Thank you for bringing this to the fore. I am noticing something interesting along the same lines as well during my investigation. I am using strongswan as the initiator and VPP Ikev2 as the responder.
My observations are: 1. Strongswan initiator forceencap=yes and VPP responder ikev2 profile set udp-encap, my tunnels do not come up. Ike gets established but CHILD_SA fails. 2. Strongswan initiator forceencap=no and VPP responder ikev2 profile set udp-encap, my tunnels come up. Traffic drops with ESP_DECRYPT_ERROR_TUN_NO_PROTO (all traffic) 3. Strongswan initiator forceencap=yes and VPP responder udp-encap not set in profile, my tunnels do come up and traffic flows. Let me know as well if these are expected observations.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#22696): https://lists.fd.io/g/vpp-dev/message/22696 Mute This Topic: https://lists.fd.io/mt/97576487/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
