We're deploying Cilium, configured as clustermesh, in two different OpenStack regions. Both are connected via a VPNaaS IPSec tunnel to provide node IP connectivity. MTU of the OpenStack network and the VPN tunnels are set to 8942.
Hubble Relay successfully connects to the local (192.168.5.x) Cilium agents, but fails to connect to agents on the other side (192.168.4.x) with the following error: transport: authentication handshake failed: context deadline exceeded:
We're deploying Cilium, configured as clustermesh, in two different OpenStack regions. Both are connected via a VPNaaS IPSec tunnel to provide node IP connectivity. MTU of the OpenStack network and the VPN tunnels are set to
8942
.Hubble Relay successfully connects to the local (
192.168.5.x
) Cilium agents, but fails to connect to agents on the other side (192.168.4.x
) with the following error:transport: authentication handshake failed: context deadline exceeded
:While debugging, we realized that the TLS handshake already fails after the
client hello
:While googling, we found https://stackoverflow.com/questions/40009474/openssl-hangs-at-connected00000003 which suggests that this is an MTU issue and indeed, the error is gone after lowering the MTU to
1400
.