[strongSwan] 5.0.1rc1 and FreeBSD

Tobias Brunner tobias at strongswan.org
Fri Sep 28 08:40:36 CEST 2012

Hi Zhiheng,

> I am also seeing this UDP_ENCAP error in 5.0.1rc1 on my Red Hat  Enterprise Linux 5.6 machine.
> I did not see it in the 5.0.0 release, so looks like this error is new
in 5.0.1 and is happening not only on the FreeBSD:
> Sep 27 11:44:53 sit-iwf charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.0.1rc1, Linux 2.6.18-238.el5, x86_64) 
> Sep 27 11:44:53 sit-iwf charon: 00[KNL] unable to set UDP_ENCAP: Protocol not available 
> Sep 27 11:44:53 sit-iwf charon: 00[NET] enabling UDP decapsulation failed

Yes, absolutely.  Older Linux kernel did not support UDP en-/decap for
IPv6 either, so you will see that error there too.  But as mentioned
already it is not really a problem if you don't need that feature for
IPv6 (which older strongSwan releases did not support anyway, they just
didn't produce an error).  It's simply that 5.0.1 will now try to enable
it for both address families and that will fail if not supported by the
kernel, but with the mentioned patch you should get a nicer error
message that lists the address family and the port, which should help
you decide if you can ignore it or not.


More information about the Users mailing list