[strongSwan-dev] How to disable Extended sequence number support from SS5 code
Martin Willi
martin at strongswan.org
Tue Aug 21 08:03:57 CEST 2012
Hi Jordan,
> 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported.
This error is triggered at [1] while installing IPsec bypass policy for
the IKE socket. I don't think it is related to ESN, but something else
is missing in your kernel configuration. Please check that you have all
options included as seen in [2].
> I prefer to disable ESN instead of patching my kernel to limited other
> side effects to other code
ESN is used only if you include it in your "esp" proposal in ipsec.conf,
otherwise ESN is disabled.
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c;h=73d29005#l2583
[2]http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
More information about the Dev
mailing list