[Swan] IKEv2 causing netlink errors

Peter Rofner profner at richmondnursery.com
Fri Dec 6 22:43:34 UTC 2019


I have multiple servers running LibreSwan on Gentoo. I updated one 
server from 3.27 to 3.29 and my ipsec connection suddenly fails with:

ERROR: netlink response for Add SA esp.286bb1e6 at x.x.x.x included errno 
38: Function not implemented

I spent the day comparing all the kernel settings, cryptography 
settings, and libreswan settings on the pair of servers, which 
completely matched, all to no avail. Recompiled the kernel multiple 
times, still to no avail. The only major difference between servers is 
one is a relatively current Xeon server and the one with the error is an 
old Atom system.

Adding ikev2=no to ipsec.conf restores the connection.

Despite the fact that the connection is restored, I'm curious why IKEv2 
would cause that netlink error.

Peter Rofner
Richmond Nursery Inc.

More information about the Swan mailing list