[strongSwan] SS5.1.0 and libipsec, configuration and usage questions

Kimmo K koippa at gmail.com
Tue Jan 7 17:49:05 CET 2014

Hello Martin and others

I have not tried libipsec after september but I'm still interested at
the feature. What kind of plans you have for the libipsec, what kinds
of features there will be in the future?

Would it be possible (in theory) to use two backends at the same, by
defining it connection based?

I'm just thinking about using libipsec instead of netlink for net2net
connections. I have strongswan in firewall machine and I manage
firewall rules and routes with fwbuilder. If networks change, I need
to reconfigure strongswan and reload the connection and configure new
networks to the firewall too.
It would be nice if I could just add networks and routes to firewall
and that would affect to the net2net tunnels too.

Thanks for the best open source IPsec.


2013/9/25 Martin Willi <martin at strongswan.org>:
> Hi Kimmo,
>> Can I use libipsec based configuration and netkey based configuration
>> at the same time?
> No. The kernel-libipsec backend is one of several IPsec backends that
> can be used, but only ever one is active at the same time. Currently all
> connections use the same backend.
>> how one should define that libipsec is used in conn X instead of
>> netkey?
> The active IPsec backend is the one that gets loaded first, any
> additional backend has no effect.
> Regards
> Martin

More information about the Users mailing list