[GH-ISSUE #464] ERROR: no XFRM kernel support detected #434

New issue

Closed

opened 2026-03-02 08:18:54 +03:00 by kerem · 1 comment

kerem commented 2026-03-02 08:18:54 +03:00

Owner

Copy link

Originally created by @mailguest on GitHub (Dec 16, 2024).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/464

任务列表

• 我已阅读 自述文件
• 我已阅读 重要提示
• 我已按照说明 配置 VPN 客户端
• 我检查了 IKEv1 故障排除，IKEv2 故障排除，启用日志 并查看了 VPN 状态
• 我搜索了已有的 Issues
• 这个 bug 是关于 IPsec VPN 服务器 Docker 镜像，而不是 IPsec VPN 本身

问题描述
我的服务器启动报错如下：
2024-12-16T13:15:01.087574+00:00 ipsec-vpn-server pluto[853]: starting up 3 helper threads
2024-12-16T13:15:01.087610+00:00 ipsec-vpn-server pluto[853]: started thread for helper 0
2024-12-16T13:15:01.087626+00:00 ipsec-vpn-server pluto[853]: helper(1): seccomp security for helper not supported
2024-12-16T13:15:01.087645+00:00 ipsec-vpn-server pluto[853]: started thread for helper 1
2024-12-16T13:15:01.087658+00:00 ipsec-vpn-server pluto[853]: helper(2): seccomp security for helper not supported
2024-12-16T13:15:01.087671+00:00 ipsec-vpn-server pluto[853]: started thread for helper 2
2024-12-16T13:15:01.087686+00:00 ipsec-vpn-server pluto[853]: helper(3): seccomp security for helper not supported
2024-12-16T13:15:01.087698+00:00 ipsec-vpn-server pluto[853]: using Linux xfrm kernel support code on #0 SMP Fri Sep 20 03:08:02 2024
2024-12-16T13:15:01.087732+00:00 ipsec-vpn-server pluto[853]: FATAL ERROR: no XFRM kernel support detected, missing /proc/sys/net/core/xfrm_acq_expires and /proc/net/xfrm_stat: No such file or directory (errno 2)
2024-12-16T13:15:01.087762+00:00 ipsec-vpn-server pluto[853]: WARNING: helper threads still running
2024-12-16T13:15:01.087782+00:00 ipsec-vpn-server pluto[853]: ERROR: netlink write() of XFRM_MSG_FLUSHPOLICY message for flush policy failed: Bad file descriptor (errno 9)
2024-12-16T13:15:01.087790+00:00 ipsec-vpn-server pluto[853]: ERROR: netlink write() of XFRM_MSG_FLUSHSA message for flush state failed: Bad file descriptor (errno 9)
2024-12-16T13:15:01.087965+00:00 ipsec-vpn-server pluto[853]: FATAL: ASSERTION FAILED: event_initialized(ev) (free_signal_handlers() +440 programs/pluto/server.c)

重现步骤
重现该 bug 的步骤：

1. 使用了github上提供的docker-compose 部署的
2. 部署在绿联的nas 4600 pro上

期待的正确结果
希望得到解决办法。

日志
启用日志，检查 VPN 状态，并且添加错误日志以帮助解释该问题（如果适用）。

docker exec -it ipsec-vpn-server ipsec status

ERROR: ipsec whack: Pluto is not running (no "/run/pluto/pluto.ctl"): No such file or directory (errno 2)

服务器信息

• Docker 主机操作系统: Linux UGREEN-F48D 5.10.120 #0 SMP Fri Sep 20 03:08:02 2024 x86_64 GNU/Linux
• 服务提供商（如果适用）: UGREEN

