Ansis (added to this message) knows the most about IPsec. If he has the time for it, I imagine he can help you figure this out.
On Mon, Sep 09, 2019 at 09:20:40AM +0000, Benjamin wrote: > Hello everyone, > > I'm Benjamin, a french developer working at Vates (the editor of XCP-ng a > XenServer fork). > I've been working in the network area of XCP-ng in order to create a SDN > Controller controlling openvswitch on several hosts. > > Everything is working great as for now! > > I am using openvswitch v2.11.0. > However I'm trying to add IPSEC support into XCP-ng and I'm facing an issue. > > I've successfully installed libreswan version 3.26, and the > openvswitch-ipsec service from rhel and the python script ovs-monitor-ipsec. > I'm using Pre-Shared Key for IPSEC. > > When I attempt to create tunnels, everything seems to go smoothly: > - there's no error in ovs-vswitchd.log nor in ovs-monitor-ipsec.log > - ovs-appctl -t ovs-monitor-ipsec tunnels/show shows me the tunnels with > correct configurations and active connections. > > But there's no traffic passing on the tunnels created by openvswitch and > since there's no helpful log I don't know how to investigate the issue. > I hoped you could point me in the right direction. > > Here's what appears in ovs-vswitchd.log after tunnels creation: > > 2019-09-09T08:16:49.311Z|00018|tunnel(handler7)|WARN|receive tunnel port not > found > (pkt_mark=0x1,udp,tun_id=0x3,tun_src=192.168.5.28,tun_dst=192.168.5.27,tun_ipv6_src=::,tun_ipv6_dst=::,tun_gbp_id=0,tun_gbp_flags=0,tun_tos=0,tun_ttl=64,tun_flags=key,in_port=4,vlan_tci=0x0000,dl_src=b2:bc:3c:29:bd:fd,dl_dst=ff:ff:ff:ff:ff:ff,nw_src=0.0.0.0,nw_dst=255.255.255.255,nw_tos=16,nw_ecn=0,nw_ttl=128,tp_src=68,tp_dst=67) > 2019-09-09T08:16:49.311Z|00019|ofproto_dpif_upcall(handler7)|INFO|Dropped 1 > log messages in last 214 seconds (most recently, 214 seconds ago) due to > excessive rate > 2019-09-09T08:16:49.311Z|00020|ofproto_dpif_upcall(handler7)|INFO|received > packet on unassociated datapath port 4 > 2019-09-09T08:16:49.914Z|00003|tunnel(revalidator6)|WARN|receive tunnel port > not found > (pkt_mark=0x1,udp,tun_id=0x3,tun_src=192.168.5.28,tun_dst=192.168.5.27,tun_ipv6_src=::,tun_ipv6_dst=::,tun_gbp_id=0,tun_gbp_flags=0,tun_tos=0,tun_ttl=64,tun_flags=key,in_port=4,vlan_tci=0x0000,dl_src=b2:bc:3c:29:bd:fd,dl_dst=ff:ff:ff:ff:ff:ff,nw_src=0.0.0.0,nw_dst=255.255.255.255,nw_tos=16,nw_ecn=0,nw_ttl=128,tp_src=68,tp_dst=67) > > There's plenty of errors like this after the tunnels are created and I > attempt to ping through the tunnels. > > Does that ring a bell to anyone? > > Do not hesitate to ask me anything that can help debug this issue. > > Thank you, > Benjamin Reis > _______________________________________________ > discuss mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss _______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
