[strongSwan] bare minimum required kernel modules/version

Andreas Steffen andreas.steffen at strongswan.org
Thu Mar 18 20:42:46 CET 2010

Matthias Dahl wrote:
> Hi.
> I took over the maintainership of the strongswan ebuild on Gentoo and I am 
> currently in the process of polishing it as time permits.
> I'd like to add kernel config sanity checks to the ebuild, so a potential user 
> won't shoot his own feet. Looking around the wiki I found this:
>    http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
> Is this list the real bare minimum even if one only wants to use IPv4? I 
> recall there was some bug that prevented one from configuring w/o IPv6 on some 
> 2.6.28 kernel? I for one don't have "IP: policy routing" enabled (didn't know 
> it was "required") and strongswan still works just fine.
> That brings me to my next question: What is the suggested kernel version for 
> the 4.3.6 release? Currently we allow any 2.6 kernel but I guess that's just a 
> bad idea.
Actually most strongSwan features work with any Linux 2.6 kernel as
far back as 2.6.16 but in order to take advantage of the correct
implementation of the SHA-2 HMAC ESP algorithms which Martin contributed
as a kernel patch I recommend to run strongSwan 4.3.6 with the latest
Linux 2.6.33 kernel.

> Thanks for taking the time... and if you have any suggestions or critique for 
> the Gentoo ebuild, please let me know, so I can improve things.
> So long,
> matthias

Best regards


Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list