Hi Jordan, > 00[KNL] XFRM_PPLICY_OUT sol = 0, ipsec_policy = 17, policy.sel.dport 0 > 00[NET] installing IKE bypass policy failed > > Ok, so you're doing a setsockopt SO_PEERCRED call.
No. This setsockopt() works on the SOL_IP level, where 17 stands for IP_XFRM_POLICY. The call installs a bypass IPsec policy for the IKE socket, forcing all IKE communication to stay outside of any established IPsec tunnel. > Do you have any other hints for me what this could be happening? As already said, most likely is that your kernel (configuration) misses support for XFRM. If that doesn't help, you might have to dig into the kernel source and find out where and why Linux returns "not supported" for this setsockopt operation. Regards Martin _______________________________________________ Dev mailing list Dev@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/dev
