[strongSwan] support for pfkey

Andreas Steffen andreas.steffen at strongswan.org
Fri Apr 16 11:33:09 CEST 2010

Hi Anil,

what do you want to know? Pluto has pfkey support with the old
KLIPS IPsec stack only, whereas charon has a kernel-pfkey plugin
which allows the IKEv2 daemon to communicate even with the
Linux 2.6 NETKEY IPsec stack via the PF_KEYv2 interface, although
there are more capabilities (e.g. AEAD authenticated encryption
support) by using the XFRM netlink interface. You can find a
couple of PFKEY example scenarios here:


Of course the kernel-pfkey plugin can be used to run charon on
FreeBSD and Mac OS X or potentially on other operating system
possessing a PF_KEYv2 kernel interface.

Best regards


On 16.04.2010 11:06, NAGARAJAN, ANIL (ANIL) wrote:
> Hi All,
> Does charon (strongswan 4.3.5) support pfkey message similar to pluto?
> Regds
> Anil N

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list