[strongSwan] Socket-win installing virtual IP failed (Strongswan 5.3.5 mingw Windows 10 64bit)
Noel Kuntze
noel at familie-kuntze.de
Tue Dec 29 00:16:10 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Emeric,
> On the windows box I'm using socket-win, with the internal windows ikeext disabled. > Charon-svc is running in an admin cmd and I'm using a non-priv cmd to call swanctl. > I've read that kernel-iph can't install virtual ips, but I thought socket-win a completely separate userspace implementation. > > My question is: > - Am I missing a point and utterly misread/interpreted the online wiki?
strongSwan on Windows currently can not install virtual IPs. Even if it could, the virtual IP would be quite useless, because
the Windows IPsec component does not seem to be able to work with IPs that are installed on the loopback adapter.
The description of the charon plugins gives all the infos. I wrote this from memory, so things could be off. Check
the plugin pages. I already looked at this when the port was released and came to the conclusion that to build a working
roadwarrior version of strongSwan on Windows, you'd need to either get Microsoft to fix that bug
or implement your own IPsec backend in userspace (or kernelspace?) that handles that correctly.
- --
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWgcK3AAoJEDg5KY9j7GZY+IIP/1qS0bBfVlyUdDW/VlsBSZn7
F86qdw0tC/vfqBYhbK/evCOe2FjPAECR1WfwRtSgpTnhtqNEijM2IElHH6mscqfh
m8omlbK42mJI8mV0U/BafNXmLBBpx48+Z0Aak7ZbU663dgv6afMN9gruC7B/w4i2
gSKXXWQS4DzjEdFJCnPasq9NL0R7ZnZWb65PmEhQukn280jtxHY1BYJyQuSAgGLF
EhLOQ9ADW7u5k+7EHTnRAOb3Oph1Lby3i53WSre0vqruVWbmsAGRFjx6DkHuSGfS
vu4+Gi+4vHksdPyjm51dbeSjtd7sWl8r9yH5Y09j7MThc5Wk1oIB9Gu0e/BR78WF
Nk2FW9Nh8X4uVb5H2yVHleK3FYR9meAf/K9B0n8je1lxC+9wyYNuWDs8jz3RHaxc
kzZLNrO+xJXbJ962qVkpEMlMZ3sBxVqOi+t21h79rogduylAykZqxV7D4V4GlAxL
KOk3y/2hKxLNKeyic7AYXrlwlJFdEw+3oQRPiYoxf55/Zhs/KXKn9II7Lnk4lTaz
5IYS6IBzgX4QOHGRhwIWHGHlHbU7G56pkS2nO2Eeq+A2jS/0+AY5ign5XmF2Rpbl
FTnf+OByp+eREN0MeDNcUuJxbvgvR/bcojC3Ce5/WA5E5GLkLWeaHw4qwNLegQql
lpYGU7FllS14pnaZVURR
=lv6I
-----END PGP SIGNATURE-----
More information about the Users
mailing list