[strongSwan] pluto uses which kernel interface

anand rao anandrao_me at yahoo.co.in
Tue Nov 16 06:58:30 CET 2010

Hi Andreas,

    Thanks for the quick the reply. 
 In my strongSwan 4.3.6 configuration I have not selected kernle-netlink plugin 
and selected kernel-pfkey plugin.
In this case pluto doesn't work, this is expected because it doesn't use pfkey 
interface, but I observed that
when both charon and pluto are run together then pluto is able to establish the 
SA's successfully, does it mean that 
when pluto is run along with charon it takes the charon's kernel-interface to 
configure SA's?


----- Original Message ----
From: Andreas Steffen <andreas.steffen at strongswan.org>
To: anand rao <anandrao_me at yahoo.co.in>
Cc: users at lists.strongswan.org
Sent: Tue, November 9, 2010 3:55:50 PM
Subject: Re: [strongSwan] pluto uses which kernel interface

Hello Anand,

pluto in strongSwan 4.3.6 uses the XFRM Netlink interface to communicate
with the native IPsec stack of the Linux 2.6 kernel.

With strongSwan 4.5.0 pluto loads charon's kernel-netlink plugin
and uses the XFRM Netlink interface per default. Alternatively you can 
enable the kernel-pfkey plugin

   ./configure --disable kernel-netlink --enable-kernel-pfkey

which uses the PFKEYv2 interface to communicate with the kernel.
I haven't tested this with pluto but there are PFKEYv2 test scenarios
for the charon daemon:


Kind regards


On 11/09/2010 10:50 AM, anand rao wrote:
> Hi,
>     From the mailing list I found out that PLUTO doesn't have support for 
> kernel interface.
> Can you please let me know which interface does PLUTO uses to communicate with
> XFRM (kernel).
> I am using strongswan 4.3.6 version.
> Thanks
> -Anand

Andreas Steffen                        andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)


More information about the Users mailing list