Hi colleagues, can anybody help me with an issue in the following configuration. There is GRE over IPSec in transport mode between Linux (Ubuntu 20.04) and two other boxes - Cisco (virtual XE v17.07.01) and Mikrotik (CHR v6). Pings are there, so IPSec policies, addresses, connectivity is ok, but OSPF (I'm using FRR 8.1) do not work. On the linux side, tcpdump shows that it sends hellos in this interface, but both Cisco and CHR see nothing: # tcpdump -i gre1 -v [ ... ] 15:34:49.132222 IP (tos 0xc0, ttl 1, id 15017, offset 0, flags [none], proto OSPF (89), length 68) my_linux > ospf-all.mcast.net: OSPFv2, Hello, length 48 Router-ID x.x.x.x, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.252, Priority 1 Neighbor List: 100.100.8.1 Cisco: Mar 11 15:31:33.522: OSPF-1 HELLO Tu8: Send hello to 224.0.0.5 area 0 from 100.99.0.65 Mar 11 15:31:42.586: OSPF-1 HELLO Tu8: Send hello to 224.0.0.5 area 0 from 100.99.0.65 Mar 11 15:31:51.641: OSPF-1 HELLO Tu8: Send hello to 224.0.0.5 area 0 from 100.99.0.65 Mikrotik (using packet sniffer) also see nothing on input. Definitely, the issue is on Linux side but I can't realize, where exactly. Linux side (mtu is same, multicast switched on): 6: gre1@NONE: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1400 qdisc noqueue state UNKNOWN group default qlen 1000 link/gre x.x.x.x peer x.x.x.y inet 100.99.0.66/30 brd 100.99.0.67 scope global gre1 valid_lft forever preferred_lft forever vtysh#sh run [ ... ] interface gre1 ip ospf cost 5 ip ospf mtu-ignore vtysh#sh ip ospf interface gre1 gre1 is up ifindex 6, MTU 1400 bytes, BW 0 Mbit <UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> Internet Address 100.99.0.66/30, Broadcast 100.99.0.67, Area 0.0.0.0 MTU mismatch detection: disabled Router ID x.x.x.x, Network Type POINTOPOINT, Cost: 5 Transmit Delay is 1 sec, State Point-To-Point, Priority 1 No backup designated router on this network Multicast group memberships: OSPFAllRouters Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5 Hello due in 8.701s Neighbor Count is 1, Adjacent neighbor count is 0 vtysh#sh ip ospf neigh Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL 100.100.8.1 1 Init/DROther 37.960s 100.99.0.65 gre1:100.99.0.66 0 0 0 host# ip maddress [ ... ] 6: gre1 inet 224.0.0.5 inet 224.0.0.1 What I miss in the Linux configuration? Cisco configuration is for reference: interface Tunnel8 description HZF ip address 100.99.0.65 255.255.255.252 ip mtu 1400 ip ospf network point-to-point ip ospf cost 5 tunnel source GigabitEthernet1 tunnel destination x.x.x.x Tunnel8 is up, line protocol is up Internet Address 100.99.0.65/30, Interface ID 20, Area 0 Attached via Network Statement Process ID 1, Router ID 100.100.8.1, Network Type POINT_TO_POINT, Cost: 5 Topology-MTID Cost Disabled Shutdown Topology Name 0 5 no no Base Transmit Delay is 1 sec, State POINT_TO_POINT Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:04 Supports Link-local Signaling (LLS) Cisco NSF helper support enabled IETF NSF helper support enabled Can not be protected by per-prefix Loop-Free FastReroute Can be used for per-prefix Loop-Free FastReroute repair paths Not Protected by per-prefix TI-LFA Index 1/8/8, flood queue length 0 Next 0x0(0)/0x0(0)/0x0(0) Last flood scan length is 1, maximum is 38 Last flood scan time is 0 msec, maximum is 1 msec Neighbor Count is 0, Adjacent neighbor count is 0 Suppress hello for 0 neighbor(s) Thank you for any recommendations. -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison