Project

General

Profile

socket-win Plugin

Purpose

The socket-win plugin is a replacement for socket-default on the Windows platform. It provides an IPv4/IPv6 IKE socket backend based on the Winsock2 API.

The plugin is disabled by default. For Windows builds it can be enabled by adding

--enable-socket-win --disable-socket-default
to the ./configure options.

The plugin is available since 5.2.0.

Behavior

The plugin opens two IPv4/IPv6 dual protocol sockets for both IKE ports 500 and 4500. Custom ports can be specified using the charon-svc.port and charon-svc.port_nat_t strongswan.conf options. charon-svc.max_packet configures the maximum IKE packet size.

Port conflicts with IKEEXT service

When using the default ports, the plugin conflicts with the Windows IKE and AuthIP IPsec Keying Module service IKEEXT. The service has to be stopped and disabled to properly receive IKE packets in strongSwan.