Hello, I installed Ubuntu 16.04 on the hostB to check the behaviour between the two OSes.
The setup is the same as with two hosts running OpenSUSE: > >> > hostA: >> > >> > ovs-vsctl add-br secure >> > ip link set secure up >> > ip addr add 192.168.20.1/24 broadcast 192.168.20.255 dev secure >> > ovs-vsctl add-port secure gre3 -- set interface gre3 type=ipsec_gre >> > options:remote_ip=2.2.2.2 options:psk=secret >> > >> > hostB: >> > >> > ovs-vsctl add-br secure >> > ip link set secure up >> > ip addr add 192.168.20.2/24 broadcast 192.168.20.255 dev secure >> > ovs-vsctl add-port secure gre3 -- set interface gre3 type=ipsec_gre >> > options:remote_ip=1.1.1.1 options:psk=secret >> > >> > As mentioned, both sides manage to negotiate IPsec connection, set the interfaces up, etc. Now, when I ping from hostA to hostB, I can see ARP request going out the "secure" interface, through eth0 as an ESP packet, to eth0 on hostB, decyphered and arriving at "secure" on hostB. Then, there's an ARP reply from hostB, going through eth0 as ESP on hostB, arriving at eth0 on hostA. I can even see the response in ovs-dpctl dump-flows on hostA. However, nothing is received on the "secure" interface on hostA. Is there something I can do to debug further? Maybe there's a missing return flow rule that does not get automatically setup on OpenSUSE while it is on Ubuntu? Is there some known issue with the particular OVS/kernel versions that OpenSUSE runs (ovs 2.3.1, kernel 4.1.26-21)? Or maybe there's a mismatch between the OVS and kernel datapath module? OpenSUSE seems to ship the one from the kernel. Best regards, Bolesław Tokarski
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss