Hi Jamie, > Server is Ubuntu 17, Client LEDE trunk. Authentication happens, but I think > client and server cannot agree on an algorithm?
They do, but the chosen algorithm (probably AES-GCM) apparently is not supported by the client's kernel: > 16[KNL] received netlink error: Function not implemented (89) > 16[KNL] unable to add SAD entry with SPI c09ec43d (FAILED) > 16[KNL] received netlink error: Function not implemented (89) > 16[KNL] unable to add SAD entry with SPI ca9fa951 (FAILED) Either change the kernel or include a supported algorithm in the ESP proposal (e.g. esp=aes256gcm16-aes256-sha256! on the server and esp=aes256-sha256! on the client to use AES in CBC mode). Regards, Tobias