[strongSwan-dev] How to disable Extended sequence number support from SS5 code
yordanosb at gmail.com
Tue Sep 4 03:21:22 CEST 2012
Thank you for the tips. It helped me focus on the key issue - XFRM- and
On Thu, Aug 23, 2012 at 11:52 PM, Martin Willi <martin at strongswan.org>wrote:
> Hi Jordan,
> > 00[KNL] XFRM_PPLICY_OUT sol = 0, ipsec_policy = 17, policy.sel.dport 0
> > 00[NET] installing IKE bypass policy failed
> > Ok, so you're doing a setsockopt SO_PEERCRED call.
> No. This setsockopt() works on the SOL_IP level, where 17 stands for
> The call installs a bypass IPsec policy for the IKE socket, forcing all
> IKE communication to stay outside of any established IPsec tunnel.
> > Do you have any other hints for me what this could be happening?
> As already said, most likely is that your kernel (configuration) misses
> support for XFRM. If that doesn't help, you might have to dig into the
> kernel source and find out where and why Linux returns "not supported"
> for this setsockopt operation.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev