starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 01:55:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #392] cannot connect to IKEv2 VPN container: no public interfaces found #364

New issue
Closed
opened 2026-03-02 08:01:39 +03:00 by kerem · 2 comments
kerem commented 2026-03-02 08:01:39 +03:00
Owner
Copy link

Originally created by @Gooseman42 on GitHub (Jul 20, 2023).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/392

fresh setup of docker container on a Raspberry Pi CM4 with latest kernel (Debian 11 Bullseye, 6.1.21-v8+, aarch64)
clients (both Android 13 and Windows 11) can not connect, enabling and checking container log /var/log/auth.log:

2023-07-20T06:58:59.929383+00:00 b0e7814039ab pluto[426]: listening for IKE messages
2023-07-20T06:58:59.929621+00:00 b0e7814039ab pluto[426]: Kernel supports NIC esp-hw-offload
2023-07-20T06:58:59.930000+00:00 b0e7814039ab pluto[426]: ERROR: setsockopt IP_XFRM_POLICY XFRM_POLICY_IN in process_raw_ifaces(): Not supported (errno 95)
2023-07-20T06:58:59.930165+00:00 b0e7814039ab pluto[426]: ERROR: setsockopt IP_XFRM_POLICY XFRM_POLICY_IN in process_raw_ifaces(): Not supported (errno 95)
2023-07-20T06:58:59.930289+00:00 b0e7814039ab pluto[426]: no public interfaces found
2023-07-20T06:58:59.935721+00:00 b0e7814039ab pluto[426]: forgetting secrets
2023-07-20T06:58:59.936109+00:00 b0e7814039ab pluto[426]: loading secrets from "/etc/ipsec.secrets"
b0e7

Originally created by @Gooseman42 on GitHub (Jul 20, 2023). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/392 fresh setup of docker container on a Raspberry Pi CM4 with latest kernel (Debian 11 Bullseye, 6.1.21-v8+, aarch64) clients (both Android 13 and Windows 11) can not connect, enabling and checking container log /var/log/auth.log: 2023-07-20T06:58:59.929383+00:00 b0e7814039ab pluto[426]: listening for IKE messages 2023-07-20T06:58:59.929621+00:00 b0e7814039ab pluto[426]: Kernel supports NIC esp-hw-offload 2023-07-20T06:58:59.930000+00:00 b0e7814039ab pluto[426]: ERROR: setsockopt IP_XFRM_POLICY XFRM_POLICY_IN in process_raw_ifaces(): Not supported (errno 95) 2023-07-20T06:58:59.930165+00:00 b0e7814039ab pluto[426]: ERROR: setsockopt IP_XFRM_POLICY XFRM_POLICY_IN in process_raw_ifaces(): Not supported (errno 95) 2023-07-20T06:58:59.930289+00:00 b0e7814039ab pluto[426]: no public interfaces found 2023-07-20T06:58:59.935721+00:00 b0e7814039ab pluto[426]: forgetting secrets 2023-07-20T06:58:59.936109+00:00 b0e7814039ab pluto[426]: loading secrets from "/etc/ipsec.secrets" b0e7
kerem closed this issue 2026-03-02 08:01:39 +03:00
kerem commented 2026-03-02 08:01:40 +03:00
Author
Owner
Copy link

@Gooseman42 commented on GitHub (Jul 20, 2023):

issue solved:
"64-bit kernel with 32-bit userspace breaks quite a few netlink dependent kernel interfaces on ARM (x86 is fine). All IPsec based VPNs will no longer work due to a missing arm/aarch64 compat layer in the kernel. This is not fixable in the kernel without breaking userspace API/ABI compatibility"

https://github.com/raspberrypi/linux/issues/5402#issuecomment-1492682838

<!-- gh-comment-id:1643707269 --> @Gooseman42 commented on GitHub (Jul 20, 2023): issue solved: "64-bit kernel with 32-bit userspace breaks quite a few netlink dependent kernel interfaces on ARM (x86 is fine). All IPsec based VPNs will no longer work due to a missing arm/aarch64 compat layer in the kernel. This is not fixable in the kernel without breaking userspace API/ABI compatibility" [https://github.com/raspberrypi/linux/issues/5402#issuecomment-1492682838](https://github.com/raspberrypi/linux/issues/5402#issuecomment-1492682838)
kerem commented 2026-03-02 08:01:40 +03:00
Author
Owner
Copy link

@Gooseman42 commented on GitHub (Jul 20, 2023):

switching raspberry pi to 32 bit OS restored functionality

<!-- gh-comment-id:1643708258 --> @Gooseman42 commented on GitHub (Jul 20, 2023): switching raspberry pi to 32 bit OS restored functionality
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#364
No description provided.