[strongSwan] What is the difference between libipsec and kernel_libipsec?
tobias at strongswan.org
Thu Jul 9 10:34:25 CEST 2015
> After doing some research it looks like I need to use the libipsec plugin.
> Is that correct?
Not necessarily (it's usually preferable to use the kernel's IPsec
stack). Perhaps you just need to load some missing kernel module (see
) or change your ESP proposal because the kernel perhaps does not
support one of the negotiated algorithms.
> I see two configuration options: --enable-kernel-libipsec and the
> What's the difference and are they configured differently?
libipsec is the actual userland IPsec implementation, the
kernel-libipsec plugin is the middleware between IKE daemon and
libipsec. Enabling kernel-libipsec automatically enables libipsec.
More information about the Users