[strongSwan] bare minimum required kernel modules/version

Martin Willi martin at strongswan.org
Fri Mar 19 09:15:11 CET 2010


> I for one don't have "IP: policy routing" enabled (didn't know 
> it was "required") and strongswan still works just fine.

It's not required, but highly recommended. IKEv2 uses a separate routing
table for own routes installed along with tunnels. This allows it to
ignore these routes for IKE traffic, as these routes should not affect
routing of IKE packets not handled by a tunnel.

The daemon can work without these tables, but some scenarios (especially
with virtual IPs) might be problematic that way.

> Thanks for taking the time... and if you have any suggestions or critique for 
> the Gentoo ebuild, please let me know, so I can improve things.

Please have a look at the NetworkManager plugin for strongSwan [1]. It
provides a convenient integration into the gnome desktop for
remote-access with IKEv2. The strongSwan daemon requires the DBUS
interface, enabled with --enable-nm. If enabled, you could pull in the
dependency to a separate package providing the NetworkManager plugin



More information about the Users mailing list