[strongSwan] StrongSwan w/ multiple local subnets.

TomK tomkcpr at mdevsys.com
Mon Jun 29 16:00:54 CEST 2020

On 6/29/2020 3:31 AM, Tobias Brunner wrote:
> Hi Tom,
>> Is the xfrm_user.ko module used for both traffic going out and coming
>> back in via StrongSwan / IPSEC ?
> It's not used for handling traffic at all.  It provides the interface to
> configure the IPsec stack (SAs and policies) from userland.  It does
> rely on general Netlink infrastructure, but no idea what symbol could be
> missing.  Maybe the kernel version doesn't match exactly?
> Regards,
> Tobias

That's a bit odd then.  Traffic arriving at the on-prem VPN GW from the 
Azure VPN Gateway, makes it through just fine.  This appears to confirm 
routing and general connectivity works.

It's the traffic going from the on-prem VPN GW to the Azure GW where the 
issue is.

Looking at xfrm_user.ko, I notice the dependencies it has are:


Or basically:


Neither of these are listed in the dependency list however realized 
these were missing while inserting the other .ko modules.  Trying to get 
a copy of them so I can try this out and see if it makes a difference. 
Maybe add these to the dependency list on the wiki?


More information about the Users mailing list