The gmssl plugin for StrongSwan allows the use of GmSSL cryptographic library instead of OpenSSL. This plugin is useful for users who prefer to use GmSSL for their VPN connections due to its high level of security and compliance with Chinese national standards.
To use the gmssl plugin with StrongSwan, you need to first compile the plugin into your StrongSwan installation. This can be done by adding the “–enable-gmssl” flag during the configuration process before compilation.
Once the gmssl plugin is compiled and installed, you can configure your StrongSwan IPsec connection to use it by specifying “gm” as the value for the “crypto_library” option in your ipsec.conf file.
For example:
conn myvpn
...
crypto_library = gm
...
After configuring the gmssl plugin, your StrongSwan VPN connections will use GmSSL for cryptographic operations instead of OpenSSL.