Does the mid-low end router of Huawei support IPSEC+OSPF?
By configuring the peer, OSPF could transmit packet over the port configured with IPSEC. However, when receiving the packet, the routing protocol has to determine the port to receive it according to the source address. The source address of the packet received via the port configured with IPSEC is the remote IP (incapable of direct connecting), so source address cannot help determine the corresponding port, and it fails then.
According to the protocol, OSPF determines the route via exchanging the status of links of routers in nature. The channel configured with IPSEC cannot form a link to the remote (logic), so it cannot run OSPF.
The following two points explain why IPSEC+OSPF cannot be supported:
1.Unlike GRE, IPSEC does not have the similar Tunnel port, but it would use the same physical interface to run public and private network routes, resulting in mixture of both public network routes and private network routes;
2. Dynamic routing protocol (not including BGP) requires that its neighbour must be direct-connected with single hop, and the direct connection could be either physical or logic (such as Tunnel of GRE).
Huawei's mid-low end routers don't support IPSEC+OSPF. If it needs to run dynamic route by IPSEC, it is suggested to run OSPF via GRE+IPSEC.