I'm on ubuntu, and had ipsec gre tunnels working with ovs version 1.4, but recently upgraded to 1.10, and now my ipsec tunnels aren't working. Regular gre tunnels work fine. (I also tried ovs 2.0.1 built from source but I see the same behavior.)
The racoon logs imply the ipsec connection is working properly. In the ovs-vswitchd.log file I see errors like the following: 2013-12-27T21:41:26.907Z|00001|tunnel(miss_handler)|WARN|receive tunnel port not found (192.168.122.192->10.4.10.32, key=0, dp port=2, pkt mark=0) 2013-12-27T21:41:26.907Z|00002|ofproto_dpif_upcall(miss_handler)|INFO|received packet on unassociated datapath port 2 I've tried turning tunnel debugging on, and I see some other messages such as: port 2: nccvpn0 (ipsec_gre: 0.0.0.0->10.4.10.32, key=0, dp port=2, pkt mark=1, ttl=64) pre: arp,metadata=0,in_port=LOCAL,vlan_tci=0x0000,dl_src=1e:c8:1a:cc:7c:46,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.2.0.5,arp_tpa=10.2.0.2,arp_op=1,arp_sha=1e:c8:1a:cc:7c:46,arp_tha=00:00:00:00:00:00 post: pkt_mark=0x1,arp,tun_src=0.0.0.0,tun_dst=10.4.10.32,tun_tos=0,tun_ttl=64,df,metadata=0,in_port=LOCAL,vlan_tci=0x0000,dl_src=1e:c8:1a:cc:7c:46,dl_dst=ff:ff:ff:ff:ff:ff,arp_spa=10.2.0.5,arp_tpa=10.2.0.2,arp_op=1,arp_sha=1e:c8:1a:cc:7c:46,arp_tha=00:00:00:00:00:00 Looking at the git history of the tunnel code after v1.4, I see changes related to ipsec pkt mark, and given the log messages are showing different mark values for what should be the same tunnel, my guess is that's what's causing it to fail, but I'm not sure how to fix it. Any pointers how to get ipsec_gre working again? Thanks! Daniel
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
