[strongSwan] How to bypass the strongSwan's IPsec Linux kernel interface

Martin Willi martin at strongswan.org
Mon Sep 9 10:09:01 CEST 2013


> I do have my own IPsec implementation (which will maintain the SAD &
> SPD,ESP encryption and decryption, authentication) 

> Do I just need to comment out all the hydra->kernel_interface function
> calls and replace with ours?

No. The libhydra is a generic library, and provides a generic interfaces
to kernel/IPsec backends. You don't have to replace any of these calls.

Instead, you should implement in your own plugin the kernel_ipsec_t [1],
and if required, the kernel_net_t [2] interface. The first implements an
IPsec backend, the second generic networking functions. Have a look at
one of the available kernel backends to see how this works.



More information about the Users mailing list