[GH-ISSUE #464] ERROR: no XFRM kernel support detected #434

Closed
opened 2026-03-02 08:18:54 +03:00 by kerem · 1 comment
Owner

Originally created by @mailguest on GitHub (Dec 16, 2024).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/464

任务列表

问题描述
我的服务器启动报错如下:
2024-12-16T13:15:01.087574+00:00 ipsec-vpn-server pluto[853]: starting up 3 helper threads
2024-12-16T13:15:01.087610+00:00 ipsec-vpn-server pluto[853]: started thread for helper 0
2024-12-16T13:15:01.087626+00:00 ipsec-vpn-server pluto[853]: helper(1): seccomp security for helper not supported
2024-12-16T13:15:01.087645+00:00 ipsec-vpn-server pluto[853]: started thread for helper 1
2024-12-16T13:15:01.087658+00:00 ipsec-vpn-server pluto[853]: helper(2): seccomp security for helper not supported
2024-12-16T13:15:01.087671+00:00 ipsec-vpn-server pluto[853]: started thread for helper 2
2024-12-16T13:15:01.087686+00:00 ipsec-vpn-server pluto[853]: helper(3): seccomp security for helper not supported
2024-12-16T13:15:01.087698+00:00 ipsec-vpn-server pluto[853]: using Linux xfrm kernel support code on #0 SMP Fri Sep 20 03:08:02 2024
2024-12-16T13:15:01.087732+00:00 ipsec-vpn-server pluto[853]: FATAL ERROR: no XFRM kernel support detected, missing /proc/sys/net/core/xfrm_acq_expires and /proc/net/xfrm_stat: No such file or directory (errno 2)
2024-12-16T13:15:01.087762+00:00 ipsec-vpn-server pluto[853]: WARNING: helper threads still running
2024-12-16T13:15:01.087782+00:00 ipsec-vpn-server pluto[853]: ERROR: netlink write() of XFRM_MSG_FLUSHPOLICY message for flush policy failed: Bad file descriptor (errno 9)
2024-12-16T13:15:01.087790+00:00 ipsec-vpn-server pluto[853]: ERROR: netlink write() of XFRM_MSG_FLUSHSA message for flush state failed: Bad file descriptor (errno 9)
2024-12-16T13:15:01.087965+00:00 ipsec-vpn-server pluto[853]: FATAL: ASSERTION FAILED: event_initialized(ev) (free_signal_handlers() +440 programs/pluto/server.c)

重现步骤
重现该 bug 的步骤:

  1. 使用了github上提供的docker-compose 部署的
  2. 部署在绿联的nas 4600 pro上

期待的正确结果
希望得到解决办法。

日志
启用日志,检查 VPN 状态,并且添加错误日志以帮助解释该问题(如果适用)。

docker exec -it ipsec-vpn-server ipsec status

ERROR: ipsec whack: Pluto is not running (no "/run/pluto/pluto.ctl"): No such file or directory (errno 2)

服务器信息

  • Docker 主机操作系统: Linux UGREEN-F48D 5.10.120 #0 SMP Fri Sep 20 03:08:02 2024 x86_64 GNU/Linux
  • 服务提供商(如果适用): UGREEN

