[strongSwan-dev] A hand regarding (kernel-)libipsec and Windows

Kevin Lussier Kevin.Lussier at Sophos.com
Fri Aug 11 23:25:05 CEST 2017

Hi Noel.

I was about to venture down this same path myself. You posted your message about a year ago. Were you able to make any further progress?


Kevin Lussier


I'm looking for some help regarding getting (kernel-)libipsec to work on Windows.
I've already written the necessary code to interface with the TAP-Windows driver from OpenVPN
and I already added code to handle the setting of the gateway field in the routes and functions to
perform IO operations on the TUN handles, however, I have some problems getting it to work.

The basic problem is, that despite charon receiving an ESPINUDP packet, the traffic counter does not increase
and I don't get the data on the TAP device (in TUN mode) and vice versa (receiving packets on the handle of the TAP device does not work either yet).

The current state of affairs is, that the negotiation of a CHILD_SA works fine, as does the installation of a route
and the virtual IP.

Short list of what was done:
*add ifdefs and code in libstrongswan to find, open and configure TAP devices on Windows with the TAP-Windows driver
*add short code for setting the GW of the routes over the TAP device on Windows
*merge code from the win-vip branch
*add some code to honor charon.install_virtual_ip_on
*code to perform IO operations on the handles
*create/copy header files for (missing) constants

My code can be found on Github (https://github.com/Thermi/strongswan) in the windows-libipsec branch. If you like to help, you probably want to look at the diff from
commit 1dabd0fb1cfdb5b3381d45a39a7cb134651b72a9 to HEAD.

I'd greatly appreciate a helping hand that sheds some light on what I'm doing wrong or what's still missing.


Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20170811/12731547/attachment.html>

More information about the Dev mailing list