Comment 18 for bug 1535951

looks good so far :-)

i think the kernel-libipsec plugin should not be loaded by default

the plugin works only with UDP encapsulated packets

(look here: https://wiki.strongswan.org/projects/strongswan/wiki/Kernel-libipsec)

and this will break most of the "normal"/LAN setups

i would build and include the plugin but disable the loading with

/etc/strongswan.d/charon/kernel-libipsec.conf
> load = no