I have an Nvidia Jetson Orin Nano with Linux for Tegra kernel 5.12.I'm trying to use Strongswan which requires some modules to be set, which I did.
However, it seems that it is missing other kernel modules for Crypto operations, I'm not much familiar with Linux Kernels, so here are the logs, do you have an idea of what's going on:
Aug 5 09:29:36 host charon: 14[CFG] selected proposal: ESP:AES_GCM_16_128/NO_EXT_SEQAug 5 09:29:36 host charon: 14[KNL] received netlink error: Function not implemented (38)Aug 5 09:29:36 host charon: 14[KNL] unable to add SAD entry with SPI cd0f6388 (FAILED)Aug 5 09:29:36 host charon: 14[KNL] received netlink error: Function not implemented (38)Aug 5 09:29:36 host charon: 14[KNL] unable to add SAD entry with SPI c52b8fc2 (FAILED)Aug 5 09:29:36 host charon: 14[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernelAug 5 09:22:41 host systemd[1]: snapd.service: Succeeded.Aug 5 09:22:50 host systemd-timesyncd[323]: Timed out waiting for reply from 82.64.84.116:123 (0.pool.ntp.org).Aug 5 09:27:19 host systemd-timesyncd[323]: Initial synchronization to time server 151.80.168.4:123 (0.pool.ntp.org).Aug 5 09:27:35 host systemd[1]: systemd-timedated.service: Succeeded.Aug 5 09:28:46 host dbus-daemon[1418]: [session uid=1000 pid=1418] Activating via systemd: service name='org.freedesktop.Tracker1' unit='tracker-store.service' requested by ':1.3' (uid=1000 pid=1414 comm="/usr/libexec/tracker-miner-fs " label="kernel")Aug 5 09:28:46 host systemd[1260]: Starting Tracker metadata database store and lookup manager...Aug 5 09:28:46 host dbus-daemon[1418]: [session uid=1000 pid=1418] Successfully activated service 'org.freedesktop.Tracker1'Aug 5 09:28:46 host systemd[1260]: Started Tracker metadata database store and lookup manager.Aug 5 09:29:16 host tracker-store[6111]: OKAug 5 09:29:16 host systemd[1260]: tracker-store.service: Succeeded.Stopping strongSwan IPsec...Aug 5 09:29:34 host charon: 00[DMN] signal of type SIGINT received. Shutting downAug 5 09:29:34 host ipsec[3120]: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.2, Linux 5.10.104-tegra, aarch64)Aug 5 09:29:34 host ipsec[3120]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'Aug 5 09:29:34 host ipsec[3120]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'Aug 5 09:29:34 host ipsec[3120]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'Aug 5 09:29:34 host ipsec[3120]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'Aug 5 09:29:34 host ipsec[3120]: 00[CFG] loading crls from '/etc/ipsec.d/crls'Aug 5 09:29:34 host ipsec[3120]: 00[CFG] loading secrets from '/etc/ipsec.secrets'Aug 5 09:29:34 host ipsec[3120]: 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke vici updown eap-mschapv2 xauth-generic countersAug 5 09:29:34 host ipsec[3120]: 00[LIB] dropped capabilities, running as uid 0, gid 0Aug 5 09:29:34 host ipsec[3120]: 00[JOB] spawning 16 worker threadsAug 5 09:29:34 host ipsec[3120]: 00[DMN] executing start script 'load-all' (/usr/sbin/swanctl --load-all)Aug 5 09:29:34 host ipsec[3120]: 15[CFG] loaded IKE shared key with id 'ike-nvidiajetsondevice' for: '42b8529e-32ab-11ee-8ea1-2cf7f120e9f2@username.fff', 'distanthost@username.fff'Aug 5 09:29:34 host ipsec[3120]: 08[CFG] added vici connection: nvidiajetsondevice-to-distanthostAug 5 09:29:34 host ipsec[3120]: 08[CFG] initiating 'nvidiajetsondevice'Aug 5 09:29:34 host ipsec[3120]: 08[IKE] initiating IKE_SA nvidiajetsondevice-to-distanthost[1] to IP.IP.IP.IPAug 5 09:29:34 host ipsec[3120]: 08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]Aug 5 09:29:34 host ipsec[3120]: 08[NET] sending packet: from 192.168.1.91[500] to IP.IP.IP.IP[500] (992 bytes)Aug 5 09:29:34 host ipsec[3120]: 00[DMN] load-all: loaded ike secret 'ike-nvidiajetsondevice'Aug 5 09:29:34 host ipsec[3120]: 00[DMN] load-all: loaded connection 'nvidiajetsondevice-to-distanthost'Aug 5 09:29:34 host ipsec[3120]: 00[DMN] load-all: successfully loaded 1 connections, 0 unloadedAug 5 09:29:34 host ipsec[3120]: 13[IKE] retransmit 1 of request with message ID 0Aug 5 09:29:34 host ipsec[3120]: 13[NET] sending packet: from 192.168.1.91[500] to IP.IP.IP.IP[500] (992 bytes)Aug 5 09:29:34 host ipsec[3120]: 14[IKE] retransmit 2 of request with message ID 0Aug 5 09:29:34 host ipsec[3120]: 14[NET] sending packet: from 192.168.1.91[500] to IP.IP.IP.IP[500] (992 bytes)Aug 5 09:29:34 host ipsec[3120]: 16[IKE] retransmit 3 of request with message ID 0Aug 5 09:29:34 host ipsec[3120]: 16[NET] sending packet: from 192.168.1.91[500] to IP.IP.IP.IP[500] (992 bytes)Aug 5 09:29:34 host ipsec[3120]: 15[IKE] retransmit 4 of request with message ID 0Aug 5 09:29:34 host ipsec[3120]: 15[NET] sending packet: from 192.168.1.91[500] to IP.IP.IP.IP[500] (992 bytes)Aug 5 09:29:34 host ipsec[3120]: 05[IKE] retransmit 5 of request with message ID 0Aug 5 09:29:34 host ipsec[3120]: 05[NET] sending packet: from 192.168.1.91[500] to IP.IP.IP.IP[500] (992 bytes)Aug 5 09:29:34 host ipsec[3120]: 06[IKE] giving up after 5 retransmitsAug 5 09:29:34 host ipsec[3120]: 06[IKE] establishing IKE_SA failed, peer not respondingAug 5 09:29:34 host ipsec[3120]: 00[DMN] signal of type SIGINT received. Shutting downAug 5 09:29:34 host ipsec[3107]: charon stopped after 200 msAug 5 09:29:34 host ipsec[3107]: ipsec starter stoppedAug 5 09:29:34 host systemd[1]: strongswan-starter.service: Succeeded.Starting strongSwan 5.8.2 IPsec [starter]...IPsec service has been restarted.Aug 5 09:29:36 host charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.2, Linux 5.10.104-tegra, aarch64)Aug 5 09:29:36 host charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'Aug 5 09:29:36 host charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'Aug 5 09:29:36 host charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'Aug 5 09:29:36 host charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'Aug 5 09:29:36 host charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'Aug 5 09:29:36 host charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'Aug 5 09:29:36 host charon: 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke vici updown eap-mschapv2 xauth-generic countersAug 5 09:29:36 host charon: 00[LIB] dropped capabilities, running as uid 0, gid 0Aug 5 09:29:36 host charon: 00[JOB] spawning 16 worker threadsAug 5 09:29:36 host charon: 00[DMN] executing start script 'load-all' (/usr/sbin/swanctl --load-all)Aug 5 09:29:36 host charon: 01[CFG] loaded IKE shared key with id 'ike-nvidiajetsondevice' for: '42b8529e-32ab-11ee-8ea1-2cf7f120e9f2@username.fff', 'distanthost@username.fff'Aug 5 09:29:36 host charon: 09[CFG] added vici connection: nvidiajetsondevice-to-distanthostAug 5 09:29:36 host charon: 09[CFG] initiating 'nvidiajetsondevice'Aug 5 09:29:36 host charon: 09[IKE] initiating IKE_SA nvidiajetsondevice-to-distanthost[1] to IP.IP.IP.IPAug 5 09:29:36 host charon: 09[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]Aug 5 09:29:36 host charon: 09[NET] sending packet: from 192.168.1.91[500] to IP.IP.IP.IP[500] (992 bytes)Aug 5 09:29:36 host charon: 00[DMN] load-all: loaded ike secret 'ike-nvidiajetsondevice'Aug 5 09:29:36 host charon: 00[DMN] load-all: loaded connection 'nvidiajetsondevice-to-distanthost'Aug 5 09:29:36 host charon: 00[DMN] load-all: successfully loaded 1 connections, 0 unloadedAug 5 09:29:36 host charon: 13[NET] received packet: from IP.IP.IP.IP[500] to 192.168.1.91[500] (280 bytes)Aug 5 09:29:36 host charon: 13[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]Aug 5 09:29:36 host charon: 13[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256Aug 5 09:29:36 host charon: 13[IKE] local host is behind NAT, sending keep alivesAug 5 09:29:36 host charon: 13[IKE] remote host is behind NATAug 5 09:29:36 host charon: 13[IKE] authentication of '42b8529e-32ab-11ee-8ea1-2cf7f120e9f2@username.fff' (myself) with pre-shared keyAug 5 09:29:36 host charon: 13[IKE] establishing CHILD_SA nvidiajetsondevice{1}Aug 5 09:29:36 host charon: 13[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CPRQ(ADDR DNS) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]Aug 5 09:29:36 host charon: 13[NET] sending packet: from 192.168.1.91[4500] to IP.IP.IP.IP[4500] (512 bytes)Aug 5 09:29:36 host charon: 14[NET] received packet: from IP.IP.IP.IP[4500] to 192.168.1.91[4500] (240 bytes)Aug 5 09:29:36 host charon: 14[ENC] parsed IKE_AUTH response 1 [ IDr AUTH CPRP(ADDR) SA TSi TSr ]Aug 5 09:29:36 host charon: 14[IKE] authentication of 'distanthost@username.fff' with pre-shared key successfulAug 5 09:29:36 host charon: 14[IKE] IKE_SA nvidiajetsondevice-to-distanthost[1] established between 192.168.1.91[42b8529e-32ab-11ee-8ea1-2cf7f120e9f2@username.fff]...IP.IP.IP.IP[distanthost@username.fff]Aug 5 09:29:36 host charon: 14[IKE] scheduling rekeying in 27166sAug 5 09:29:36 host charon: 14[IKE] maximum IKE_SA lifetime 30046sAug 5 09:29:36 host charon: 14[IKE] installing new virtual IP 10.10.0.122Aug 5 09:29:36 host charon: 14[CFG] selected proposal: ESP:AES_GCM_16_128/NO_EXT_SEQ11 h 32Aug 5 09:29:36 host charon: 14[KNL] received netlink error: Function not implemented (38)Aug 5 09:29:36 host charon: 14[KNL] unable to add SAD entry with SPI cd0f6388 (FAILED)Aug 5 09:29:36 host charon: 14[KNL] received netlink error: Function not implemented (38)Aug 5 09:29:36 host charon: 14[KNL] unable to add SAD entry with SPI c52b8fc2 (FAILED)Aug 5 09:29:36 host charon: 14[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernelAug 5 09:29:36 host charon: 14[IKE] failed to establish CHILD_SA, keeping IKE_SAAug 5 09:29:36 host charon: 14[IKE] sending DELETE for ESP CHILD_SA with SPI cd0f6388Aug 5 09:29:36 host charon: 14[ENC] generating INFORMATIONAL request 2 [ D ]Aug 5 09:29:36 host charon: 14[NET] sending packet: from 192.168.1.91[4500] to IP.IP.IP.IP[4500] (80 bytes)Aug 5 09:29:36 host charon: 05[NET] received packet: from IP.IP.IP.IP[4500] to 192.168.1.91[4500] (80 bytes)Aug 5 09:29:36 host charon: 05[ENC] parsed INFORMATIONAL response 2 [ D ]Aug 5 09:29:36 host charon: 05[KNL] deleting policy 10.10.0.0/16 === 10.10.0.122/32 in failed, not foundAug 5 09:29:36 host charon: 05[KNL] deleting policy 10.10.0.0/16 === 10.10.0.122/32 fwd failed, not foundAug 5 09:29:36 host charon: 08[NET] received packet: from IP.IP.IP.IP[4500] to 192.168.1.91[4500] (320 bytes)Aug 5 09:29:36 host charon: 08[ENC] parsed CREATE_CHILD_SA request 0 [ SA No TSi TSr ]Aug 5 