Hi, I have an IPSec tunnel over a pair of veth interfaces that seems to work fine with pings but doesnt work when sending traffic, the traffic comes from the physical NIC into VPP to be sent over IPSec.
This is the output for # show errors 4071630 esp4-encrypt-tun ESP pkts received error When I put a trace, I see the packets being dropped and the error counter increasing Packet 7 02:01:20:705376: af-packet-input af_packet: hw_if_index 2 next-index 4 tpacket2_hdr: status 0x20000001 len 118 snaplen 118 mac 66 net 80 sec 0x619cf4c0 nsec 0x19a129d7 vlan 0 vlan_tpid 0 02:01:20:705381: ethernet-input IP4: 02:fe:52:e8:ea:da -> 02:fe:55:f3:2d:af 02:01:20:705384: ip4-input UDP: 192.168.50.2 -> 192.168.50.1 tos 0x00, ttl 254, length 104, checksum 0xd730 dscp CS0 ecn NON_ECN fragment id 0x0000 UDP: 500 -> 500 length 84, checksum 0x0000 02:01:20:705388: ip4-lookup fib 0 dpo-idx 8 flow hash: 0x00000000 UDP: 192.168.50.2 -> 192.168.50.1 tos 0x00, ttl 254, length 104, checksum 0xd730 dscp CS0 ecn NON_ECN fragment id 0x0000 UDP: 500 -> 500 length 84, checksum 0x0000 02:01:20:705389: ip4-local UDP: 192.168.50.2 -> 192.168.50.1 tos 0x00, ttl 254, length 104, checksum 0xd730 dscp CS0 ecn NON_ECN fragment id 0x0000 UDP: 500 -> 500 length 84, checksum 0x0000 02:01:20:705392: ip4-udp-lookup UDP: src-port 500 dst-port 500 02:01:20:705393: ikev2-ip4 ikev2: sw_if_index 2, next index 1 02:01:20:705402: error-drop rx:host-veth0 02:01:20:705403: drop ip4-udp-lookup: No error Any idea?
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#20532): https://lists.fd.io/g/vpp-dev/message/20532 Mute This Topic: https://lists.fd.io/mt/87258890/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
