Hi, I wish to have IKE use the crypto services of the kernel rather than the default user space ones. It was brought to my attention that af-alg plugin allows such behavior.
Now I am trying to build strongSwan with that plugin. I know of this example config: https://www.strongswan.org/testing/testresults/af-alg/rw-cert/ And was trying to follow it, loading the same plugins listed in Carol’s strongswan.conf (except that I was loading them using the configure script instead of strongswan.conf). Here is the output of the configure script command: strongSwan will be built with the following plugins libstrongswan: test-vectors mgf1 random nonce x509 revocation constraints pubkey pkcs1 pem openssl af-alg gmp ctr ccm gcm curl libcharon: kernel-netlink socket-default stroke vici updown counters libtnccs: libtpmtss: Then I make and make install it, and restart ipsec. Looking at the logs, I see messages indicating the various plugins are loaded successfully, and the last message I see is that ‘af-alg’ plugin is loaded successfully. I don’t see any other messages after that. Running ‘ipsec statusall’ doesn’t show any output at all. So my conclusion is that strongSwan is not running the way I wanted it to. Can you help me figure out what am I missing? Thanks, Roee.