[strongSwan] Routing between two remote sites

VTwin Farriers vtwin at cox.net
Thu Jan 27 14:36:49 CET 2022


Thanks for the reply

> Please provide me with the full debug information as shown on the HelpRequests
> [1] page on the wiki.

I can do this later today when I can go back and spend more time on this, at the moment I have to take care of other priorities.


> Additionally, what distribution is that on either side, what virtualization,
> and what kernel?

I am using Centos 8.5 with the strongswan binaries provided on the "EPEL" repository. I do not know who built or supplied them or what options they were built with. My kernel version is 5.16.2-1.el8.elrepo.x86_64


> I suspect there are more problems lurking around the corner than just that.
> This particular problem only occurs if you are trying to use kernel-libipsec,
> or XFRM is not working or doesn't have any of the requiored features compiled
> in.
[...]
> That particular error message implies it's kernel-libipsec, which you are not
> supposed to use on sites at all, but only on clients without a working or usable
> XFRM implementation (e.g. Android).
[...]
> This particular error message implies it's a problem with the IPsec backend
> used.

Based on your comments here, last evening I downloaded the source code from the strongswan site and attempted to build it myself using the default configuration generated by the ./configure script. The binaries seemed to build successfully and when I used my configuration files I did get connection "successful" messages, but I could not ping any systems on the Central network from East (or vice versa) so obviously something was still not working in my own build. Building my own binaries is a bit out of my depth as simply looking at all the ./configure feature options, I wouldn't know which ones to turn on and off to get where I need to be.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220127/8decc789/attachment.html>


More information about the Users mailing list