[Swan] FAILURE in loading XFRM IPsec stack on 3.28

Computerisms Corporation bob at computerisms.ca
Tue May 28 03:39:46 UTC 2019

Hi Paul,

Thanks for responding, much appreciated.
> It is part of the kernel, and is created by enabling 

Acknowledged and understood.

> Does your system have /proc/sys/net/core/xfrm_acq_expires ?  Maybe we
> need to switch to that to test whether XFRM support is available.

Apparently so:

ls -al /proc/sys/net/core/xfrm_acq_expires
-rw-r--r-- 1 root root 0 May 27 17:24 /proc/sys/net/core/xfrm_acq_expires

>> So, did I find a real problem, or am I just in need of someone to 
>> point out a glaringly obvious error on my part?
> It's not you, it's us :)

Phew, not that I am happy to pass my troubles to others or anything ;)

> Although, /proc/net/xfrm_stat is your _only_ way of getting any
> debugging of the kernel level IPsec related events, so you really
> do want it enabled in your custom kernels too :)

Okay, so custom kernels are within my skill set, but I don't really want 
to be creating a new custom kernel for every firewall I have under my 
thumb.  Pretty sure one of the happiest days in my computing career was 
finding linux-image in the apt repos.  Is there an immediate workaround 
short of installing an older version?  can I change the _stackmanager.in 
file to look for this /proc/sys/net/core/xfrm_acq_expires file instead? 
or will that just move me to the next problem?

> Paul

More information about the Swan mailing list