[strongSwan-dev] How to disable Extended sequence number support from SS5 code

Martin Willi martin at strongswan.org
Tue Aug 21 08:03:57 CEST 2012

Hi Jordan,

> 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported.

This error is triggered at [1] while installing IPsec bypass policy for
the IKE socket. I don't think it is related to ESN, but something else
is missing in your kernel configuration. Please check that you have all
options included as seen in [2].

> I prefer to disable ESN instead of patching my kernel to limited other
> side effects to other code

ESN is used only if you include it in your "esp" proposal in ipsec.conf,
otherwise ESN is disabled.



More information about the Dev mailing list