IPsec stack on 4.15.13-1

kde
vpn
network-manager
kernel414
linux415

#1

I have a VPN connection L2TP/IPsec which is working fine on 4.14.31 but today I found out that it is not working on 4.15.

This is a part of the log:

dub 03 14:40:46 NEHEZ-DELL nm-l2tp-service[27077]: Check port 1701
dub 03 14:40:46 NEHEZ-DELL NetworkManager[493]: Stopping strongSwan IPsec failed: starter is not running
dub 03 14:40:48 NEHEZ-DELL NetworkManager[493]: Starting strongSwan 5.6.2 IPsec [starter]...
dub 03 14:40:48 NEHEZ-DELL NetworkManager[493]: Loading config setup
dub 03 14:40:48 NEHEZ-DELL NetworkManager[493]: Loading conn '31e314ff-904d-4f99-81d0-27c506330f4f'
dub 03 14:40:48 NEHEZ-DELL ipsec_starter[27090]: Starting strongSwan 5.6.2 IPsec [starter]...
dub 03 14:40:48 NEHEZ-DELL ipsec_starter[27090]: Loading config setup
dub 03 14:40:48 NEHEZ-DELL ipsec_starter[27090]: Loading conn '31e314ff-904d-4f99-81d0-27c506330f4f'
dub 03 14:40:48 NEHEZ-DELL NetworkManager[493]: kernel appears to lack the native netkey IPsec stack
dub 03 14:40:48 NEHEZ-DELL NetworkManager[493]: no netkey IPsec stack detected
dub 03 14:40:48 NEHEZ-DELL ipsec_starter[27090]: kernel appears to lack the native netkey IPsec stack
dub 03 14:40:48 NEHEZ-DELL ipsec_starter[27090]: no netkey IPsec stack detected
dub 03 14:40:48 NEHEZ-DELL NetworkManager[493]: kernel appears to lack the KLIPS IPsec stack
dub 03 14:40:48 NEHEZ-DELL NetworkManager[493]: no KLIPS IPsec stack detected
dub 03 14:40:48 NEHEZ-DELL NetworkManager[493]: no known IPsec stack detected, ignoring!
dub 03 14:40:48 NEHEZ-DELL ipsec_starter[27090]: kernel appears to lack the KLIPS IPsec stack
dub 03 14:40:48 NEHEZ-DELL ipsec_starter[27090]: no KLIPS IPsec stack detected
dub 03 14:40:48 NEHEZ-DELL ipsec_starter[27090]: no known IPsec stack detected, ignoring!
dub 03 14:40:48 NEHEZ-DELL ipsec_starter[27103]: Attempting to start charon...
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 4.15.13-1-MANJARO, x86_64)
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[KNL] unable to create netlink socket: Protocol not supported (93)
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[NET] installing IKE bypass policy failed
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[NET] installing IKE bypass policy failed
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[NET] installing IKE bypass policy failed
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[NET] installing IKE bypass policy failed
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[NET] enabling UDP decapsulation for IPv4 on port 4500 failed
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: CUSTOM:kernel-ipsec
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[CFG] attr-sql plugin: database URI not set
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[NET] using forecast interface wlp2s0
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-31e314ff-904d-4f99-81d0-27c506330f4f.secrets'
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[CFG]   loaded IKE secret for %any
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[CFG] sql plugin: database URI not set
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[CFG] loaded 0 RADIUS server configurations
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[CFG] HA config misses local/remote address
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[CFG] no script for ext-auth script defined, disabled
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[LIB] failed to load 1 critical plugin feature
dub 03 14:40:48 NEHEZ-DELL charon[27104]: 00[DMN] initialization failed - aborting charon
dub 03 14:40:48 NEHEZ-DELL ipsec_starter[27103]: child 27104 (charon) has quit (exit code 66)
dub 03 14:40:48 NEHEZ-DELL ipsec_starter[27103]: 
dub 03 14:40:48 NEHEZ-DELL ipsec_starter[27103]: charon has quit: initialization failed
dub 03 14:40:48 NEHEZ-DELL ipsec_starter[27103]: charon refused to be started
dub 03 14:40:48 NEHEZ-DELL ipsec_starter[27103]: ipsec starter stopped
dub 03 14:40:58 NEHEZ-DELL NetworkManager[493]: Stopping strongSwan IPsec failed: starter is not running
dub 03 14:40:58 NEHEZ-DELL nm-l2tp-service[27077]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
dub 03 14:40:58 NEHEZ-DELL NetworkManager[493]: <info>  [1522759258.5887] vpn-connection[0x55aa04bf6180,31e314ff-904d-4f99-81d0-27c506330f4f,"LiveScore VPN",0]: VPN plugin: state changed: stopped (6)
dub 03 14:40:58 NEHEZ-DELL NetworkManager[493]: <info>  [1522759258.5903] vpn-connection[0x55aa04bf6180,31e314ff-904d-4f99-81d0-27c506330f4f,"LiveScore VPN",0]: VPN service disappeared
dub 03 14:40:58 NEHEZ-DELL NetworkManager[493]: <warn>  [1522759258.5911] vpn-connection[0x55aa04bf6180,31e314ff-904d-4f99-81d0-27c506330f4f,"LiveScore VPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'

Any idea?

I have no problem to run on 4.14 but I wonder why it is so…


#2

I do not know whether it was working on 4.15 while I switched to it not so long time ago.


#3

The latest 4.15 kernel is 4.15.14 ([Stable Update] 2018-04-02 - Kernels, ZFS, Pamac, Udisks2). Might be worth checking for updates and rebooting?


#4

It is working fine on 4.15.14 - I can connect to my VPN.
So hopefully it will stay good as it is now.

The question is whether it is worth to run 4.15 while 4.14 is LTS and I have no problem with 4.14.