[strongSwan] StrongSwan w/ multiple local subnets.
tomkcpr at mdevsys.com
Mon Jun 29 16:00:54 CEST 2020
On 6/29/2020 3:31 AM, Tobias Brunner wrote:
> Hi Tom,
>> Is the xfrm_user.ko module used for both traffic going out and coming
>> back in via StrongSwan / IPSEC ?
> It's not used for handling traffic at all. It provides the interface to
> configure the IPsec stack (SAs and policies) from userland. It does
> rely on general Netlink infrastructure, but no idea what symbol could be
> missing. Maybe the kernel version doesn't match exactly?
That's a bit odd then. Traffic arriving at the on-prem VPN GW from the
Azure VPN Gateway, makes it through just fine. This appears to confirm
routing and general connectivity works.
It's the traffic going from the on-prem VPN GW to the Azure GW where the
Looking at xfrm_user.ko, I notice the dependencies it has are:
Neither of these are listed in the dependency list however realized
these were missing while inserting the other .ko modules. Trying to get
a copy of them so I can try this out and see if it makes a difference.
Maybe add these to the dependency list on the wiki?
More information about the Users