On Sun, 30 Jul 2017 09:30:13 +0000 "M87tech [Jon]" <m87t...@gmail.com> wrote:
> Hi, > > I'm trying to get a dmvpn testbed up and running using privileged LXD > containers. > > So far I'm stuck with an error message that looks to be related to the > interfaces some how, the logs show its resolved the hub then waiting > for a link: > > 2017/07/30 09:17:22.84 NHRP: gre1: bound to eth0 > 2017/07/30 09:17:23.75 NHRP: VICI: Connected > 2017/07/30 09:17:23.75 NHRP: VICI: Message 5, 1 bytes > 2017/07/30 09:17:23.75 NHRP: VICI: Message 5, 1 bytes > 2017/07/30 09:17:23.75 NHRP: VICI: Message 5, 1 bytes > 2017/07/30 09:17:23.75 NHRP: VICI: Message 5, 1 bytes > 2017/07/30 09:17:23.75 NHRP: VICI: Message 1, 1 bytes > 2017/07/30 09:17:23.84 NHRP: [0x23e4f30] Resolving > 'hub6.wizznet.co.uk' 2017/07/30 09:17:23.84 NHRP: Netlink: Received > msg_type 28, msg_flags 0 2017/07/30 09:17:23.86 NHRP: [0x23e4f30] > Resolved with 1 results 2017/07/30 09:17:23.91 NHRP: NHS: Waiting > link for 51.15.49.245 2017/07/30 09:17:34.06 NHRP: Netlink-log: > Received msg_type 2, msg_flags 0 2017/07/30 09:17:34.06 NHRP: NHS: > Flush timer for 51.15.49.245 2017/07/30 09:17:34.08 NHRP: NHS: > Waiting link for 51.15.49.245 2017/07/30 09:17:36.08 NHRP: > vici_reconnect: failure connecting VICI socket: Connection refused VICI reconnect is unusual? Did you restart strongSwan? Is the strongSwan you are running patched with the required changes? Details on the above patches should be in frr's nhrpd/README.nhrp > 2017/07/30 09:17:38.08 NHRP: VICI: Connected > 2017/07/30 09:17:38.08 NHRP: VICI: Message 5, 1 bytes > 2017/07/30 09:17:38.08 NHRP: VICI: Message 5, 1 bytes > 2017/07/30 09:17:38.08 NHRP: VICI: Message 5, 1 bytes > 2017/07/30 09:17:38.08 NHRP: VICI: Message 5, 1 bytes > 2017/07/30 09:17:38.08 NHRP: VICI: Message 1, 1 bytes > 2017/07/30 09:17:44.72 NHRP: Netlink: Received msg_type 28, msg_flags > 0 > > Particular message "msg_type 28" keeps repeating on and on. That is pretty normal. > I don't see any TX traffic counters on interface gre1 > > after a tcpdump BGP packets are sourcing from eth0 which doesn't seem > right at all so it looks like nhrp isn't using the gre1 interface. > > I'm wondering if this is an issue with the fact that it is in a > container vs a normal machine or VM. > > the container is privileged and unconfined so has access to tunnel > interfaces (in theory!) > I don't see any ipsec packets on 500 or 4500 udp, not a peep. It > looks like its not even attempting to use the gre1 interface and thus > no ipsec? Just unencrypted bgp packets from eth0 with destination of > the hub. First thing happening should be the IKE SA being established. So if you don't see port 500/4500 traffic, then integration to strongSwan is not working right. > Any help or pointers would be much appreciated! Which strongSwan you have? Timo ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ opennhrp-devel mailing list opennhrp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
