[Swan] IKEv2 causing netlink errors
profner at richmondnursery.com
Fri Dec 6 22:43:34 UTC 2019
I have multiple servers running LibreSwan on Gentoo. I updated one
server from 3.27 to 3.29 and my ipsec connection suddenly fails with:
ERROR: netlink response for Add SA esp.286bb1e6 at x.x.x.x included errno
38: Function not implemented
I spent the day comparing all the kernel settings, cryptography
settings, and libreswan settings on the pair of servers, which
completely matched, all to no avail. Recompiled the kernel multiple
times, still to no avail. The only major difference between servers is
one is a relatively current Xeon server and the one with the error is an
old Atom system.
Adding ikev2=no to ipsec.conf restores the connection.
Despite the fact that the connection is restored, I'm curious why IKEv2
would cause that netlink error.
Richmond Nursery Inc.
More information about the Swan