Hi,

I wish to have IKE use the crypto services of the kernel rather than the 
default user space ones. It was brought to my attention that af-alg plugin 
allows such behavior.

Now I am trying to build strongSwan with that plugin. I know of this example 
config:
https://www.strongswan.org/testing/testresults/af-alg/rw-cert/

And was trying to follow it, loading the same plugins listed in Carol’s 
strongswan.conf (except that I was loading them using the configure script 
instead of strongswan.conf).

Here is the output of the configure script command:

strongSwan will be built with the following plugins
libstrongswan: test-vectors mgf1 random nonce x509 revocation constraints 
pubkey pkcs1 pem openssl af-alg gmp ctr ccm gcm curl
libcharon:         kernel-netlink socket-default stroke vici updown counters
libtnccs:
libtpmtss:

Then I make and make install it, and restart ipsec.
Looking at the logs, I see messages indicating the various plugins are loaded 
successfully, and the last message I see is that ‘af-alg’ plugin is loaded 
successfully. I don’t see any other messages after that.

Running ‘ipsec statusall’ doesn’t show any output at all.

So my conclusion is that strongSwan is not running the way I wanted it to.
Can you help me figure out what am I missing?

Thanks,
Roee.


Reply via email to