09:29:36 host charon: 08[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQAug 5 09:29:37 host charon: 08[IKE] CHILD_SA nvidiajetsondevice{2} established with SPIs ceab2e30_i c60f633a_o and TS 10.10.0.122/32 === 10.10.0.0/16Aug 5 09:29:37 host systemd-networkd[593]: username-mgmt: Link UPAug 5 09:29:37 host systemd-networkd[593]: username-mgmt: Gained carrierAug 5 09:29:37 host charon: 09[KNL] interface username-mgmt activatedAug 5 09:29:37 host systemd-networkd[593]: username-mgmt: Gained IPv6LLAug 5 09:29:37 host charon: 11[KNL] fe80::4caf:4fed:7dd4:231a appeared on username-mgmtAug 5 09:29:37 host username-mngmnt-vpn is up, setting up.....: 14Aug 5 09:29:37 host charon: 08[CHD] updown: iptables v1.8.4 (nf_tables): Couldn't load match `comment':No such file or directoryAug 5 09:29:37 host charon: 08[CHD] updown:Aug 5 09:29:37 host charon: 08[CHD] updown: Try `iptables -h' or 'iptables --help' for more information.Aug 5 09:29:37 host charon: 08[CHD] updown: iptables v1.8.4 (nf_tables): unknown option "--to-source"Aug 5 09:29:37 host charon: 08[CHD] updown: Try `iptables -h' or 'iptables --help' for more information.Aug 5 09:29:37 host charon: 08[CHD] updown: iptables: Bad rule (does a matching rule exist in that chain?).Aug 5 09:29:37 host charon: message repeated 2 times: [ 08[CHD] updown: iptables: Bad rule (does a matching rule exist in that chain?).]Aug 5 09:29:37 host charon: 08[CHD] updown: iptables v1.8.4 (nf_tables): CHAIN_ADD failed (No such file or directory): chain PREROUTINGAug 5 09:29:37 host charon: 08[CHD] updown: iptables v1.8.4 (nf_tables): Couldn't load match `comment':No such file or directoryAug 5 09:29:37 host charon: 08[CHD] updown:Aug 5 09:29:37 host charon: 08[CHD] updown: Try `iptables -h' or 'iptables --help' for more information.Aug 5 09:29:37 host charon: 08[CHD] updown: iptables v1.8.4 (nf_tables): unknown option "--to-source"Aug 5 09:29:37 host charon: 08[CHD] updown: Try `iptables -h' or 'iptables --help' for more information.Aug 5 09:29:37 host charon: 08[CHD] updown: iptables: No chain/target/match by that name.Aug 5 09:29:37 host charon: 08[CHD] updown: iptables v1.8.4 (nf_tables): RULE_APPEND failed (No such file or directory): rule in chain FORWARDAug 5 09:29:37 host charon: 08[CHD] updown: iptables v1.8.4 (nf_tables): RULE_APPEND failed (No such file or directory): rule in chain FORWARDAug 5 09:29:37 host charon: 08[ENC] generating CREATE_CHILD_SA response 0 [ SA No TSi TSr ]Aug 5 09:29:37 host charon: 08[NET] sending packet: from 192.168.1.91[4500] to IP.IP.IP.IP[4500] (208 bytes)Aug 5 09:29:47 host charon: 07[NET] received packet: from IP.IP.IP.IP[4500] to 192.168.1.91[4500] (80 bytes)Aug 5 09:29:47 host charon: 07[ENC] parsed INFORMATIONAL request 1 [ ]Aug 5 09:29:47 host charon: 07[ENC] generating INFORMATIONAL response 1 [ ]Aug 5 09:29:47 host charon: 07[NET] sending packet: from 192.168.1.91[4500] to IP.IP.IP.IP[4500] (80 bytes)11 h 32Aug 5 09:29:57 host charon: 11[NET] received packet: from IP.IP.IP.IP[4500] to 192.168.1.91[4500] (80 bytes)Aug 5 09:29:57 host charon: 11[ENC] parsed INFORMATIONAL request 2 [ ]Aug 5 09:29:57 host charon: 11[ENC] generating INFORMATIONAL response 2 [ ]Aug 5 09:29:57 host charon: 11[NET] sending packet: from 192.168.1.91[4500] to IP.IP.IP.IP[4500] (80 bytes)Aug 5 09:30:01 host CRON[6215]: (root) CMD ([ -x /etc/init.d/anacron ] && if [ ! -d /run/systemd/system ]; then /usr/sbin/invoke-rc.d anacron start >/dev/null; fi)Aug 