Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
IPSEC with Strongswan and Kernel 6.1.111
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
mvaterlaus
Apprentice
Apprentice


Joined: 01 Oct 2010
Posts: 237
Location: Switzerland

PostPosted: Tue Oct 08, 2024 8:52 am    Post subject: IPSEC with Strongswan and Kernel 6.1.111 Reply with quote

Hi everyone,
i'm strugling to get IPSEC with Strongswan to work. The Problem is, that i can not find the needed IPSEC configs in the Kernel. The error message from Strongswan is the following:

Code:

charon[27395]: 00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: CUSTOM:kernel-ipsec



I have enabled the following modules / configs in my kernel:

Code:

[*] TCP/IP networking                                       
  [ ]   IP: multicasting                                         
  [*]   IP: advanced router                                 
  [ ]     FIB TRIE statistics                                   
  [ ]     IP: policy routing                                     
  [ ]     IP: equal cost multipath                         
  [ ]     IP: verbose route monitoring                 
  [ ]   IP: kernel level autoconfiguration             
  <M>   IP: tunneling                                         
  <M>   IP: GRE demultiplexer                           
  <M>   IP: GRE tunnels over IP                         
  [ ]   IP: TCP syncookie support                         
  < >   Virtual (secure) IP: tunneling                 
  < >   IP: Foo (IP protocols) over UDP               
  [ ]   IP: FOU encapsulation of IP tunnels           
  <M>   IP: AH transformation                           
  <M>   IP: ESP transformation                           
  < >     IP: ESP transformation offload               
  [*]     IP: ESP in TCP encapsulation (RFC 8229)
  <*>   IP: IPComp transformation


But i can not find the following kernel configs, which i think are needed to enable IPSEC properly:

Code:

<M>   IP: IPsec transport mode   
<M>   IP: IPsec tunnel mode 
<M>   IP: IPsec BEET mode


Can someone tell me, if these are not needed any more? Or do i miss another config in my kernel to enable these three options?
Back to top
View user's profile Send private message
druggo
Guru
Guru


Joined: 24 Sep 2003
Posts: 319
Location: Hangzhou, China

PostPosted: Tue Oct 08, 2024 12:16 pm    Post subject: Re: IPSEC with Strongswan and Kernel 6.1.111 Reply with quote

mvaterlaus wrote:

that i can not find the needed IPSEC configs in the Kernel.

all you need is list in the doc:
https://docs.strongswan.org/docs/5.9/install/kernelModules.html

mvaterlaus wrote:

But i can not find the following kernel configs, which i think are needed to enable IPSEC properly:

Code:

<M>   IP: IPsec transport mode   
<M>   IP: IPsec tunnel mode 
<M>   IP: IPsec BEET mode


they are built-in for newer kernels according to the doc.
_________________
AMD FX-8300 / Loongson-2f (lemote-yeeloong)
Back to top
View user's profile Send private message
mvaterlaus
Apprentice
Apprentice


Joined: 01 Oct 2010
Posts: 237
Location: Switzerland

PostPosted: Tue Oct 08, 2024 1:31 pm    Post subject: Reply with quote

Thank you druggo,
i had missed some other module, namely CONFIG_XFRM_USER. After enabling it, the IPSEC daemon startet.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum