[strongSwan] can't pass traffic with ip-compression enabled
Tobias Brunner
tobias at strongswan.org
Tue Feb 12 09:22:05 CET 2013
Hi Jordan,
> But when I set "compress = yes", ipsec SA get
> established but I can't pass traffic through the tunnel. I think I have
> enabled the required kernel modules.
That's unlikely as the following error in your log clearly indicates you
are missing a required kernel module:
> 2013-02-12 13:30:27.221 [ngfw] [CHARON-INFO:] "10[KNL] received netlink
> error: Protocol not supported (93)"
It might be the actual compression algorithm (CONFIG_CRYPTO_DEFLATE) or
the IPComp transform (CONFIG_INET_IPCOMP). Please note that modules for
(cryptographic) algorithms are intentionally not included on the list of
required modules [1].
Regards,
Tobias
[1] http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
More information about the Users
mailing list