5 09:30:03 host kernel: [ 788.053584] BUG: scheduling while atomic: swapper/0/0/0x00000102Aug 5 09:30:03 host kernel: [ 788.059829] Modules linked in: des_generic libdes fuse lzo_rle lzo_compress zram ramoops reed_solomon loop nvgpu snd_soc_tegra210_ope snd_soc_tegra186_asrc snd_soc_tegra186_dspk snd_soc_tegra210_iqc snd_soc_tegra210_mvc snd_soc_tegra186_arad snd_soc_tegra210_afc aes_ce_blk crypto_simd snd_soc_tegra210_dmic snd_soc_tegra210_adx snd_soc_tegra210_amx cryptd snd_soc_tegra210_mixer snd_soc_tegra210_admaif snd_soc_tegra210_i2s aes_ce_cipher snd_soc_tegra210_sfc snd_soc_tegra_pcm ghash_ce r8168 sha2_ce sha256_arm64 sha1_ce option usb_wwan usbserial snd_soc_tegra210_adsp snd_soc_tegra_machine_driver snd_soc_tegra_utils snd_soc_simple_card_utils snd_soc_spdif_tx snd_hda_codec_hdmi pwm_fan snd_hda_tegra nvadsp snd_hda_codec userspace_alert snd_hda_core tegra210_adma tegra_bpmp_thermal snd_soc_tegra210_ahub lan743x ina3221 r8169 nv_imx219 spi_tegra114 realtek binfmt_misc nvmap ip_tables [last unloaded: mtd]Aug 5 09:30:03 host kernel: [ 788.060139] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.104-tegra #6Aug 5 09:30:03 host kernel: [ 788.060143] Hardware name: Unknown NVIDIA Orin Nano Developer Kit/NVIDIA Orin Nano Developer Kit, BIOS 3.1-32827747 03/19/2023Aug 5 09:30:03 host kernel: [ 788.060148] Call trace:Aug 5 09:30:03 host kernel: [ 788.060172] dump_backtrace+0x0/0x1d0Aug 5 09:30:03 host kernel: [ 788.060193] show_stack+0x30/0x40Aug 5 09:30:03 host kernel: [ 788.060212] dump_stack+0xd8/0x138Aug 5 09:30:03 host kernel: [ 788.060223] __schedule_bug+0x78/0x90Aug 5 09:30:03 host kernel: [ 788.060240] __schedule+0x844/0x910Aug 5 09:30:03 host kernel: [ 788.060244] schedule+0x78/0x110Aug 5 09:30:03 host kernel: [ 788.060252] schedule_timeout+0x184/0x340Aug 5 09:30:03 host kernel: [ 788.060256] wait_for_completion_timeout+0x8c/0x110Aug 5 09:30:03 host kernel: [ 788.060265] tegra_bpmp_transfer+0x198/0x370Aug 5 09:30:03 host kernel: [ 788.060272] tegra23x_icc_set+0x23c/0x640Aug 5 09:30:03 host kernel: [ 788.060277] apply_constraints+0x80/0xc0Aug 5 09:30:03 host kernel: [ 788.060281] icc_set_bw+0xbc/0x2d0Aug 5 09:30:03 host kernel: [ 788.060288] nvhost_set_emc_rate+0x88/0x120Aug 5 09:30:03 host kernel: [ 788.060291] nvhost_module_update_rate+0x208/0x360Aug 5 09:30:03 host kernel: [ 788.060296] nvhost_module_runtime_resume+0x174/0x210Aug 5 09:30:03 host kernel: [ 788.060304] pm_generic_runtime_resume+0x40/0x60Aug 5 09:30:03 host kernel: [ 788.060309] __rpm_callback+0xd0/0x1a0Aug 5 09:30:03 host kernel: [ 788.060315] rpm_callback+0x38/0xa0Aug 5 09:30:03 host kernel: [ 788.060321] rpm_resume+0x564/0x750Aug 5 09:30:03 host kernel: [ 788.060326] __pm_runtime_resume+0x44/0x90Aug 5 09:30:03 host kernel: [ 788.060329] nvhost_module_busy+0x5c/0x150Aug 5 09:30:03 host kernel: [ 788.060335] tegra_se_channel_submit_gather.isra.0+0x6c/0x440Aug 5 09:30:03 host kernel: [ 788.060340] tegra_se_sha_process_buf+0x628/0x890Aug 5 09:30:03 host kernel: [ 788.060343] tegra_se_sha_op+0x244/0x400Aug 5 09:30:03 host kernel: [ 788.060347] tegra_se_sha_digest+0x6c/0xb0Aug 5 09:30:03 host kernel: [ 788.060353] crypto_ahash_op+0x44/0xa0Aug 5 09:30:03 host kernel: [ 788.060357] crypto_ahash_digest+0x34/0x50Aug 5 09:30:03 host kernel: [ 788.060364] crypto_authenc_decrypt+0x90/0xb0Aug 5 09:30:03 host kernel: [ 788.060370] crypto_aead_decrypt+0x48/0x70Aug 5 09:30:03 host kernel: [ 788.060374] echainiv_decrypt+0x88/0xa0