Closed Gooseman42 closed 1 year ago
issue solved: "64-bit kernel with 32-bit userspace breaks quite a few netlink dependent kernel interfaces on ARM (x86 is fine). All IPsec based VPNs will no longer work due to a missing arm/aarch64 compat layer in the kernel. This is not fixable in the kernel without breaking userspace API/ABI compatibility"
https://github.com/raspberrypi/linux/issues/5402#issuecomment-1492682838
switching raspberry pi to 32 bit OS restored functionality
fresh setup of docker container on a Raspberry Pi CM4 with latest kernel (Debian 11 Bullseye, 6.1.21-v8+, aarch64) clients (both Android 13 and Windows 11) can not connect, enabling and checking container log /var/log/auth.log:
2023-07-20T06:58:59.929383+00:00 b0e7814039ab pluto[426]: listening for IKE messages 2023-07-20T06:58:59.929621+00:00 b0e7814039ab pluto[426]: Kernel supports NIC esp-hw-offload 2023-07-20T06:58:59.930000+00:00 b0e7814039ab pluto[426]: ERROR: setsockopt IP_XFRM_POLICY XFRM_POLICY_IN in process_raw_ifaces(): Not supported (errno 95) 2023-07-20T06:58:59.930165+00:00 b0e7814039ab pluto[426]: ERROR: setsockopt IP_XFRM_POLICY XFRM_POLICY_IN in process_raw_ifaces(): Not supported (errno 95) 2023-07-20T06:58:59.930289+00:00 b0e7814039ab pluto[426]: no public interfaces found 2023-07-20T06:58:59.935721+00:00 b0e7814039ab pluto[426]: forgetting secrets 2023-07-20T06:58:59.936109+00:00 b0e7814039ab pluto[426]: loading secrets from "/etc/ipsec.secrets" b0e7