Hi guys, My configuration about ipsec gre is shown below: Vpp1: create host-interface name eth2 mac 00:0c:29:f2:15:8b set interface state host-eth2 up set interface ip address host-eth2 10.0.0.1/24 create host-interface name eth1 mac 00:0c:29:f2:15:81 set interface state host-eth1 up set interface ip address host-eth1 20.0.0.1/24 ipsec sa add 10 spi 1001 esp crypto-alg aes-cbc-128 crypto-key 4a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 4339314b55523947594d6d3547666b45764e6a58 ipsec sa add 20 spi 1002 esp crypto-alg aes-cbc-128 crypto-key 5a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 5339314b55523947594d6d3547666b45764e6a58 create ipsec gre tunnel src 10.0.0.1 dst 10.0.0.2 local-sa 10 remote-sa 20 set interface ip address ipsec-gre0 100.1.1.1/24 set interface state ipsec-gre0 up ip route add 21.0.0.2/24 via ip4-address 100.1.1.2 interface ipsec-gre0
vpp2: create host-interface name eth2 mac 00:0c:29:e0:87:dd set interface state host-eth2 up set interface ip address host-eth2 10.0.0.2/24 create host-interface name eth3 mac 00:0c:29:e0:87:e7 set interface state host-eth3 up set interface ip address host-eth3 21.0.0.2/24 ipsec sa add 10 spi 1001 esp crypto-alg aes-cbc-128 crypto-key 4a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 4339314b55523947594d6d3547666b45764e6a58 ipsec sa add 20 spi 1002 esp crypto-alg aes-cbc-128 crypto-key 5a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 5339314b55523947594d6d3547666b45764e6a58 create ipsec gre tunnel src 10.0.0.2 dst 10.0.0.1 local-sa 20 remote-sa 10 set interface ip address ipsec-gre0 100.1.1.2/24 set interface state ipsec-gre0 up ip route add 20.0.0.1/24 via ip4-address 100.1.1.1 interface ipsec-gre0 The trace: Packet 3 00:03:19:325858: af-packet-input af_packet: hw_if_index 1 next-index 4 tpacket2_hdr: status 0x20000001 len 166 snaplen 166 mac 66 net 80 sec 0x5a72b5ef nsec 0x1a6aa25c vlan 0 00:03:19:325878: ethernet-input IP4: 00:0c:29:e0:87:dd -> 00:0c:29:f2:15:8b 00:03:19:325894: ip4-input IPSEC_ESP: 10.0.0.2 -> 10.0.0.1 tos 0x00, ttl 253, length 152, checksum 0xa931 fragment id 0x0000 00:03:19:325899: ip4-lookup fib 0 dpo-idx 6 flow hash: 0x00000000 IPSEC_ESP: 10.0.0.2 -> 10.0.0.1 tos 0x00, ttl 253, length 152, checksum 0xa931 fragment id 0x0000 00:03:19:325909: ip4-local IPSEC_ESP: 10.0.0.2 -> 10.0.0.1 tos 0x00, ttl 253, length 152, checksum 0xa931 fragment id 0x0000 00:03:19:325913: ip4-punt IPSEC_ESP: 10.0.0.2 -> 10.0.0.1 tos 0x00, ttl 253, length 152, checksum 0xa931 fragment id 0x0000 00:03:19:325920: error-punt ip4-input: unknown ip protocol Packet 4 How can I solve the problem? Thanks, Wtang
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev