Not able to start strongswan's ipsec

[darkraiden]

Hi guys,
I was trying to start an ipsec connection from my client using strongswan, as my company uses a Strongswan Bastion Server hosted on AWS.
After installing it

$ sudo apt-get install strongswan

When I try to start it, I get this error message:

$ sudo ipsec start
Starting strongSwan 5.1.2 IPsec [starter]...
no netkey IPsec stack detected
no KLIPS IPsec stack detected
no known IPsec stack detected, ignoring!

Any idea what that could be?

Thanks in advance!

[aseering]

Hey, thanks for reporting this! Unfortunately, IPSec is implemented partly using a kernel module (actually, several smaller kernel modules); WSL only provides a userspace environment, not a kernel-space environment, and I suspect that Microsoft hasn't yet provided implementations for all of the modules required by IPSec.

Windows's native IPSec support is usually pretty good, and WSL shares Windows's networking stack. Could you just connect from Windows? You might have to do some manual DNS configuration due to the issue tracked by #416 .

[darkraiden]

Hey @aseering,
thanks for your message! I wasn't aware of the models used by ipsec but your explanation definitely makes sense. Thanks a lot for that :)

RE. Windows's native IPSec, I actually tried it before but without any joy! Our server requires just a PSK and a username. It turned out that this kind of configuration doesn't work with Windows's IPSec client if you don't use a Certificate or, at least, this was an issue reported to a Strongswan email list found online.

I think I can live with it for now or will find at least a new solution. Thanks again