Ah, looking back over the logs, I think I see the issue. You want to encrypt the actual node networks, not the SDN network. So: # echo 192.168.2.0/24 >> /etc/ipsec.d/policies/private # echo 192.168.2.1/32 >> /etc/ipsec.d/policies/clear or whatever the node network config is. I re-read the docs and realize that this wasn't clear, I should update them to make it so. Does using those subnets change things?
Hi, Dan I tried to config /etc/ipsec.d/policies/private and /etc/ipsec.d/policies/clear with the node network, and after restart ipsec, the whole network was broken like: # oc get node Unable to connect to the server: dial tcp 10.8.174.54:8443: i/o timeout Attach the nodes' network information.
Created attachment 1270373 [details] nodes network info