[strongSwan] What is the difference between libipsec and kernel_libipsec?
Tobias Brunner
tobias at strongswan.org
Thu Jul 9 10:34:25 CEST 2015
Hi Dan,
> After doing some research it looks like I need to use the libipsec plugin.
> Is that correct?
Not necessarily (it's usually preferable to use the kernel's IPsec
stack). Perhaps you just need to load some missing kernel module (see
[1]) or change your ESP proposal because the kernel perhaps does not
support one of the negotiated algorithms.
> I see two configuration options: --enable-kernel-libipsec and the
> --enable-libipsec.
>
> What's the difference and are they configured differently?
libipsec is the actual userland IPsec implementation, the
kernel-libipsec plugin is the middleware between IKE daemon and
libipsec. Enabling kernel-libipsec automatically enables libipsec.
Regards,
Tobias
[1] https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
More information about the Users
mailing list