[strongSwan] Socket-win installing virtual IP failed (Strongswan 5.3.5 mingw Windows 10 64bit)
curiousemeric at rotacioskapa.com
Tue Dec 29 08:35:18 CET 2015
Thanks for the response!
- Socket-win: module that binds on the socket
- Kernel-wfp: firewall module that installs rules
- Kernel-iph: ip related operations module
The windows implementation is my main gripe. The crypto choices are
abysmal for ikev2.
aes256-sha1-modp1024 even in windows 10! Otherwise the rekey fails.
Windows networking is a nightmare.
The MS ipsec implementation somehow brings up virtual ip-s as PPP links.
What kind of blackmagic it uses to do that is well beyond my imagination.
Maybe it only serves a loopback purpose, who knows?
2015. 12. 29. 0:16 keltezéssel, Noel Kuntze írta:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> Hello Emeric,
>> On the windows box I'm using socket-win, with the internal windows ikeext disabled. > Charon-svc is running in an admin cmd and I'm using a non-priv cmd to call swanctl. > I've read that kernel-iph can't install virtual ips, but I thought socket-win a completely separate userspace implementation. > > My question is: > - Am I missing a point and utterly misread/interpreted the online wiki?
> strongSwan on Windows currently can not install virtual IPs. Even if it could, the virtual IP would be quite useless, because
> the Windows IPsec component does not seem to be able to work with IPs that are installed on the loopback adapter.
> The description of the charon plugins gives all the infos. I wrote this from memory, so things could be off. Check
> the plugin pages. I already looked at this when the port was released and came to the conclusion that to build a working
> roadwarrior version of strongSwan on Windows, you'd need to either get Microsoft to fix that bug
> or implement your own IPsec backend in userspace (or kernelspace?) that handles that correctly.
> - --
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> -----END PGP SIGNATURE-----
More information about the Users