Tegraカーネル5.12がインストールされているLinuxを実行するNvidia Jetson Orin Nanoがあります。 Strongswanを使用しようとしていますが、いくつかの要件があります。設定モジュール、それがまさに私がしたことです。
ただし、暗号化操作のための他のカーネルモジュールが欠落しているようで、Linuxカーネルについてはよくわからないため、ログは次のようになります。何が起こっているのか知っていますか?
Aug 5 09:29:36 host charon: 14[CFG] selected proposal: ESP:AES_GCM_16_128/NO_EXT_SEQ
Aug 5 09:29:36 host charon: 14[KNL] received netlink error: Function not implemented (38)
Aug 5 09:29:36 host charon: 14[KNL] unable to add SAD entry with SPI cd0f6388 (FAILED)
Aug 5 09:29:36 host charon: 14[KNL] received netlink error: Function not implemented (38)
Aug 5 09:29:36 host charon: 14[KNL] unable to add SAD entry with SPI c52b8fc2 (FAILED)
Aug 5 09:29:36 host charon: 14[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
Aug 5 09:22:41 host systemd[1]: snapd.service: Succeeded.
Aug 5 09:22:50 host systemd-timesyncd[323]: Timed out waiting for reply from 82.64.84.116:123 (0.pool.ntp.org).
Aug 5 09:27:19 host systemd-timesyncd[323]: Initial synchronization to time server 151.80.168.4:123 (0.pool.ntp.org).
Aug 5 09:27:35 host systemd[1]: systemd-timedated.service: Succeeded.
Aug 5 09:28:46 host dbus-daemon[1418]: [session uid=1000 pid=1418] Activating via systemd: service name='org.freedesktop.Tracker1' unit='tracker-store.service' requested by ':1.3' (uid=1000 pid=1414 comm="/usr/libexec/tracker-miner-fs " label="kernel")
Aug 5 09:28:46 host systemd[1260]: Starting Tracker metadata database store and lookup manager...
Aug 5 09:28:46 host dbus-daemon[1418]: [session uid=1000 pid=1418] Successfully activated service 'org.freedesktop.Tracker1'
Aug 5 09:28:46 host systemd[1260]: Started Tracker metadata database store and lookup manager.
Aug 5 09:29:16 host tracker-store[6111]: OK
Aug 5 09:29:16 host systemd[1260]: tracker-store.service: Succeeded.
Stopping strongSwan IPsec...
Aug 5 09:29:34 host charon: 00[DMN] signal of type SIGINT received. Shutting down
Aug 5 09:29:34 host ipsec[3120]: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.2, Linux 5.10.104-tegra, aarch64)
Aug 5 09:29:34 host ipsec[3120]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug 5 09:29:34 host ipsec[3120]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug 5 09:29:34 host ipsec[3120]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug 5 09:29:34 host ipsec[3120]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug 5 09:29:34 host ipsec[3120]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug 5 09:29:34 host ipsec[3120]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug 5 09:29:34 host ipsec[3120]: 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke vici updown eap-mschapv2 xauth-generic counters
Aug 5 09:29:34 host ipsec[3120]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug 5 09:29:34 host ipsec[3120]: 00[JOB] spawning 16 worker threads
Aug 5 09:29:34 host ipsec[3120]: 00[DMN] executing start script 'load-all' (/usr/sbin/swanctl --load-all)
Aug 5 09:29:34 host ipsec[3120]: 15[CFG] loaded IKE shared key with id 'ike-nvidiajetsondevice' for: '[email protected]', '[email protected]'
Aug 5 09:29:34 host ipsec[3120]: 08[CFG] added vici connection: nvidiajetsondevice-to-distanthost
Aug 5 09:29:34 host ipsec[3120]: 08[CFG] initiating 'nvidiajetsondevice'
Aug 5 09:29:34 host ipsec[3120]: 08[IKE] initiating IKE_SA nvidiajetsondevice-to-distanthost[1] to IP.IP.IP.IP
Aug 5 09:29:34 host ipsec[3120]: 08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 5 09:29:34 host ipsec[3120]: 08[NET] sending packet: from 192.168.1.91[500] to IP.IP.IP.IP[500] (992 bytes)
Aug 5 09:29:34 host ipsec[3120]: 00[DMN] load-all: loaded ike secret 'ike-nvidiajetsondevice'
Aug 5 09:29:34 host ipsec[3120]: 00[DMN] load-all: loaded connection 'nvidiajetsondevice-to-distanthost'
