Hi all!
Let me start by saying thank you to all the continuous development on this brilliant OS for my RPI-B
and all the great people here in the forums who keep posting. So far I’ve managed to solve all problems over the last two years with the help of this forum ( well and sometimes others).
However, this time, it seems to me that there is a problem which I have to report here:
In short:
My ipsec VPN connection over strongswan is established regularly, just as before the november update to linux kernel 4.3 - however, it stops with a ‘netlink error’ and then just shows my local city’s ip and not the distant vpn-location’s ip.
My research so far has lead me to this website, and an apperntly known issue at strongswan who propose a kernel patch for this issue. Issue #1189: Installing route failed on Linux kernel 4.3 - strongSwan
Long version:
Up until the latest update I was able to use my Ipsec VPN service using strongswan 5.2.1 (the standard debian jessie package) which I had installed according to this tutorial - https://community.hide.me/tutorials/ipsec-ikev2-with-strongswan-non-gui-method.43/ (except that i didnt use the resolv.conf at the end - since we’re using connman)
Since the noivember update I am able to connect successfully and check my foreign IP right after system start.
However, as soon as I restart the ipsec service with ‘ipsec restart’ and after a short wait for it to be up again,
the command ‘ipsec up connection’ is executed and everything seems to go normal, the connection to the foreign ip is established, however I keep getting the following error message:
received netlink error: Invalid argument (22) received netlink error: Invalid argument (22) unable to install source route for 10.3.132.146
Upon checking my ip, it still shows my home and not the foreign ip.
My research so far has lead me to the strongswan issue pages - especially this one: Issue #1189: Installing route failed on Linux kernel 4.3 - strongSwan - which refers to a necessary kernel patch.
I am not too bad in using linux and using the command line, but not in updating any patches / compiling stuff - which seem to be the basis of my problem.
Is there any chance that you guys can help me - or will I have to wait until this patch is officially implemented into the kernel ?
Oh, I nearly forgot - here is the pastebin logs from osmc - note that the trouble of charon/ipsec loading loads and loads of certificates has never been an issue so far.
http://paste.osmc.io/sodezaxune
I should probably also mention - before anybody comes up with the idea that i should use openvpn - i tried and the system performance was down tremendously!
Thanks a lot,
Bjoern