IPSec Add-On connectivity Issues on Jammy 1.83,1.80,1.75,1.71,1.64,1.55,1.49,1.44,1.30,1.18
Article ID: 293027
Updated On:
Products
VMware Tanzu Application Service for VMs
Issue/Introduction
IPSec Add-On incompatibility with Ubuntu Jammy Stemcells
We found an issue with the IPSec AddOn Release when compiled on Jammy Stemcells starting with Version 1.18 until version 1.83
Builds produced by Version 1.8 and Versions >= 1.93 of the Stemcell are unaffected.
Symptoms:
A VM deployed with the IPSec Release Add-On has networking issues when attempting to connect to it's own IP Address.
Assuming a VM with IP Address 10.0.0.5 on eth0 that is deployed into a Subnet that is expected to use IPSec encryption, the VM would fail communicating to the IP assigned to the `eth0` interface via the `eth0` interface.
Failing:
ping 10.#.#.#
nc 10.#.#.# ##
Succeeding:
ping -I lo 10.#.#.#
nc -s 127.#.#.# 10.#.#.# 22
This would cause failing jobs on VMs that require Layer 3 connectivity to their own IP Address assigned to `eth0`.
Cause
The charon binary from Strongswan when compiled on specific Jammy Stemcell versions, will not properly setup local routing on a VM for traffic going from eth0 -> eth0
Resolution
Update to a compatible Stemcell Version.
Feedback
Yes
No
Powered by