Aug 5 09:29:34 host ipsec[3120]: 00[DMN] load-all: successfully loaded 1 connections, 0 unloaded
Aug 5 09:29:34 host ipsec[3120]: 13[IKE] retransmit 1 of request with message ID 0
Aug 5 09:29:34 host ipsec[3120]: 13[NET] sending packet: from 192.168.1.91[500] to IP.IP.IP.IP[500] (992 bytes)
Aug 5 09:29:34 host ipsec[3120]: 14[IKE] retransmit 2 of request with message ID 0
Aug 5 09:29:34 host ipsec[3120]: 14[NET] sending packet: from 192.168.1.91[500] to IP.IP.IP.IP[500] (992 bytes)
Aug 5 09:29:34 host ipsec[3120]: 16[IKE] retransmit 3 of request with message ID 0
Aug 5 09:29:34 host ipsec[3120]: 16[NET] sending packet: from 192.168.1.91[500] to IP.IP.IP.IP[500] (992 bytes)
Aug 5 09:29:34 host ipsec[3120]: 15[IKE] retransmit 4 of request with message ID 0
Aug 5 09:29:34 host ipsec[3120]: 15[NET] sending packet: from 192.168.1.91[500] to IP.IP.IP.IP[500] (992 bytes)
Aug 5 09:29:34 host ipsec[3120]: 05[IKE] retransmit 5 of request with message ID 0
Aug 5 09:29:34 host ipsec[3120]: 05[NET] sending packet: from 192.168.1.91[500] to IP.IP.IP.IP[500] (992 bytes)
Aug 5 09:29:34 host ipsec[3120]: 06[IKE] giving up after 5 retransmits
Aug 5 09:29:34 host ipsec[3120]: 06[IKE] establishing IKE_SA failed, peer not responding
Aug 5 09:29:34 host ipsec[3120]: 00[DMN] signal of type SIGINT received. Shutting down
Aug 5 09:29:34 host ipsec[3107]: charon stopped after 200 ms
Aug 5 09:29:34 host ipsec[3107]: ipsec starter stopped
Aug 5 09:29:34 host systemd[1]: strongswan-starter.service: Succeeded.
Starting strongSwan 5.8.2 IPsec [starter]...
IPsec service has been restarted.
Aug 5 09:29:36 host charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.2, Linux 5.10.104-tegra, aarch64)
Aug 5 09:29:36 host charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug 5 09:29:36 host charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug 5 09:29:36 host charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug 5 09:29:36 host charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug 5 09:29:36 host charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug 5 09:29:36 host charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug 5 09:29:36 host charon: 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke vici updown eap-mschapv2 xauth-generic counters
Aug 5 09:29:36 host charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug 5 09:29:36 host charon: 00[JOB] spawning 16 worker threads
Aug 5 09:29:36 host charon: 00[DMN] executing start script 'load-all' (/usr/sbin/swanctl --load-all)
Aug 5 09:29:36 host charon: 01[CFG] loaded IKE shared key with id 'ike-nvidiajetsondevice' for: '[email protected]', '[email protected]'
Aug 5 09:29:36 host charon: 09[CFG] added vici connection: nvidiajetsondevice-to-distanthost
Aug 5 09:29:36 host charon: 09[CFG] initiating 'nvidiajetsondevice'
Aug 5 09:29:36 host charon: 09[IKE] initiating IKE_SA nvidiajetsondevice-to-distanthost[1] to IP.IP.IP.IP
Aug 5 09:29:36 host charon: 09[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 5 09:29:36 host charon: 09[NET] sending packet: from 192.168.1.91[500] to IP.IP.IP.IP[500] (992 bytes)
Aug 5 09:29:36 host charon: 00[DMN] load-all: loaded ike secret 'ike-nvidiajetsondevice'
Aug 5 09:29:36 host charon: 00[DMN] load-all: loaded connection 'nvidiajetsondevice-to-distanthost'
Aug 5 09:29:36 host charon: 00[DMN] load-all: successfully loaded 1 connections, 0 unloaded
Aug 5 09:29:36 host charon: 13[NET] received packet: from IP.IP.IP.IP[500] to 192.168.1.91[500] (280 bytes)
Aug 5 09:29:36 host charon: 13[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
Aug 5 09:29:36 host charon: 13[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
