[strongSwan] pluto uses which kernel interface

Andreas Steffen andreas.steffen at strongswan.org
Tue Nov 16 11:41:51 CET 2010 

Hmm, it seems that the kernel-pfkey plugin needs the kernel-netlink
plugin. Could you load kernel-pfkey before kernel-netlink and check
if pluto works without charon?

Regards

Andreas

On 11/16/2010 06:58 AM, anand rao wrote:
> Hi Andreas,
>
>      Thanks for the quick the reply.
>   In my strongSwan 4.3.6 configuration I have not selected kernle-netlink plugin
> and selected kernel-pfkey plugin.
> In this case pluto doesn't work, this is expected because it doesn't use pfkey
> interface, but I observed that
> when both charon and pluto are run together then pluto is able to establish the
> SA's successfully, does it mean that
> when pluto is run along with charon it takes the charon's kernel-interface to
> configure SA's?
>
> Thanks
> -Anand
>
>
> ----- Original Message ----
> From: Andreas Steffen<andreas.steffen at strongswan.org>
> To: anand rao<anandrao_me at yahoo.co.in>
> Cc: users at lists.strongswan.org
> Sent: Tue, November 9, 2010 3:55:50 PM
> Subject: Re: [strongSwan] pluto uses which kernel interface
>
> Hello Anand,
>
> pluto in strongSwan 4.3.6 uses the XFRM Netlink interface to communicate
> with the native IPsec stack of the Linux 2.6 kernel.
>
> With strongSwan 4.5.0 pluto loads charon's kernel-netlink plugin
> and uses the XFRM Netlink interface per default. Alternatively you can
> enable the kernel-pfkey plugin
>
>     ./configure --disable kernel-netlink --enable-kernel-pfkey
>
> which uses the PFKEYv2 interface to communicate with the kernel.
> I haven't tested this with pluto but there are PFKEYv2 test scenarios
> for the charon daemon:
>
>    http://www.strongswan.org/uml/testresults/pfkey/index.html
>
> Kind regards
>
> Andreas
>
> On 11/09/2010 10:50 AM, anand rao wrote:
>> Hi,
>>
>>      From the mailing list I found out that PLUTO doesn't have support for
>> PFKEYv2
>> kernel interface.
>>
>> Can you please let me know which interface does PLUTO uses to communicate with
>> XFRM (kernel).
>> I am using strongswan 4.3.6 version.
>>
>> Thanks
>> -Anand

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list