I am using Strongswan (charon-systems) as a vpn server allowing external (roadwarrior) users to connect in.
The system worked without problem using a tg3 network interface. upgrading to a ixbge 10gbe interface causes problems and no traffic will work between the client/server once the IPSec connection is established.
dmesg reports :
[42778.201643] ixgbe 0000:07:00.0 ens1f0: ixgbe_ipsec_tx: bad sa_idx=64512 handle=0
over and over.
I tried upgrading to the HWE kernel but the fault remains.
It only affects the IXBGE interfaces, not the TG3 interfaces (which suggests it was a kernel fault)
I believe this kernel update fixes it:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c?h=v5.4-rc1&id=f39b683d35dfa93a58f1b400a8ec0ff81296b37c
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: charon-systemd 5.6.2-1ubuntu2.4
ProcVersionSignature: Ubuntu 5.0.0-29.31~18.04.1-generic 5.0.21
Uname: Linux 5.0.0-29-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
Date: Wed Oct 2 00:45:55 2019
InstallationDate: Installed on 2016-10-24 (1072 days ago)
InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
SourcePackage: strongswan
UpgradeStatus: Upgraded to bionic on 2018-08-25 (402 days ago)
---
ProblemType: Bug
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Oct 3 18:41 seq
crw-rw---- 1 root audio 116, 33 Oct 3 18:41 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
DistroRelease: Ubuntu 18.04
HibernationDevice: RESUME=UUID=fa95a6c6-d6bf-4021-a092-8e87245b0a72
InstallationDate: Installed on 2016-10-24 (1073 days ago)
InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
MachineType: HP ProLiant MicroServer Gen8
Package: strongswan (not installed)
PciMultimedia:
ProcFB: 0 mgadrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.0.0-29-generic root=UUID=e391395c-c577-43a6-9473-0be9206e5b29 ro rootflags=subvol=@ console=tty1 console=ttyS1,115200
ProcVersionSignature: Ubuntu 5.0.0-29.31~18.04.1-generic 5.0.21
RelatedPackageVersions:
linux-restricted-modules-5.0.0-29-generic N/A
linux-backports-modules-5.0.0-29-generic N/A
linux-firmware 1.173.9
RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
SourcePackage: strongswan
Tags: bionic
Uname: Linux 5.0.0-29-generic x86_64
UpgradeStatus: Upgraded to bionic on 2018-08-25 (403 days ago)
UserGroups:
_MarkForUpload: True
dmi.bios.date: 04/04/2019
dmi.bios.vendor: HP
dmi.bios.version: J06
dmi.chassis.type: 7
dmi.chassis.vendor: HP
dmi.modalias: dmi:bvnHP:bvrJ06:bd04/04/2019:svnHP:pnProLiantMicroServerGen8:pvr:cvnHP:ct7:cvr:
dmi.product.family: ProLiant
dmi.product.name: ProLiant MicroServer Gen8
dmi.product.sku: 712317-421
dmi.sys.vendor: HP
Thank you for your report and for the pointer to the patch. As this is almost certainly a kernel bug I added "linux" to the affected packages.