IPSec transport won't pass traffic - charon: 07[KNL] received invalid PF_ROUTE

obrienmd · October 11, 2017, 01:02:28 AM

After struggling with zerotier performance, I'm getting back into running routing protocols over GRE, with IPSec in transport mode. I have a pair on 17.7 (no point upgrades) seemingly working fine, but with my boxes on the current 17.7.5 point release, with the same configs, I have a few pairs that get good SAs, SPs, but cannot pass any traffic and show the following in the log whenever a packet tries to go out:

Code Select

charon: 07[KNL] received invalid PF_ROUTE message
Searching for this ^ returns only a reference to the strongswan source code :)

When I ping one WAN IP from another (leaving GRE out entirely), I get:

Code Select

ping: sendto: Permission denied

Does anyone have IPSec transport mode working on 17.7.5?

IPSec transport won't pass traffic - charon: 07[KNL] received invalid PF_ROUTE

obrienmd

October 11, 2017, 01:02:28 AM