Hi colleagues,

can anybody help me with an issue in the following configuration.

There is GRE over IPSec in transport mode between Linux (Ubuntu 20.04) and two other boxes - Cisco (virtual XE v17.07.01) and Mikrotik (CHR v6). Pings are there, so IPSec policies, addresses, connectivity is ok, but OSPF (I'm using FRR 8.1) do not work.

On the linux side, tcpdump shows that it sends hellos in this interface, but both Cisco and CHR see nothing:

# tcpdump -i gre1 -v
[ ... ]
15:34:49.132222 IP (tos 0xc0, ttl 1, id 15017, offset 0, flags [none], proto OSPF (89), length 68)
    my_linux > ospf-all.mcast.net: OSPFv2, Hello, length 48
	Router-ID x.x.x.x, Backbone Area, Authentication Type: none (0)
	Options [External]
	  Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.252, Priority 1
	  Neighbor List:
	    100.100.8.1

Cisco:

Mar 11 15:31:33.522: OSPF-1 HELLO Tu8: Send hello to 224.0.0.5 area 0 from 100.99.0.65
Mar 11 15:31:42.586: OSPF-1 HELLO Tu8: Send hello to 224.0.0.5 area 0 from 100.99.0.65
Mar 11 15:31:51.641: OSPF-1 HELLO Tu8: Send hello to 224.0.0.5 area 0 from 100.99.0.65

Mikrotik (using packet sniffer) also see nothing on input.

Definitely, the issue is on Linux side but I can't realize, where exactly.

Linux side (mtu is same, multicast switched on):

6: gre1@NONE: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1400 qdisc noqueue state UNKNOWN group default qlen 1000
    link/gre x.x.x.x peer x.x.x.y
    inet 100.99.0.66/30 brd 100.99.0.67 scope global gre1
       valid_lft forever preferred_lft forever

vtysh#sh run
[ ... ]
interface gre1
 ip ospf cost 5
 ip ospf mtu-ignore

vtysh#sh ip ospf interface gre1
gre1 is up
  ifindex 6, MTU 1400 bytes, BW 0 Mbit <UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>
  Internet Address 100.99.0.66/30, Broadcast 100.99.0.67, Area 0.0.0.0
  MTU mismatch detection: disabled
  Router ID x.x.x.x, Network Type POINTOPOINT, Cost: 5
  Transmit Delay is 1 sec, State Point-To-Point, Priority 1
  No backup designated router on this network
  Multicast group memberships: OSPFAllRouters
  Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
    Hello due in 8.701s
  Neighbor Count is 1, Adjacent neighbor count is 0

vtysh#sh ip ospf neigh

Neighbor ID     Pri State           Dead Time Address         Interface                        RXmtL RqstL DBsmL
100.100.8.1       1 Init/DROther      37.960s 100.99.0.65     gre1:100.99.0.66                     0     0     0

host# ip maddress
[ ... ]
6:	gre1
	inet  224.0.0.5
	inet  224.0.0.1

What I miss in the Linux configuration?

Cisco configuration is for reference:

interface Tunnel8
 description HZF
 ip address 100.99.0.65 255.255.255.252
 ip mtu 1400
 ip ospf network point-to-point
 ip ospf cost 5
 tunnel source GigabitEthernet1
 tunnel destination x.x.x.x

Tunnel8 is up, line protocol is up
  Internet Address 100.99.0.65/30, Interface ID 20, Area 0
  Attached via Network Statement
  Process ID 1, Router ID 100.100.8.1, Network Type POINT_TO_POINT, Cost: 5
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           5         no          no            Base
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:04
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Can not be protected by per-prefix Loop-Free FastReroute
  Can be used for per-prefix Loop-Free FastReroute repair paths
  Not Protected by per-prefix TI-LFA
  Index 1/8/8, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 38
  Last flood scan time is 0 msec, maximum is 1 msec
  Neighbor Count is 0, Adjacent neighbor count is 0
  Suppress hello for 0 neighbor(s)

Thank you for any recommendations.

-- 
Volodymyr Litovka
  "Vision without Execution is Hallucination." -- Thomas Edison