[ovs-dev] [PATCH 1/3] ipsec: reintroduce IPsec support for tunneling
blp at ovn.org
Tue Jul 3 18:47:21 UTC 2018
On Wed, Jun 27, 2018 at 04:00:00PM -0400, Aaron Conole wrote:
> Thanks for the patch. It's really cool to see IPSec being
> re-integrated. Just a few quick comments inline.
> Qiuyu Xiao <qiuyu.xiao.qyx at gmail.com> writes:
> > From: Ansis Atteka <aatteka at ovn.org>
> > This patch reintroduces ovs-monitor-ipsec daemon that
> > was previously removed by commit 2b02d770 ("openvswitch:
> > Allow external IPsec tunnel management.")
> > The reason for removal at the time was that there were IPsec
> > flavoured tunnel types, like ipsec_gre, that consumed for
> > themselves the least significant bit of SKB mark irrelevant
> > whether Open vSwitch users were using IPsec or not.
> > After this patch, there are no IPsec flavored tunnels anymore.
> > IPsec is enabled by setting up the right values in:
> > 1. OVSDB:Interface:options column;
> > 2. OVSDB:Open_vSwitch:other_config column;
> > 3. OpenFlow pipeline.
> > Signed-off-by: Ansis Atteka <aatteka at ovn.org>
> > ---
> Have you looked into what it would take to support other systems (for
> instance, BSDs, Fedora/RHEL, CentOS)?
I've asked Qiuyu to look at RHEL/Fedora support soon. It will take
extra work because Red Hat flavored systems use libreswan instead of
strongswan, and libreswan configuration works differently.
More information about the dev