Alternate workaround below as well as the potential cause: On Tue, 23 Oct 2018 at 11:47, Jason Tubnor <[email protected]> wrote:
> >Synopsis: iked(8) producing bad-ip-version 7 error with vxlan(4) > traffic > >Category: system > >Environment: > System : OpenBSD 6.4 > Details : OpenBSD 6.4 (GENERIC.MP) #364: Thu Oct 11 13:30:23 > MDT 2018 > [email protected]: > /usr/src/sys/arch/amd64/compile/GENERIC.MP > > Architecture: OpenBSD.amd64 > Machine : amd64 > > > >How-To-Repeat: > - Setup a simple P-t-P iked(8) link using public keying. > Something like: > > /etc/iked.conf > ikev2 active ipcomp esp from 192.168.1.2 to 192.168.1.1 \ > peer 192.168.1.1 srcid 192.168.1.2 > > - Initiate the link > - Create a vxlan(4) unicast tunnel across the link at both ends. > > /etc/hostname.vxlan32 > inet 10.1.1.2 255.255.255.252 10.1.1.3 > tunnel 192.168.1.2 192.168.1.1 vnetid 32 > up > > - Send packets across the tunnel. In my tests, simple ICMP > echo/reply didn't complete (dropped). > > >Fix: > Roll back to OpenBSD 6.3#11 > By removing ipcomp from both ends of the iked(8) tunnel, encapsulated traffic flows correctly again. So simply changing /etc/iked.conf to: ikev2 active esp from 192.168.1.2 to 192.168.1.1 \ peer 192.168.1.1 srcid 192.168.1.2 Fixed the issue on both 6.4-stable and 6.4-current. I'm not sure why ipcomp is the culprit here as there were no indications in the release notes, however, could be due to something else when the network stack was uplifted during development of 6.4. Cheers.
