How to decapsule GRE (ERSPAN Type II) on Ubuntu 18.04 LTS?

I have an Ubunutu 18.04 LTS server that is receiving ERSPAN traffic sent from several sources. For those not familiar with ERSPAN it uses GRE tunneling to achieve this, wrapping the original L3 packet inside of another L3 packet preserving the original packet source/destination IP, payload, L2 details, etc... The server receives this on a dedicated interface (ens192 in this instance), but without decapsulating the traffic (removing the GRE header) when the IDS processes this traffic all that is seen is the source (the ERSPAN source) and the destination (the ubuntu server)...because the IDS stops processing that info once it finds a source/dest IP. To resolve this issue I have tried using RCDCAP, but it crashes after a short time with a memmory corruption issues. I have been relaying this to the developer of RCDCAP and they have been attempting to fix this issue but have not been able to yet. I am now looking at the capabilities of the kernel to do this job. I see that the kernel module ip_gre includes support for both ERSPAN Type I, Type II and Type III. I have done the following on the Ubunutu server: #load ip_gre module into kernel modprobe ip_gre #create tunnel in gre mode set local and remote ends of tunnel and turn link up ip tunnel add tun0 mode gre local 10.10.1.20 remote 10.10.1.143 ttl 255 ip link set tun0 up #assign IP address to tunnel interface ip addr add 10.10.1.20/24 dev tun0 Doing this successfully creates the tunnel, but it does not process the GRE traffic and is leaving the GRE headers attached. Is there a switch or something that I am missing when I create the GRE tunnel that tells it what type to expect? There are subtle differences between the GRE Types, if its expecting type I it would fail to process it....