Martin,
Thank you for the tips. It helped me focus on the key issue - XFRM- and
resolved it.
Thanks!
Jordan.
On Thu, Aug 23, 2012 at 11:52 PM, Martin Willi wrote:
> Hi Jordan,
>
> > 00[KNL] XFRM_PPLICY_OUT sol = 0, ipsec_policy = 17, policy.sel.dport 0
> > 00[NET] installing IKE bypass policy f
Hi Jordan,
> 00[KNL] XFRM_PPLICY_OUT sol = 0, ipsec_policy = 17, policy.sel.dport 0
> 00[NET] installing IKE bypass policy failed
>
> Ok, so you're doing a setsockopt SO_PEERCRED call.
No. This setsockopt() works on the SOL_IP level, where 17 stands for
IP_XFRM_POLICY.
The call installs a byp
Hi Martin,
Thanks for your reply.
I've enabled all the kernel options set as described here:
http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
Despite this the setsockopt doesn't work.
I added some more debugging output at the setsockopt function and this is
what i get:
00[KNL]
Thank you Martin for the quick response.
My environment worked fine with strongswan 4.6.3, and I am seeing the
issue when I tried to upgraded to strongswan 5.0.0. That is why I
felt the issue may be related to ESN which is added in later versions
and my kernel doesn't support it.
I may probably
Hi Jordan,
> 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported.
This error is triggered at [1] while installing IPsec bypass policy for
the IKE socket. I don't think it is related to ESN, but something else
is missing in your kernel configuration. Please check that you have al
