[strongSwan-dev] How to disable Extended sequence number support from SS5 code

yordanos beyene yordanosb at gmail.com
Tue Aug 21 09:12:09 CEST 2012


Thank you Martin for the quick response.

My environment worked fine with strongswan 4.6.3, and I am seeing the
issue when I tried to upgraded  to strongswan 5.0.0. That is why I
felt the issue may be related to ESN which is added in later versions
and my kernel doesn't support it.

I may probably be having issues with the build process. I am using my
own makefiles and I may be missing something as I integrate SS 5.0
version.

Does libhydra need to be linked to any of the plugins? Do I need to
build charon-nm? Please explain. I may have some dependency issues.

Thanks!

Jordan.

On Mon, Aug 20, 2012 at 11:51 PM, yordanos beyene <yordanosb at gmail.com> wrote:
> Thank you Martin for the quick response.
>
> My environment worked fine with strongswan 4.6.3, and I am seeing the
> issue when I tried to upgraded  to strongswan 5.0.0. That is why I
> felt the issue may be related to ESN which is added in later versions
> and my kernel doesn't support it.
>
> I may probably be having issues with the build process. I am using my
> own makefiles and I may be missing something as I integrate SS 5.0
> version.
>
> Does libhydra need to be linked to any of the plugins? Do I need to
> build charon-nm? Please explain. I may have some dependency issues.
>
> Thanks!
>
> Jordan.
>
> , Aug 20, 2012 at 11:03 PM, Martin Willi <martin at strongswan.org> wrote:
>> Hi Jordan,
>>
>>> 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported.
>>
>> This error is triggered at [1] while installing IPsec bypass policy for
>> the IKE socket. I don't think it is related to ESN, but something else
>> is missing in your kernel configuration. Please check that you have all
>> options included as seen in [2].
>>
>>> I prefer to disable ESN instead of patching my kernel to limited other
>>> side effects to other code
>>
>> ESN is used only if you include it in your "esp" proposal in ipsec.conf,
>> otherwise ESN is disabled.
>>
>> Regards
>> Martin
>>
>> [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c;h=73d29005#l2583
>> [2]http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
>>




More information about the Dev mailing list