[strongSwan] How to use af-alg plugin

[Roee Agami]

Hi,

I wish to have IKE use the crypto services of the kernel rather than the default user space ones. It was brought to my attention that af-alg plugin allows such behavior.

Now I am trying to build strongSwan with that plugin. I know of this example config:
https://www.strongswan.org/testing/testresults/af-alg/rw-cert/

And was trying to follow it, loading the same plugins listed in Carol’s strongswan.conf (except that I was loading them using the configure script instead of strongswan.conf).

Here is the output of the configure script command:

strongSwan will be built with the following plugins
libstrongswan: test-vectors mgf1 random nonce x509 revocation constraints pubkey pkcs1 pem openssl af-alg gmp ctr ccm gcm curl
libcharon:         kernel-netlink socket-default stroke vici updown counters
libtnccs:
libtpmtss:

Then I make and make install it, and restart ipsec.
Looking at the logs, I see messages indicating the various plugins are loaded successfully, and the last message I see is that ‘af-alg’ plugin is loaded successfully. I don’t see any other messages after that.

Running ‘ipsec statusall’ doesn’t show any output at all.

So my conclusion is that strongSwan is not running the way I wanted it to.
Can you help me figure out what am I missing?

Thanks,
Roee.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180810/fc06802c/attachment.html>