Unable to connect to SSL secured website with CSO enabled
search cancel

Unable to connect to SSL secured website with CSO enabled

book

Article ID: 388621

calendar_today

Updated On: 02-21-2025

Products

VMware NSX VMware NSX-T Data Center

Issue/Introduction

  • You aren't able to reach websites or devices that are SSL secured
  • You are connecting from an NSX overlay segment
  • You are using bnxtnet driver version 227.0.134.0 
  • Checksum Offload (CSO) is enabled on the vmnic of the host
    • [root@esx:~] localcli network nic cso get
      NIC     RX Checksum Offload  TX Checksum Offload
      ------  -------------------  -------------------
      vmnic0  on                   on
      vmnic1  on                   on

Environment

VMware NSX
VMware NSX-T Data Center

Resolution

Workaround:

1. Disable GENEVE offload and reboot ESXi host:

esxcli system module parameters set -m bnxtnet -p "enable_geneve_ofld=0"

2. To verify:

esxcli system module parameters list -m bnxtnet

 

 

Powered by Wolken Software