[strongSwan] How to use af-alg plugin

Roee Agami ragami at bluecedar.com
Wed Aug 8 14:58:28 CEST 2018


I wish to have IKE use the crypto services of the kernel rather than the default user space ones. It was brought to my attention that af-alg plugin allows such behavior.

Now I am trying to build strongSwan with that plugin. I know of this example config:

And was trying to follow it, loading the same plugins listed in Carol’s strongswan.conf (except that I was loading them using the configure script instead of strongswan.conf).

Here is the output of the configure script command:
[cid:image001.png at 01D42EF5.F8FD1DB0]

Then I make and make install it, and restart ipsec.
Looking at the logs, I see messages indicating the various plugins are loaded successfully, and the last message I see is that ‘af-alg’ plugin is loaded successfully. I don’t see any other messages after that.

Running ‘ipsec statusall’ doesn’t show any output at all.

So my conclusion is that strongSwan is not running the way I wanted it to.
Can you help me figure out what am I missing?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180808/bbd6b262/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 424830 bytes
Desc: image001.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180808/bbd6b262/attachment-0001.png>

More information about the Users mailing list