Thank you for bringing this to the fore.
I am noticing something interesting along the same lines as well during my
investigation.
I am using strongswan as the initiator and VPP Ikev2 as the responder.
My observations are:
1. Strongswan initiator forceencap=yes and VPP responder ikev2 profile
Hi Team,
All UDP packet being dropped at “ipsec4_input_node” if ipsec inbound and
outbound policy configured. Not that udp_encp is not enabled.
Where TCP and ICMP has no such issue.
System is treating normal UDP and UDP encapsulated ESP packet in same way.
Probably we have to use DST and SRC