IPsec stopped working after upgrade to OCP 3.11

Solution In Progress - Updated -


  • Red Hat Openshift (OCP) 3.10,3.11


  • After upgrading to OCP 3.11 the IPsec stopped working.


  • There are a couple of ways to address this :

a) According to documentation You can then use the edits field to modify any node configuration variables by specifying key-value pairs. please note below an example:

    openshift_node_groups: ... 'edits': [{ 'key': 'networkConfig.mtu', 'value': 1388}]}, ...  

b) Also it might be addressed modifying MTU value in /etc/origin/node/node-config.yaml, and it should looks like this:

    apiVersion: v1
      mtu: 1388
      networkPluginName: redhat/openshift-ovs-networkpolicy  

Root Cause

  • Unless you have the right settings on the inventory file, during the upgrade the MTU will change to the default.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.