+++ This bug was initially created as a clone of Bug #1081804 +++

Description of problem:

Since strongSwan 5.1.0, it provides a plugin called kernel-libipsec which provides an IPsec backend that works entirely in userland, using TUN devices and its own IPsec implementation libipsec to emulate the IPSec.

Fedora has compiled kernel interface kernel-netlink, it installs IPsec SAs in the operating system's IPsec stack. libipsec plugin provides an alternative for OS implementation does not support a required algorithm.

Enable this plugin doesn't mean to drop the netlink interface, on the contrary, the kernel backend is still required, therefore kernel-netlink is needed as well, and that's not a problem.

This option is really useful for OpenVZ based virtualization.

Version-Release number of selected component (if applicable):
strongswan-5.1.2-4.fc21

Additional info:

Pass "--enable-kernel-libipsec" option to %configure will enable support of libipsec, I've created a patch of the RPM spec, you can apply it from the attachment.

Please enable this option on EPEL also.

Thanks.