Hi Neale, I had not added a proper reverse route (from VPP to SS). After adding the route, traffic started working fine. Also, the crash was not seen any more after testing multiple times with reset SA and sending data traffic.
On Mon, Nov 9, 2020 at 3:49 PM Neale Ranns (nranns) <nra...@cisco.com> wrote: > > > Hi Vijay, > > > > *From: *vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> > *Date: *Thursday, 5 November 2020 at 16:54 > *To: *vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> > *Subject: *[vpp-dev] Facing issue in IPSEC data traffic after SA is setup > successfully > > Hi, > > > > I have set up IPSEC SA successfully b/w the Strongswan (initiator) and the > VPP IPSec (responder). > > > > After SA is established, at VPP I am seeing a new virtual interface > "ipip0" being created. > > > > The fd.io wiki page says we need to add a route to the initiator network > and bind this virtual interface to the physical interface in order to send > out the packet. When I do the below, the VPP process crashes (version and > route commands pasted below) > > > > Does anyone know this issue? Any suggestions about how to get the data > traffic running successfully > > > > > > vpp# show version > vpp v21.01-rc0~324-g62877029a built by root on ubuntu-10-37-3-75 at > 2020-10-30T11:10:45 > > before executing these commands please collect: > > sh ip fib 10.75.1.20/32 > > sh ipip tunnel 0 > > > > vpp# set interface state ipip0 up > vpp# ip route add 10.75.1.20/32 via ipip0 > vpp# set interface unnumbered ipip0 use GigabitEthernetb/0/0 > > > > > > and from the crash please collect the backtrace. > > > > /neale > > > > > > Regards, > > Vijay >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17970): https://lists.fd.io/g/vpp-dev/message/17970 Mute This Topic: https://lists.fd.io/mt/78054018/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
