Hi Dan, > After doing some research it looks like I need to use the libipsec plugin. > Is that correct?
Not necessarily (it's usually preferable to use the kernel's IPsec stack). Perhaps you just need to load some missing kernel module (see [1]) or change your ESP proposal because the kernel perhaps does not support one of the negotiated algorithms. > I see two configuration options: --enable-kernel-libipsec and the > --enable-libipsec. > > What's the difference and are they configured differently? libipsec is the actual userland IPsec implementation, the kernel-libipsec plugin is the middleware between IKE daemon and libipsec. Enabling kernel-libipsec automatically enables libipsec. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users