Hello, I'm seeing a strange error in StrongSwan U5.8.2/K5.4.0-39-generic (Ubuntu 20.04). I don't get this error with StrongSwan U5.7.2/K5.3.0-53-generic (Ubuntu 19.10).
received netlink error: Invalid argument (22) Jul 4 04:54:22 de-fsn-6 charon: 05[IKE] authentication of 'de-fsn-6.VPN.net' (myself) with RSA signature successful Jul 4 04:54:22 de-fsn-6 charon: 05[IKE] sending end entity cert "CN= de-fsn-6.VPN.net" Jul 4 04:54:22 de-fsn-6 charon: 05[IKE] sending issuer cert "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3" Jul 4 04:54:22 de-fsn-6 charon: 05[ENC] generating IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ] Jul 4 04:54:22 de-fsn-6 charon: 05[ENC] splitting IKE message (2928 bytes) into 3 fragments Jul 4 04:54:22 de-fsn-6 charon: 05[ENC] generating IKE_AUTH response 1 [ EF(1/3) ] Jul 4 04:54:22 de-fsn-6 charon: 05[ENC] generating IKE_AUTH response 1 [ EF(2/3) ] Jul 4 04:54:22 de-fsn-6 charon: 05[ENC] generating IKE_AUTH response 1 [ EF(3/3) ] Jul 4 04:54:22 de-fsn-6 charon: 05[NET] sending packet: from 144.76.113.xxx[4500] to 31.215.103.xxx[4500] (1236 bytes) Jul 4 04:54:22 de-fsn-6 charon: 05[NET] sending packet: from 144.76.113.xxx[4500] to 31.215.103.xxx[4500] (1236 bytes) Jul 4 04:54:22 de-fsn-6 charon: 05[NET] sending packet: from 144.76.113.xxx[4500] to 31.215.103.xxx[4500] (612 bytes) Jul 4 04:54:22 de-fsn-6 ipsec[706]: 01[NET] received packet: from 39.33.54.xxx[4500] to 144.76.113.xxx[4500] (144 bytes) Jul 4 04:54:22 de-fsn-6 ipsec[706]: 01[ENC] parsed INFORMATIONAL request 409 [ N(UPD_SA_ADDR) N(NATD_S_IP) N(NATD_D_IP) ] Jul 4 04:54:22 de-fsn-6 ipsec[706]: 01[ENC] generating INFORMATIONAL response 409 [ N(NATD_S_IP) N(NATD_D_IP) ] Jul 4 04:54:22 de-fsn-6 ipsec[706]: 01[NET] sending packet: from 144.76.113.xxx[4500] to 39.33.54.xxx[4500] (128 bytes) Jul 4 04:54:22 de-fsn-6 ipsec[706]: 08[NET] received packet: from xxxx:8f8:112d:ed31:2474:a82d:88cc:544[4500] to xxxx:4f7:192:732c::2[4500] (144 bytes) Jul 4 04:54:22 de-fsn-6 ipsec[706]: 08[ENC] parsed INFORMATIONAL request 12 [ N(UPD_SA_ADDR) N(NATD_S_IP) N(NATD_D_IP) ] Jul 4 04:54:22 de-fsn-6 ipsec[706]: 08[IKE] remote host is not behind NAT anymore Jul 4 04:54:22 de-fsn-6 ipsec[706]: 08[IKE] faking NAT situation to enforce UDP encapsulation Jul 4 04:54:22 de-fsn-6 ipsec[706]: 08[KNL] received netlink error: Invalid argument (22) Jul 4 04:54:22 de-fsn-6 ipsec[706]: 08[KNL] unable to update SAD entry with SPI c8a1394b Jul 4 04:54:22 de-fsn-6 ipsec[706]: 08[KNL] received netlink error: Invalid argument (22) Jul 4 04:54:22 de-fsn-6 ipsec[706]: 08[KNL] unable to update SAD entry with SPI 0b956c9a Jul 4 04:54:22 de-fsn-6 ipsec[706]: 08[ENC] generating INFORMATIONAL response 12 [ N(NATD_S_IP) N(NATD_D_IP) ] Jul 4 04:54:22 de-fsn-6 ipsec[706]: 08[NET] sending packet: from xxxx:4f7:192:732c::2[4500] to xxxx:8f8:112d:ed31:2474:a82d:88cc:544[4500] (128 bytes) Jul 4 04:54:22 de-fsn-6 ipsec[706]: 13[KNL] creating acquire job for policy xxx.111.251.62/32[tcp/https] === 10.10.34.25/32[tcp/51510] with reqid {31606} Jul 4 04:54:22 de-fsn-6 ipsec[706]: 13[CFG] trap not found, unable to acquire reqid 31606 Jul 4 04:54:22 de-fsn-6 ipsec[706]: 09[NET] received packet: from xxxx:8f8:112d:ed31:2474:a82d:88cc:544[4500] to xxxx:4f7:192:732c::2[4500] (144 bytes) Jul 4 04:54:22 de-fsn-6 ipsec[706]: 09[ENC] parsed INFORMATIONAL request 12 [ N(UPD_SA_ADDR) N(NATD_S_IP) N(NATD_D_IP) ] Jul 4 04:54:22 de-fsn-6 ipsec[706]: 09[IKE] received retransmit of request with ID 12, retransmitting response */etc/ipsec.conf* config setup strictcrlpolicy=yes uniqueids=never conn Falkenstein-6 auto=add compress=no type=tunnel keyexchange=ikev2 fragmentation=yes forceencaps=yes ike=aes256gcm16-aes192gcm16-aes128gcm16-prfsha256-ecp521-ecp256-modp4096-modp2048, aes256-sha256-ecp521-ecp256-modp4096-modp2048! esp=aes256gcm16-aes192gcm16-aes128gcm16-ecp521-ecp256-modp4096-modp2048, aes256-sha256-sha1-ecp521-ecp256-modp4096-modp2048, aes256-sha256-sha1! dpdaction=clear dpddelay=180s dpdtimeout=3600s rekey=no left=%any leftid=@de-fsn-6.VPN.net leftcert=cert.pem leftsendcert=always leftsubnet=0.0.0.0/0, ::/0 right=%any rightid=%any rightauth=eap-radius eap_identity=%any rightdns=8.8.8.8,8.8.4.4 rightsourceip=10.10.10.0/17,fdd2:54c4:4c90:1::300/113 leftfirewall=no Any idea what this could be? Many Thanks, Houman