get_family(src);
 	sa->mode = mode;
-	if (mode == MODE_TUNNEL)
-	{
-		sa->flags |= XFRM_STATE_AF_UNSPEC;
-	}
 	sa->replay_window = (protocol == IPPROTO_COMP) ? 0 : 32;
 	sa->reqid = reqid;
 	/* we currently do not expire SAs by volume/packet count */
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to