[strongSwan] StrongSwan w/ multiple local subnets.
TomK
tomkcpr at mdevsys.com
Mon Jun 29 16:00:54 CEST 2020
On 6/29/2020 3:31 AM, Tobias Brunner wrote:
> Hi Tom,
>
>> Is the xfrm_user.ko module used for both traffic going out and coming
>> back in via StrongSwan / IPSEC ?
>
> It's not used for handling traffic at all. It provides the interface to
> configure the IPsec stack (SAs and policies) from userland. It does
> rely on general Netlink infrastructure, but no idea what symbol could be
> missing. Maybe the kernel version doesn't match exactly?
>
> Regards,
> Tobias
>
That's a bit odd then. Traffic arriving at the on-prem VPN GW from the
Azure VPN Gateway, makes it through just fine. This appears to confirm
routing and general connectivity works.
It's the traffic going from the on-prem VPN GW to the Azure GW where the
issue is.
Looking at xfrm_user.ko, I notice the dependencies it has are:
./net/ipv4/xfrm4_policy.c
./net/ipv4/xfrm4_state.c
Or basically:
xfrm4_policy.ko
xfrm4_state.ko
Neither of these are listed in the dependency list however realized
these were missing while inserting the other .ko modules. Trying to get
a copy of them so I can try this out and see if it makes a difference.
Maybe add these to the dependency list on the wiki?
--
Thx,
TK.
More information about the Users
mailing list