-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker Swarm encrypted overlay network don't work with current Debian kernel 5.10.103-1 #43359
Comments
the following kernel patch will fix this issue in the propably next stable release: https://lore.kernel.org/netdev/20220307082245.GA1791239@gauss3.secunet.de/T/ so this issue can be closed thereafter ... |
We have the same issue. Our setup: |
Thank you for the info, grichner. |
Has someone already tested / can confirm, that this fix had been included in any of the newer ubuntu focal kernel 5.4.0 releases? Thank you very much & Kind regards
|
Hi @anpieber Kernel rollback have been applied for fedora/coreos (as seen here: coreos/fedora-coreos-tracker#1111) so I suspect ubuntu will do the same... |
My info on kernel update is: |
I can confirm, it doesn't work on 5.4.0-109-generic either. |
For ubuntu focal, the fix is currently planned for kernel version 5.4.0-110 See here |
Hello, I just downloaded version 5.4.0-110-generic for Ubuntu 20.04 and it doesn't fix the communication issue on encrypted overlay networks. |
I may be wrong, but as far as i can see here, the 5.4.0-110-generic is not yet released (status: proposed). |
It works, when I use Ubuntu 20.04 through |
the ESP fix is in 5.10.108:
|
For us, networking in a Hetzner swarm did not work with linux-image-5.4.0-117-generic, but worked with linux-image-5.4.0-113-generic. Is the patch already merged? |
Any update? I use Hetzner and Ubuntu 20.04. I've updated my kernel to 5.15.0-86-generic. When I turn on the encrypted option, everything stops working. |
if your kernel creation date is newer than
if your kernel is newer than this it should work... |
Description
After upgrade Kernel from 5.10.0-11-amd64 #1 SMP Debian 5.10.92-2 to 5.10.0-12-amd64 #1 SMP Debian 5.10.103-1 the encrypted
overlay network bewteen the nodes ends in error.
Steps to reproduce the issue:
Describe the results you received:
Mar 10 14:18:31 srv01 dockerd[1297]: time="2022-03-10T14:18:31.277303894+01:00" level=warning msg="Failed Adding rSA{Dst: 10.55.2.11, Src: 10.55.2.10, Proto: esp, Mode: transport, SPI: 0xd457eb22, ReqID: 0xd0c4e3, ReplayWindow: 0, Mark: , OutputMark: 0, Ifid: 0, Auth: , Crypt: , Aead: {Name: rfc4106(gcm(aes)), Key: , ICV length: 64}, Encap: , ESN: false}: invalid argument"
Mar 10 14:18:31 srv01 dockerd[1297]: time="2022-03-10T14:18:31.277371111+01:00" level=warning msg="Failed Adding fSA{Dst: 10.55.2.10, Src: 10.55.2.11, Proto: esp, Mode: transport, SPI: 0x29ad0c9a, ReqID: 0xd0c4e3, ReplayWindow: 0, Mark: , OutputMark: 0, Ifid: 0, Auth: , Crypt: , Aead: {Name: rfc4106(gcm(aes)), Key: , ICV length: 64}, Encap: , ESN: false}: invalid argument."
Mar 10 14:18:31 srv01 dockerd[1297]: time="2022-03-10T14:18:31.277415765+01:00" level=warning msg="Adding fSP{{Dst: 10.55.2.10/32, Src: 10.55.2.11/32, Proto: 17, DstPort: 4789, SrcPort: 0, Dir: dir out, Priority: 0, Index: 0, Action: allow, Ifindex: 0, Ifid: 0, Mark: (0xd0c4e3,0xffffffff), Tmpls: [{Dst: 10.55.2.10, Src: 10.55.2.11, Proto: esp, Mode: transport, Spi: 0x29ad0c9a, Reqid: 0xd0c4e3}]}}: invalid argument"
Describe the results you expected:
Additional information you deem important (e.g. issue happens only occasionally):
Output of
docker version
:Docker-ce 20.10.13
Additional environment details (AWS, VirtualBox, physical, etc.):
The text was updated successfully, but these errors were encountered: