Hi,
I am using VPP21.06.
I have successfully created an IPSec tunnel between VPP and a Strong Swan peer.
Packets from VPP are going into ESP towards the peer, the peer is
responding back with ESP as well (inner cleartext packets are ICMP)
Now then, I have a node of my own which is sitting on the ip4-unicast
arc and has a runs before clause like thus --
.runs_before = VNET_FEATURES ("ip4-lookup")
I am expecting that when the ESP packet lands at VPP, it will undergo
decryption and the inner IP packet would go again to ip4-input and
from there hit my node on the ip4-unicast arc. However this does not
happen. It appears that the packet is going to ip4-lookup bypassing my
node.
So the question is how do I get the decrypted inner packet on ESP to my node.
Regards
-Prashant
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20076): https://lists.fd.io/g/vpp-dev/message/20076
Mute This Topic: https://lists.fd.io/mt/85408250/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
