[strongSwan] can't pass traffic with ip-compression enabled

Tobias Brunner tobias at strongswan.org
Tue Feb 12 09:22:05 CET 2013


Hi Jordan,

> But when I set "compress = yes", ipsec SA get
> established but I can't pass traffic through the tunnel. I think I have
> enabled the required kernel modules.

That's unlikely as the following error in your log clearly indicates you
are missing a required kernel module:

> 2013-02-12 13:30:27.221 [ngfw] [CHARON-INFO:] "10[KNL] received netlink
> error: Protocol not supported (93)"

It might be the actual compression algorithm (CONFIG_CRYPTO_DEFLATE) or
the IPComp transform (CONFIG_INET_IPCOMP).  Please note that modules for
(cryptographic) algorithms are intentionally not included on the list of
required modules [1].

Regards,
Tobias

[1] http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules





More information about the Users mailing list