[strongSwan-dev] How to disable Extended sequence number support from SS5 code
yordanosb at gmail.com
Thu Aug 23 07:59:29 CEST 2012
Thanks for your reply.
I've enabled all the kernel options set as described here:
Despite this the setsockopt doesn't work.
I added some more debugging output at the setsockopt function and this is
what i get:
00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
00[KNL] XFRM_PPLICY_OUT sol = 0, ipsec_policy = 17, policy.sel.dport = 0
00[NET] installing IKE bypass policy failed
Ok, so you're doing a setsockopt SO_PEERCRED call.
Do you have any other hints for me what this could be happening?
I am running linux 2.6.34 kernel for x86_64.
On Mon, Aug 20, 2012 at 11:03 PM, Martin Willi <martin at strongswan.org>wrote:
> Hi Jordan,
> > 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported.
> This error is triggered at  while installing IPsec bypass policy for
> the IKE socket. I don't think it is related to ESN, but something else
> is missing in your kernel configuration. Please check that you have all
> options included as seen in .
> > I prefer to disable ESN instead of patching my kernel to limited other
> > side effects to other code
> ESN is used only if you include it in your "esp" proposal in ipsec.conf,
> otherwise ESN is disabled.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev