looks good so far :-)
i think the kernel-libipsec plugin should not be loaded by default
the plugin works only with UDP encapsulated packets
(look here: https://wiki.strongswan.org/projects/strongswan/wiki/Kernel-libipsec)
and this will break most of the "normal"/LAN setups
i would build and include the plugin but disable the loading with
/etc/strongswan.d/charon/kernel-libipsec.conf > load = no
looks good so far :-)
i think the kernel-libipsec plugin should not be loaded by default
the plugin works only with UDP encapsulated packets
(look here: https:/ /wiki.strongswa n.org/projects/ strongswan/ wiki/Kernel- libipsec)
and this will break most of the "normal"/LAN setups
i would build and include the plugin but disable the loading with
/etc/strongswan .d/charon/ kernel- libipsec. conf
> load = no