Aug 5 09:29:36 host charon: 13[IKE] local host is behind NAT, sending keep alives
Aug 5 09:29:36 host charon: 13[IKE] remote host is behind NAT
Aug 5 09:29:36 host charon: 13[IKE] authentication of '[email protected]' (myself) with pre-shared key
Aug 5 09:29:36 host charon: 13[IKE] establishing CHILD_SA nvidiajetsondevice{1}
Aug 5 09:29:36 host charon: 13[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CPRQ(ADDR DNS) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Aug 5 09:29:36 host charon: 13[NET] sending packet: from 192.168.1.91[4500] to IP.IP.IP.IP[4500] (512 bytes)
Aug 5 09:29:36 host charon: 14[NET] received packet: from IP.IP.IP.IP[4500] to 192.168.1.91[4500] (240 bytes)
Aug 5 09:29:36 host charon: 14[ENC] parsed IKE_AUTH response 1 [ IDr AUTH CPRP(ADDR) SA TSi TSr ]
Aug 5 09:29:36 host charon: 14[IKE] authentication of '[email protected]' with pre-shared key successful
Aug 5 09:29:36 host charon: 14[IKE] IKE_SA nvidiajetsondevice-to-distanthost[1] established between 192.168.1.91[[email protected]]...IP.IP.IP.IP[[email protected]]
Aug 5 09:29:36 host charon: 14[IKE] scheduling rekeying in 27166s
Aug 5 09:29:36 host charon: 14[IKE] maximum IKE_SA lifetime 30046s
Aug 5 09:29:36 host charon: 14[IKE] installing new virtual IP 10.10.0.122
Aug 5 09:29:36 host charon: 14[CFG] selected proposal: ESP:AES_GCM_16_128/NO_EXT_SEQ
11 h 32
Aug 5 09:29:36 host charon: 14[KNL] received netlink error: Function not implemented (38)
Aug 5 09:29:36 host charon: 14[KNL] unable to add SAD entry with SPI cd0f6388 (FAILED)
Aug 5 09:29:36 host charon: 14[KNL] received netlink error: Function not implemented (38)
Aug 5 09:29:36 host charon: 14[KNL] unable to add SAD entry with SPI c52b8fc2 (FAILED)
Aug 5 09:29:36 host charon: 14[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
Aug 5 09:29:36 host charon: 14[IKE] failed to establish CHILD_SA, keeping IKE_SA
Aug 5 09:29:36 host charon: 14[IKE] sending DELETE for ESP CHILD_SA with SPI cd0f6388
Aug 5 09:29:36 host charon: 14[ENC] generating INFORMATIONAL request 2 [ D ]
Aug 5 09:29:36 host charon: 14[NET] sending packet: from 192.168.1.91[4500] to IP.IP.IP.IP[4500] (80 bytes)
Aug 5 09:29:36 host charon: 05[NET] received packet: from IP.IP.IP.IP[4500] to 192.168.1.91[4500] (80 bytes)
Aug 5 09:29:36 host charon: 05[ENC] parsed INFORMATIONAL response 2 [ D ]
Aug 5 09:29:36 host charon: 05[KNL] deleting policy 10.10.0.0/16 === 10.10.0.122/32 in failed, not found
Aug 5 09:29:36 host charon: 05[KNL] deleting policy 10.10.0.0/16 === 10.10.0.122/32 fwd failed, not found
Aug 5 09:29:36 host charon: 08[NET] received packet: from IP.IP.IP.IP[4500] to 192.168.1.91[4500] (320 bytes)
Aug 5 09:29:36 host charon: 08[ENC] parsed CREATE_CHILD_SA request 0 [ SA No TSi TSr ]
Aug 5 09:29:36 host charon: 08[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Aug 5 09:29:37 host charon: 08[IKE] CHILD_SA nvidiajetsondevice{2} established with SPIs ceab2e30_i c60f633a_o and TS 10.10.0.122/32 === 10.10.0.0/16
Aug 5 09:29:37 host systemd-networkd[593]: username-mgmt: Link UP
Aug 5 09:29:37 host systemd-networkd[593]: username-mgmt: Gained carrier
Aug 5 09:29:37 host charon: 09[KNL] interface username-mgmt activated
Aug 5 09:29:37 host systemd-networkd[593]: username-mgmt: Gained IPv6LL
Aug 5 09:29:37 host charon: 11[KNL] fe80::4caf:4fed:7dd4:231a appeared on username-mgmt
Aug 5 09:29:37 host username-mngmnt-vpn is up, setting up.....: 14
Aug 5 09:29:37 host charon: 08[CHD] updown: iptables v1.8.4 (nf_tables): Couldn't load match `comment':No such file or directory
Aug 5 09:29:37 host charon: 08[CHD] updown:
Aug 5 09:29:37 host charon: 08[CHD] updown: Try `iptables -h' or 'iptables --help' for more information.
