On 6/29/2020 3:31 AM, Tobias Brunner wrote:
Hi Tom,
Is the xfrm_user.ko module used for both traffic going out and coming
back in via StrongSwan / IPSEC ?
It's not used for handling traffic at all. It provides the interface to
configure the IPsec stack (SAs and policies) from userland. It does
rely on general Netlink infrastructure, but no idea what symbol could be
missing. Maybe the kernel version doesn't match exactly?
Regards,
Tobias
That's a bit odd then. Traffic arriving at the on-prem VPN GW from the
Azure VPN Gateway, makes it through just fine. This appears to confirm
routing and general connectivity works.
It's the traffic going from the on-prem VPN GW to the Azure GW where the
issue is.
Looking at xfrm_user.ko, I notice the dependencies it has are:
./net/ipv4/xfrm4_policy.c
./net/ipv4/xfrm4_state.c
Or basically:
xfrm4_policy.ko
xfrm4_state.ko
Neither of these are listed in the dependency list however realized
these were missing while inserting the other .ko modules. Trying to get
a copy of them so I can try this out and see if it makes a difference.
Maybe add these to the dependency list on the wiki?
--
Thx,
TK.
