<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hello,<div><br></div><div>I'm seeing a strange error in StrongSwan U5.8.2/K5.4.0-39-generic (Ubuntu 20.04).</div><div>I don't get this error with StrongSwan U5.7.2/K5.3.0-53-generic (Ubuntu 19.10).</div><div><br></div><div><font size="3" face="monospace" color="#ff0000"><span style="caret-color: rgb(0, 0, 0);">received netlink error: Invalid argument (22)</span></font><br></div><div><br></div><div><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 charon: 05[IKE] authentication of '<a href="http://de-fsn-6.VPN.net">de-fsn-6.VPN.net</a>' (myself) with RSA signature successful</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 charon: 05[IKE] sending end entity cert "CN=<a href="http://de-fsn-6.VPN.net">de-fsn-6.VPN.net</a>"</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 charon: 05[IKE] sending issuer cert "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 charon: 05[ENC] generating IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 charon: 05[ENC] splitting IKE message (2928 bytes) into 3 fragments</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 charon: 05[ENC] generating IKE_AUTH response 1 [ EF(1/3) ]</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 charon: 05[ENC] generating IKE_AUTH response 1 [ EF(2/3) ]</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 charon: 05[ENC] generating IKE_AUTH response 1 [ EF(3/3) ]</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 charon: 05[NET] sending packet: from 144.76.113.xxx[4500] to 31.215.103.xxx[4500] (1236 bytes)</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 charon: 05[NET] sending packet: from 144.76.113.xxx[4500] to 31.215.103.xxx[4500] (1236 bytes)</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 charon: 05[NET] sending packet: from 144.76.113.xxx[4500] to 31.215.103.xxx[4500] (612 bytes)</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 01[NET] received packet: from 39.33.54.xxx[4500] to 144.76.113.xxx[4500] (144 bytes)</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 01[ENC] parsed INFORMATIONAL request 409 [ N(UPD_SA_ADDR) N(NATD_S_IP) N(NATD_D_IP) ]</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 01[ENC] generating INFORMATIONAL response 409 [ N(NATD_S_IP) N(NATD_D_IP) ]</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 01[NET] sending packet: from 144.76.113.xxx[4500] to 39.33.54.xxx[4500] (128 bytes)</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 08[NET] received packet: from xxxx:8f8:112d:ed31:2474:a82d:88cc:544[4500] to xxxx:4f7:192:732c::2[4500] (144 bytes)</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 08[ENC] parsed INFORMATIONAL request 12 [ N(UPD_SA_ADDR) N(NATD_S_IP) N(NATD_D_IP) ]</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 08[IKE] remote host is not behind NAT anymore</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 08[IKE] faking NAT situation to enforce UDP encapsulation</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 08[KNL] <font color="#ff0000">received netlink error: Invalid argument (22)</font></font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 08[KNL] unable to update SAD entry with SPI c8a1394b</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 08[KNL] <font color="#ff0000">received netlink error: Invalid argument (22)</font></font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 08[KNL] unable to update SAD entry with SPI 0b956c9a</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 08[ENC] generating INFORMATIONAL response 12 [ N(NATD_S_IP) N(NATD_D_IP) ]</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 08[NET] sending packet: from xxxx:4f7:192:732c::2[4500] to xxxx:8f8:112d:ed31:2474:a82d:88cc:544[4500] (128 bytes)</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 13[KNL] creating acquire job for policy xxx.111.251.62/32[tcp/https] === <a href="http://10.10.34.25/32[tcp/51510]">10.10.34.25/32[tcp/51510]</a> with reqid {31606}</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 13[CFG] trap not found, unable to acquire reqid 31606</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 09[NET] received packet: from xxxx:8f8:112d:ed31:2474:a82d:88cc:544[4500] to xxxx:4f7:192:732c::2[4500] (144 bytes)</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 09[ENC] parsed INFORMATIONAL request 12 [ N(UPD_SA_ADDR) N(NATD_S_IP) N(NATD_D_IP) ]</font></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal"><font face="monospace">Jul  4 04:54:22 de-fsn-6 ipsec[706]: 09[IKE] received retransmit of request with ID 12, retransmitting response</font></p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><br></p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><br></p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><b>/etc/ipsec.conf</b><br></p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><br></p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">config setup</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  strictcrlpolicy=yes</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  uniqueids=never</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">conn Falkenstein-6</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  auto=add</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  compress=no</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  type=tunnel</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  keyexchange=ikev2</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  fragmentation=yes</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  forceencaps=yes</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  ike=aes256gcm16-aes192gcm16-aes128gcm16-prfsha256-ecp521-ecp256-modp4096-modp2048, aes256-sha256-ecp521-ecp256-modp4096-modp2048!</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  esp=aes256gcm16-aes192gcm16-aes128gcm16-ecp521-ecp256-modp4096-modp2048, aes256-sha256-sha1-ecp521-ecp256-modp4096-modp2048, aes256-sha256-sha1!</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  dpdaction=clear</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  dpddelay=180s</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  dpdtimeout=3600s</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  rekey=no</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  left=%any</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  leftid=@<a href="http://de-fsn-6.VPN.net">de-fsn-6.VPN.net</a></p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  leftcert=cert.pem</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  leftsendcert=always</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a>, ::/0</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  right=%any</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  rightid=%any</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  rightauth=eap-radius</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  eap_identity=%any</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  rightdns=8.8.8.8,8.8.4.4</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  rightsourceip=<a href="http://10.10.10.0/17,fdd2:54c4:4c90:1::300/113">10.10.10.0/17,fdd2:54c4:4c90:1::300/113</a></p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">  leftfirewall=no</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><br></p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><br></p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Any idea what this could be?</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><br></p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Many Thanks,</p><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Houman</p></div></div></div></div></div></div></div></div></div>