[strongSwan] StrongSwan 5.8.2 - received netlink error: Invalid argument (22)

Tobias Brunner tobias at strongswan.org
Tue Jul 7 14:36:01 CEST 2020

Hi Houman,

> I still get the same errors. Although the "faking NAT situation to
> enforce UDP encapsulation" is not showing anymore. Is this now something
> else?

Yes, as the log tells you, it looks like your server is behind a NAT:

> JulĀ  7 00:28:59 de-fsn-6 charon: 11[IKE] local host is behind NAT,
> sending keep alives

Is there actually an IPv6 NAT?  Or should 2a01:4f8:192:xxxx::2 be the
same address the clients see too?  If so, the NAT-D payload may have
been invalid (e.g. because the client faked a NAT situation - note,
though, that strongSwan only modifies the source IP hash to that effect).

> It is very strange that the same configuration works with StringSwan
> 5.7.2 but 5.8.2 throws these errors. Something must have changed that
> I'm missing, I think.

I don't think that any change caused this.  Did you have IPv6
connectivity with 5.7.2 too?


More information about the Users mailing list