Aug 5 09:29:37 host charon: 08[CHD] updown: iptables v1.8.4 (nf_tables): unknown option "--to-source"
Aug 5 09:29:37 host charon: 08[CHD] updown: Try `iptables -h' or 'iptables --help' for more information.
Aug 5 09:29:37 host charon: 08[CHD] updown: iptables: Bad rule (does a matching rule exist in that chain?).
Aug 5 09:29:37 host charon: message repeated 2 times: [ 08[CHD] updown: iptables: Bad rule (does a matching rule exist in that chain?).]
Aug 5 09:29:37 host charon: 08[CHD] updown: iptables v1.8.4 (nf_tables): CHAIN_ADD failed (No such file or directory): chain PREROUTING
Aug 5 09:29:37 host charon: 08[CHD] updown: iptables v1.8.4 (nf_tables): Couldn't load match `comment':No such file or directory
Aug 5 09:29:37 host charon: 08[CHD] updown:
Aug 5 09:29:37 host charon: 08[CHD] updown: Try `iptables -h' or 'iptables --help' for more information.
Aug 5 09:29:37 host charon: 08[CHD] updown: iptables v1.8.4 (nf_tables): unknown option "--to-source"
Aug 5 09:29:37 host charon: 08[CHD] updown: Try `iptables -h' or 'iptables --help' for more information.
Aug 5 09:29:37 host charon: 08[CHD] updown: iptables: No chain/target/match by that name.
Aug 5 09:29:37 host charon: 08[CHD] updown: iptables v1.8.4 (nf_tables): RULE_APPEND failed (No such file or directory): rule in chain FORWARD
Aug 5 09:29:37 host charon: 08[CHD] updown: iptables v1.8.4 (nf_tables): RULE_APPEND failed (No such file or directory): rule in chain FORWARD
Aug 5 09:29:37 host charon: 08[ENC] generating CREATE_CHILD_SA response 0 [ SA No TSi TSr ]
Aug 5 09:29:37 host charon: 08[NET] sending packet: from 192.168.1.91[4500] to IP.IP.IP.IP[4500] (208 bytes)
Aug 5 09:29:47 host charon: 07[NET] received packet: from IP.IP.IP.IP[4500] to 192.168.1.91[4500] (80 bytes)
Aug 5 09:29:47 host charon: 07[ENC] parsed INFORMATIONAL request 1 [ ]
Aug 5 09:29:47 host charon: 07[ENC] generating INFORMATIONAL response 1 [ ]
Aug 5 09:29:47 host charon: 07[NET] sending packet: from 192.168.1.91[4500] to IP.IP.IP.IP[4500] (80 bytes)
11 h 32
Aug 5 09:29:57 host charon: 11[NET] received packet: from IP.IP.IP.IP[4500] to 192.168.1.91[4500] (80 bytes)
Aug 5 09:29:57 host charon: 11[ENC] parsed INFORMATIONAL request 2 [ ]
Aug 5 09:29:57 host charon: 11[ENC] generating INFORMATIONAL response 2 [ ]
Aug 5 09:29:57 host charon: 11[NET] sending packet: from 192.168.1.91[4500] to IP.IP.IP.IP[4500] (80 bytes)
Aug 5 09:30:01 host CRON[6215]: (root) CMD ([ -x /etc/init.d/anacron ] && if [ ! -d /run/systemd/system ]; then /usr/sbin/invoke-rc.d anacron start >/dev/null; fi)
Aug 5 09:30:03 host kernel: [ 788.053584] BUG: scheduling while atomic: swapper/0/0/0x00000102
