search

hwdsl2 / docker-ipsec-vpn-server

Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
https://hub.docker.com/r/hwdsl2/ipsec-vpn-server
Other
6.35k stars 1.38k forks source link

cannot connect to IKEv2 VPN container: no public interfaces found #392

Closed Gooseman42 closed 1 year ago

Gooseman42 commented 1 year ago

fresh setup of docker container on a Raspberry Pi CM4 with latest kernel (Debian 11 Bullseye, 6.1.21-v8+, aarch64) clients (both Android 13 and Windows 11) can not connect, enabling and checking container log /var/log/auth.log:

2023-07-20T06:58:59.929383+00:00 b0e7814039ab pluto[426]: listening for IKE messages 2023-07-20T06:58:59.929621+00:00 b0e7814039ab pluto[426]: Kernel supports NIC esp-hw-offload 2023-07-20T06:58:59.930000+00:00 b0e7814039ab pluto[426]: ERROR: setsockopt IP_XFRM_POLICY XFRM_POLICY_IN in process_raw_ifaces(): Not supported (errno 95) 2023-07-20T06:58:59.930165+00:00 b0e7814039ab pluto[426]: ERROR: setsockopt IP_XFRM_POLICY XFRM_POLICY_IN in process_raw_ifaces(): Not supported (errno 95) 2023-07-20T06:58:59.930289+00:00 b0e7814039ab pluto[426]: no public interfaces found 2023-07-20T06:58:59.935721+00:00 b0e7814039ab pluto[426]: forgetting secrets 2023-07-20T06:58:59.936109+00:00 b0e7814039ab pluto[426]: loading secrets from "/etc/ipsec.secrets" b0e7

Gooseman42 commented 1 year ago

issue solved: "64-bit kernel with 32-bit userspace breaks quite a few netlink dependent kernel interfaces on ARM (x86 is fine). All IPsec based VPNs will no longer work due to a missing arm/aarch64 compat layer in the kernel. This is not fixable in the kernel without breaking userspace API/ABI compatibility"

https://github.com/raspberrypi/linux/issues/5402#issuecomment-1492682838

Gooseman42 commented 1 year ago

switching raspberry pi to 32 bit OS restored functionality