[strongSwan] StrongSwan w/ multiple local subnets.
tomkcpr at mdevsys.com
Mon Jun 29 18:23:38 CEST 2020
On 6/29/2020 10:00 AM, TomK wrote:
> On 6/29/2020 3:31 AM, Tobias Brunner wrote:
>> Hi Tom,
>>> Is the xfrm_user.ko module used for both traffic going out and coming
>>> back in via StrongSwan / IPSEC ?
>> It's not used for handling traffic at all. It provides the interface to
>> configure the IPsec stack (SAs and policies) from userland. It does
>> rely on general Netlink infrastructure, but no idea what symbol could be
>> missing. Maybe the kernel version doesn't match exactly?
> That's a bit odd then. Traffic arriving at the on-prem VPN GW from the
> Azure VPN Gateway, makes it through just fine. This appears to confirm
> routing and general connectivity works.
> It's the traffic going from the on-prem VPN GW to the Azure GW where the
> issue is.
What I meant to say, is that would confirm all proper kernel modules
were already in place to allow the communication would it not? Anything
else I could try to, in the least, confirm if the packet was
successfully forwarded to the Azure VPN Gateway end?
I know the packet arrives at the IPSec ipsec0 interface however,
checking just now, I don't see any traffic change on the WAN interface
of the on-prem StrongSwan VPN GW.
Will be reading why that is the case to get some more details but this
certainly points to on-prem for the moment.
> Looking at xfrm_user.ko, I notice the dependencies it has are:
> Or basically:
> Neither of these are listed in the dependency list however realized
> these were missing while inserting the other .ko modules. Trying to get
> a copy of them so I can try this out and see if it makes a difference.
> Maybe add these to the dependency list on the wiki?
More information about the Users