Hi,
After several days of trying to identify the root cause I think I found some issue with IPSEC (IKEv2) and PPPoE hardware acceleration in the ERLite3 v1.9.0. Description below:
1) We are using a fiber-based ISP with PPPoE over VLAN on port eth0. We are using hardware offloading for forwarding/gre/pppoe/vlan in IPv4 to support the bandwidth offered (300/300Mbps). Works beautifully.
2) we have configured a fairly standard ipsec.conf and ipsec.secrets with preshared keys for roadwarriors
3) when two roadwarriors are connecting from the same public IP address, they can both see the router and the internal network behind the ERL ;
4) HOWEVER, if one IPSec roadwarriors tries to reach the other one (simple ping), only the first packet goes through and then the tunnel becomes a blackhole. Stop the ping and the tunnel is working again for other destination (like the router itself)
5) after trying all combinations turned out that enabling PPPoE hardware acceleration is the culprit. Disabling it makes all the pings/traffic works normally.
Any idea if this bug is already known ?
The software workaround (running PPPoE over sw) is killing the performance of the router, unfortunately.
Is there any low level debug output I could provide on the hw accelerator ?
cheers,