[ovs-dev] [PATCH 1/3] ipsec: reintroduce IPsec support for tunneling
Aaron Conole
aconole at redhat.com
Tue Jul 3 19:16:19 UTC 2018
Ben Pfaff <blp at ovn.org> writes:
> On Wed, Jun 27, 2018 at 04:00:00PM -0400, Aaron Conole wrote:
>> Thanks for the patch. It's really cool to see IPSec being
>> re-integrated. Just a few quick comments inline.
>>
>> Qiuyu Xiao <qiuyu.xiao.qyx at gmail.com> writes:
>>
>> > From: Ansis Atteka <aatteka at ovn.org>
>> >
>> > This patch reintroduces ovs-monitor-ipsec daemon that
>> > was previously removed by commit 2b02d770 ("openvswitch:
>> > Allow external IPsec tunnel management.")
>> >
>> > The reason for removal at the time was that there were IPsec
>> > flavoured tunnel types, like ipsec_gre, that consumed for
>> > themselves the least significant bit of SKB mark irrelevant
>> > whether Open vSwitch users were using IPsec or not.
>> >
>> > After this patch, there are no IPsec flavored tunnels anymore.
>> > IPsec is enabled by setting up the right values in:
>> > 1. OVSDB:Interface:options column;
>> > 2. OVSDB:Open_vSwitch:other_config column;
>> > 3. OpenFlow pipeline.
>> >
>> > Signed-off-by: Ansis Atteka <aatteka at ovn.org>
>> > ---
>>
>> Have you looked into what it would take to support other systems (for
>> instance, BSDs, Fedora/RHEL, CentOS)?
>
> I've asked Qiuyu to look at RHEL/Fedora support soon. It will take
> extra work because Red Hat flavored systems use libreswan instead of
> strongswan, and libreswan configuration works differently.
Thanks Ben, and Qiuyu.
More information about the dev
mailing list