Confirming Status of IP Modules with StrongSwan
Linode
Linode Staff
I have installed StrongSwan on my VM. I have the following observations:
When I run the command "ip x s" for displaying the security associations - I do not see any output
When I run the command "ip x p" for displaying the polices - I do not see the default policies. It only lists the policies I have created.
Why is this? Are the IP modules not enabled or are they built-into the kernel?
We would need them to debug the ipsec connections.
2 Replies
It seems like while StrongSwan has been installed, it has not yet been configured.
The StrongSwan wiki has a ton of great documentation that may be able to help when getting started with the configuration process:
https://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation
If you find that the Linode Kernel doesn't meet the Kernel Module requirements for StrongSwan, you can try running your distribution's supplied kernel instead.
There is a guide on the Linode Docs site for doing this: https://linode.com/docs/tools-reference/custom-kernels-distros/run-a-distribution-supplied-kernel/
In troubleshooting this, I found that while using the default Linode Kernel, I needed to disable the kernel-libipsec plugin.
This was turned on at some point during the configuration process and seems to have been causing issues.
I found more information on this plugin on StrongSwan's awesome wiki page:
https://wiki.strongswan.org/projects/strongswan/wiki/Kernel-libipsec