Created attachment 624 [details] Log excerpt Cannot establish IPsec VPN with ChaCha20-Poly1305 on ARM: > received netlink error: Function not implemented (38) > unable to add SAD entry with SPI c7e5aa6d (FAILED) Full log is attached. It looks like this is not enabled in the ARM kernel configs: > config/kernel/kernel.config.aarch64-ipfire:# CONFIG_CRYPTO_CHACHA20POLY1305 is not set > config/kernel/kernel.config.aarch64-ipfire:# CONFIG_CRYPTO_CHACHA20 is not set > config/kernel/kernel.config.armv5tel-ipfire-kirkwood:# CONFIG_CRYPTO_CHACHA20POLY1305 is not set > config/kernel/kernel.config.armv5tel-ipfire-kirkwood:# CONFIG_CRYPTO_CHACHA20 is not set > config/kernel/kernel.config.armv5tel-ipfire-multi:# CONFIG_CRYPTO_CHACHA20POLY1305 is not set > config/kernel/kernel.config.armv5tel-ipfire-multi:# CONFIG_CRYPTO_CHACHA20 is not set > config/kernel/kernel.config.i586-ipfire:CONFIG_CRYPTO_CHACHA20POLY1305=m > config/kernel/kernel.config.i586-ipfire:CONFIG_CRYPTO_CHACHA20=m > config/kernel/kernel.config.i586-ipfire-pae:CONFIG_CRYPTO_CHACHA20POLY1305=m > config/kernel/kernel.config.i586-ipfire-pae:CONFIG_CRYPTO_CHACHA20=m > config/kernel/kernel.config.x86_64-ipfire:CONFIG_CRYPTO_CHACHA20POLY1305=m > config/kernel/kernel.config.x86_64-ipfire:CONFIG_CRYPTO_CHACHA20=m > config/kernel/kernel.config.x86_64-ipfire:CONFIG_CRYPTO_CHACHA20_X86_64=m Please enable. This is quite severe because ChaCha20-Poly1305 is chosen as default and tunnels with the default settings won't come up if one peer is ARM.
Fixed in https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=a834285d1ba8cd4314cb9fd8218b0bc2bcfe68d4