Aug 5 09:30:03 host kernel: [ 788.059829] Modules linked in: des_generic libdes fuse lzo_rle lzo_compress zram ramoops reed_solomon loop nvgpu snd_soc_tegra210_ope snd_soc_tegra186_asrc snd_soc_tegra186_dspk snd_soc_tegra210_iqc snd_soc_tegra210_mvc snd_soc_tegra186_arad snd_soc_tegra210_afc aes_ce_blk crypto_simd snd_soc_tegra210_dmic snd_soc_tegra210_adx snd_soc_tegra210_amx cryptd snd_soc_tegra210_mixer snd_soc_tegra210_admaif snd_soc_tegra210_i2s aes_ce_cipher snd_soc_tegra210_sfc snd_soc_tegra_pcm ghash_ce r8168 sha2_ce sha256_arm64 sha1_ce option usb_wwan usbserial snd_soc_tegra210_adsp snd_soc_tegra_machine_driver snd_soc_tegra_utils snd_soc_simple_card_utils snd_soc_spdif_tx snd_hda_codec_hdmi pwm_fan snd_hda_tegra nvadsp snd_hda_codec userspace_alert snd_hda_core tegra210_adma tegra_bpmp_thermal snd_soc_tegra210_ahub lan743x ina3221 r8169 nv_imx219 spi_tegra114 realtek binfmt_misc nvmap ip_tables [last unloaded: mtd]
Aug 5 09:30:03 host kernel: [ 788.060139] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.104-tegra #6
Aug 5 09:30:03 host kernel: [ 788.060143] Hardware name: Unknown NVIDIA Orin Nano Developer Kit/NVIDIA Orin Nano Developer Kit, BIOS 3.1-32827747 03/19/2023
Aug 5 09:30:03 host kernel: [ 788.060148] Call trace:
Aug 5 09:30:03 host kernel: [ 788.060172] dump_backtrace+0x0/0x1d0
Aug 5 09:30:03 host kernel: [ 788.060193] show_stack+0x30/0x40
Aug 5 09:30:03 host kernel: [ 788.060212] dump_stack+0xd8/0x138
Aug 5 09:30:03 host kernel: [ 788.060223] __schedule_bug+0x78/0x90
Aug 5 09:30:03 host kernel: [ 788.060240] __schedule+0x844/0x910
Aug 5 09:30:03 host kernel: [ 788.060244] schedule+0x78/0x110
Aug 5 09:30:03 host kernel: [ 788.060252] schedule_timeout+0x184/0x340
Aug 5 09:30:03 host kernel: [ 788.060256] wait_for_completion_timeout+0x8c/0x110
Aug 5 09:30:03 host kernel: [ 788.060265] tegra_bpmp_transfer+0x198/0x370
Aug 5 09:30:03 host kernel: [ 788.060272] tegra23x_icc_set+0x23c/0x640
Aug 5 09:30:03 host kernel: [ 788.060277] apply_constraints+0x80/0xc0
Aug 5 09:30:03 host kernel: [ 788.060281] icc_set_bw+0xbc/0x2d0
Aug 5 09:30:03 host kernel: [ 788.060288] nvhost_set_emc_rate+0x88/0x120
Aug 5 09:30:03 host kernel: [ 788.060291] nvhost_module_update_rate+0x208/0x360
Aug 5 09:30:03 host kernel: [ 788.060296] nvhost_module_runtime_resume+0x174/0x210
Aug 5 09:30:03 host kernel: [ 788.060304] pm_generic_runtime_resume+0x40/0x60
Aug 5 09:30:03 host kernel: [ 788.060309] __rpm_callback+0xd0/0x1a0
Aug 5 09:30:03 host kernel: [ 788.060315] rpm_callback+0x38/0xa0
Aug 5 09:30:03 host kernel: [ 788.060321] rpm_resume+0x564/0x750
Aug 5 09:30:03 host kernel: [ 788.060326] __pm_runtime_resume+0x44/0x90
Aug 5 09:30:03 host kernel: [ 788.060329] nvhost_module_busy+0x5c/0x150
Aug 5 09:30:03 host kernel: [ 788.060335] tegra_se_channel_submit_gather.isra.0+0x6c/0x440
Aug 5 09:30:03 host kernel: [ 788.060340] tegra_se_sha_process_buf+0x628/0x890
Aug 5 09:30:03 host kernel: [ 788.060343] tegra_se_sha_op+0x244/0x400
Aug 5 09:30:03 host kernel: [ 788.060347] tegra_se_sha_digest+0x6c/0xb0
Aug 5 09:30:03 host kernel: [ 788.060353] crypto_ahash_op+0x44/0xa0
Aug 5 09:30:03 host kernel: [ 788.060357] crypto_ahash_digest+0x34/0x50
Aug 5 09:30:03 host kernel: [ 788.060364] crypto_authenc_decrypt+0x90/0xb0
Aug 5 09:30:03 host kernel: [ 788.060370] crypto_aead_decrypt+0x48/0x70
Aug 5 09:30:03 host kernel: [ 788.060374] echainiv_decrypt+0x88/0xa0