| View previous topic :: View next topic |
| Author |
Message |
mvaterlaus
Apprentice
Joined: 01 Oct 2010
Posts: 237
Location: Switzerland
|
 Posted: Tue Oct 08, 2024 8:52 am Post subject: IPSEC with Strongswan and Kernel 6.1.111 |
 |
|
Hi everyone,
i'm strugling to get IPSEC with Strongswan to work. The Problem is, that i can not find the needed IPSEC configs in the Kernel. The error message from Strongswan is the following:
| Code: |
charon[27395]: 00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: CUSTOM:kernel-ipsec
|
I have enabled the following modules / configs in my kernel:
| Code: |
[*] TCP/IP networking
[ ] IP: multicasting
[*] IP: advanced router
[ ] FIB TRIE statistics
[ ] IP: policy routing
[ ] IP: equal cost multipath
[ ] IP: verbose route monitoring
[ ] IP: kernel level autoconfiguration
<M> IP: tunneling
<M> IP: GRE demultiplexer
<M> IP: GRE tunnels over IP
[ ] IP: TCP syncookie support
< > Virtual (secure) IP: tunneling
< > IP: Foo (IP protocols) over UDP
[ ] IP: FOU encapsulation of IP tunnels
<M> IP: AH transformation
<M> IP: ESP transformation
< > IP: ESP transformation offload
[*] IP: ESP in TCP encapsulation (RFC 8229)
<*> IP: IPComp transformation
|
But i can not find the following kernel configs, which i think are needed to enable IPSEC properly:
| Code: |
<M> IP: IPsec transport mode
<M> IP: IPsec tunnel mode
<M> IP: IPsec BEET mode
|
Can someone tell me, if these are not needed any more? Or do i miss another config in my kernel to enable these three options? |
|
| Back to top |
|
 |
druggo
Guru
Joined: 24 Sep 2003
Posts: 318
Location: Hangzhou, China
|
| Posted: Tue Oct 08, 2024 12:16 pm Post subject: Re: IPSEC with Strongswan and Kernel 6.1.111 |
|
|
| mvaterlaus wrote: |
that i can not find the needed IPSEC configs in the Kernel.
|
all you need is list in the doc:
https://docs.strongswan.org/docs/5.9/install/kernelModules.html
| mvaterlaus wrote: |
But i can not find the following kernel configs, which i think are needed to enable IPSEC properly:
| Code: |
<M> IP: IPsec transport mode
<M> IP: IPsec tunnel mode
<M> IP: IPsec BEET mode
|
|
they are built-in for newer kernels according to the doc.
_________________
HighWayToHell(blog)
https://blog.druggo.org/ |
|
| Back to top |
|
|
mvaterlaus
Apprentice
Joined: 01 Oct 2010
Posts: 237
Location: Switzerland
|
| Posted: Tue Oct 08, 2024 1:31 pm Post subject: |
|
|
Thank you druggo,
i had missed some other module, namely CONFIG_XFRM_USER. After enabling it, the IPSEC daemon startet. |
|
| Back to top |
|
|
|
Networking & Security