其它信息
添加关于该 bug 的其它信息。

Originally created by @mailguest on GitHub (Dec 16, 2024). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/464 **任务列表** - [x] 我已阅读 [自述文件](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md) - [x] 我已阅读 [重要提示](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#重要提示) - [ ] 我已按照说明 [配置 VPN 客户端](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#下一步) - [x] 我检查了 [IKEv1 故障排除](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#ikev1-故障排除),[IKEv2 故障排除](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto-zh.md#ikev2-故障排除),[启用日志](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#启用-libreswan-日志) 并查看了 [VPN 状态](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#检查日志及-vpn-状态) - [x] 我搜索了已有的 [Issues](https://github.com/hwdsl2/docker-ipsec-vpn-server/issues?q=is%3Aissue) - [ ] 这个 bug 是关于 IPsec VPN 服务器 Docker 镜像,而不是 IPsec VPN 本身 <!--- 如果你发现了 IPsec VPN 的一个可重复的程序漏洞,请在 https://github.com/libreswan/libreswan 提交一个错误报告。VPN 的相关问题可在 [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) 或 [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) 用户邮件列表提问,或者搜索比如 [Stack Overflow](https://stackoverflow.com/questions/tagged/vpn) 等网站。 ---> **问题描述** 我的服务器启动报错如下: 2024-12-16T13:15:01.087574+00:00 ipsec-vpn-server pluto[853]: starting up 3 helper threads 2024-12-16T13:15:01.087610+00:00 ipsec-vpn-server pluto[853]: started thread for helper 0 2024-12-16T13:15:01.087626+00:00 ipsec-vpn-server pluto[853]: helper(1): seccomp security for helper not supported 2024-12-16T13:15:01.087645+00:00 ipsec-vpn-server pluto[853]: started thread for helper 1 2024-12-16T13:15:01.087658+00:00 ipsec-vpn-server pluto[853]: helper(2): seccomp security for helper not supported 2024-12-16T13:15:01.087671+00:00 ipsec-vpn-server pluto[853]: started thread for helper 2 2024-12-16T13:15:01.087686+00:00 ipsec-vpn-server pluto[853]: helper(3): seccomp security for helper not supported 2024-12-16T13:15:01.087698+00:00 ipsec-vpn-server pluto[853]: using Linux xfrm kernel support code on #0 SMP Fri Sep 20 03:08:02 2024 2024-12-16T13:15:01.087732+00:00 ipsec-vpn-server pluto[853]: FATAL ERROR: no XFRM kernel support detected, missing /proc/sys/net/core/xfrm_acq_expires and /proc/net/xfrm_stat: No such file or directory (errno 2) 2024-12-16T13:15:01.087762+00:00 ipsec-vpn-server pluto[853]: WARNING: helper threads still running 2024-12-16T13:15:01.087782+00:00 ipsec-vpn-server pluto[853]: ERROR: netlink write() of XFRM_MSG_FLUSHPOLICY message for flush policy failed: Bad file descriptor (errno 9) 2024-12-16T13:15:01.087790+00:00 ipsec-vpn-server pluto[853]: ERROR: netlink write() of XFRM_MSG_FLUSHSA message for flush state failed: Bad file descriptor (errno 9) 2024-12-16T13:15:01.087965+00:00 ipsec-vpn-server pluto[853]: FATAL: ASSERTION FAILED: event_initialized(ev) (free_signal_handlers() +440 programs/pluto/server.c) **重现步骤** 重现该 bug 的步骤: 1. 使用了github上提供的docker-compose 部署的 2. 部署在绿联的nas 4600 pro上 **期待的正确结果** 希望得到解决办法。 **日志** [启用日志](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#启用-libreswan-日志),检查 [VPN 状态](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#检查日志及-vpn-状态),并且添加错误日志以帮助解释该问题(如果适用)。 docker exec -it ipsec-vpn-server ipsec status ERROR: ipsec whack: Pluto is not running (no "/run/pluto/pluto.ctl"): No such file or directory (errno 2) **服务器信息** - Docker 主机操作系统: Linux UGREEN-F48D 5.10.120 #0 SMP Fri Sep 20 03:08:02 2024 x86_64 GNU/Linux - 服务提供商(如果适用): UGREEN **其它信息** 添加关于该 bug 的其它信息。
kerem closed this issue 2026-03-02 08:18:54 +03:00
Author
Owner

@hwdsl2 commented on GitHub (Dec 16, 2024):

@mailguest 你好!你的服务器日志中的错误 no XFRM kernel support detected... 说明 Docker 主机的 Linux 系统内核不支持 IPsec VPN。建议你另外尝试 IPsec VPN 以外的其他解决方案。

<!-- gh-comment-id:2545704820 --> @hwdsl2 commented on GitHub (Dec 16, 2024): @mailguest 你好!你的服务器日志中的错误 `no XFRM kernel support detected...` 说明 Docker 主机的 Linux 系统内核不支持 IPsec VPN。建议你另外尝试 IPsec VPN 以外的其他解决方案。
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#434
No description provided.