其它信息
添加关于该 bug 的其它信息。

Originally created by @mailguest on GitHub (Dec 16, 2024). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/464 **任务列表** - [x] 我已阅读 [自述文件](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md) - [x] 我已阅读 [重要提示](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#重要提示) - [ ] 我已按照说明 [配置 VPN 客户端](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#下一步) - [x] 我检查了 [IKEv1 故障排除](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#ikev1-故障排除)，[IKEv2 故障排除](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto-zh.md#ikev2-故障排除)，[启用日志](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#启用-libreswan-日志) 并查看了 [VPN 状态](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#检查日志及-vpn-状态) - [x] 我搜索了已有的 [Issues](https://github.com/hwdsl2/docker-ipsec-vpn-server/issues?q=is%3Aissue) - [ ] 这个 bug 是关于 IPsec VPN 服务器 Docker 镜像，而不是 IPsec VPN 本身 <!--- 如果你发现了 IPsec VPN 的一个可重复的程序漏洞，请在 https://github.com/libreswan/libreswan 提交一个错误报告。VPN 的相关问题可在 [Libreswan](https://lists.libreswan.org/mailman/listinfo/swan) 或 [strongSwan](https://lists.strongswan.org/mailman/listinfo/users) 用户邮件列表提问，或者搜索比如 [Stack Overflow](https://stackoverflow.com/questions/tagged/vpn) 等网站。 ---> **问题描述** 我的服务器启动报错如下： 2024-12-16T13:15:01.087574+00:00 ipsec-vpn-server pluto[853]: starting up 3 helper threads 2024-12-16T13:15:01.087610+00:00 ipsec-vpn-server pluto[853]: started thread for helper 0 2024-12-16T13:15:01.087626+00:00 ipsec-vpn-server pluto[853]: helper(1): seccomp security for helper not supported 2024-12-16T13:15:01.087645+00:00 ipsec-vpn-server pluto[853]: started thread for helper 1 2024-12-16T13:15:01.087658+00:00 ipsec-vpn-server pluto[853]: helper(2): seccomp security for helper not supported 2024-12-16T13:15:01.087671+00:00 ipsec-vpn-server pluto[853]: started thread for helper 2 2024-12-16T13:15:01.087686+00:00 ipsec-vpn-server pluto[853]: helper(3): seccomp security for helper not supported 2024-12-16T13:15:01.087698+00:00 ipsec-vpn-server pluto[853]: using Linux xfrm kernel support code on #0 SMP Fri Sep 20 03:08:02 2024 2024-12-16T13:15:01.087732+00:00 ipsec-vpn-server pluto[853]: FATAL ERROR: no XFRM kernel support detected, missing /proc/sys/net/core/xfrm_acq_expires and /proc/net/xfrm_stat: No such file or directory (errno 2) 2024-12-16T13:15:01.087762+00:00 ipsec-vpn-server pluto[853]: WARNING: helper threads still running 2024-12-16T13:15:01.087782+00:00 ipsec-vpn-server pluto[853]: ERROR: netlink write() of XFRM_MSG_FLUSHPOLICY message for flush policy failed: Bad file descriptor (errno 9) 2024-12-16T13:15:01.087790+00:00 ipsec-vpn-server pluto[853]: ERROR: netlink write() of XFRM_MSG_FLUSHSA message for flush state failed: Bad file descriptor (errno 9) 2024-12-16T13:15:01.087965+00:00 ipsec-vpn-server pluto[853]: FATAL: ASSERTION FAILED: event_initialized(ev) (free_signal_handlers() +440 programs/pluto/server.c) **重现步骤** 重现该 bug 的步骤： 1. 使用了github上提供的docker-compose 部署的 2. 部署在绿联的nas 4600 pro上 **期待的正确结果** 希望得到解决办法。 **日志** [启用日志](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#启用-libreswan-日志)，检查 [VPN 状态](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#检查日志及-vpn-状态)，并且添加错误日志以帮助解释该问题（如果适用）。 docker exec -it ipsec-vpn-server ipsec status ERROR: ipsec whack: Pluto is not running (no "/run/pluto/pluto.ctl"): No such file or directory (errno 2) **服务器信息** - Docker 主机操作系统: Linux UGREEN-F48D 5.10.120 #0 SMP Fri Sep 20 03:08:02 2024 x86_64 GNU/Linux - 服务提供商（如果适用）: UGREEN **其它信息** 添加关于该 bug 的其它信息。

kerem closed this issue 2026-03-02 08:18:54 +03:00

kerem commented 2026-03-02 08:18:55 +03:00

Author

Owner

Copy link

@hwdsl2 commented on GitHub (Dec 16, 2024):

@mailguest 你好！你的服务器日志中的错误 no XFRM kernel support detected... 说明 Docker 主机的 Linux 系统内核不支持 IPsec VPN。建议你另外尝试 IPsec VPN 以外的其他解决方案。

<!-- gh-comment-id:2545704820 --> @hwdsl2 commented on GitHub (Dec 16, 2024): @mailguest 你好！你的服务器日志中的错误 `no XFRM kernel support detected...` 说明 Docker 主机的 Linux 系统内核不支持 IPsec VPN。建议你另外尝试 IPsec VPN 以外的其他解决方案。

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

No results found.

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

No labels

bug

pull-request

question

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/docker-ipsec-vpn-server#434

No description provided.