[strongSwan] Does IKEv2 in strongSwan4.5 support ESN64bit sequence numbers by default (or does not support ESN at all)?

Martin Willi martin at strongswan.org
Fri Apr 15 17:18:55 CEST 2011


> I wanted to setup IKEv2-IPSec tunnels between 2 Linux-Fedora13 servers
> with ESN64 supported. Also iam trying to setup IKEv2-IPSec tunnels
> between a Linux-Fedora13-Strongswan4.5 and a OpenWRT-Linux-Gw (running
> strongSwan4.3.6)

Extended sequence number support has been merged into Linux mainline for
2.6.39. It won't work at all if you're using an older kernel.

Our IKEv2 daemon currently negotiates 32-bit sequence numbers only, so
no support for ESN. As the kernel bits are in place now, we'll implement
userland support for ESN soon, probably for 4.5.2. It is definitely on
my TODO list.


More information about the Users mailing list