[ovs-dev] [PATCH 0/3] IPsec support for tunneling
Aaron Conole
aconole at redhat.com
Wed Jun 27 19:41:59 UTC 2018
Qiuyu Xiao <qiuyu.xiao.qyx at gmail.com> writes:
> This patch series reintroduce IPsec support for OVS tunneling and adds new
> features to prepare for the OVN IPsec support. The new features are:
>
> 1) Add CA-cert based authentication support to ovs-monitor-ipsec.
> 2) Enable ovs-pki to generate x.509 version 3 certificate.
>
> Ansis Atteka (1):
> ipsec: reintroduce IPsec support for tunneling
>
> Qiuyu Xiao (2):
> ipsec: add CA-cert based authentication
> ovs-pki: generate x.509 v3 certificate
When the bot tested this, all of the IPSec tests failed. I had disabled
the bot's report to the list.
ovs-monitor-ipsec (XFRM)
876: Parse "ip xfrm policy" output FAILED (ovs-monitor-ipsec.at:145)
877: Parse "ip xfrm state" output FAILED (ovs-monitor-ipsec.at:175)
ovs-monitor-ipsec (strongSwan)
878: Ignore non-IPsec tunnels FAILED (ovs-monitor-ipsec.at:195)
879: Parse "ipsec status" output FAILED (ovs-monitor-ipsec.at:226)
880: ipsec_gre with PSK authentication FAILED (ovs-monitor-ipsec.at:243)
881: ipsec_stt with PSK authentication FAILED (ovs-monitor-ipsec.at:317)
882: ipsec_geneve with PSK authentication FAILED (ovs-monitor-ipsec.at:400)
883: ipsec_vxlan with PSK authentication FAILED (ovs-monitor-ipsec.at:483)
884: ipsec_gre with PKI authentication (use_ssl_cert) FAILED (ovs-monitor-ipsec.at:570)
885: ipsec_gre with PKI authentication FAILED (ovs-monitor-ipsec.at:649)
886: ipsec_gre and ipsec_stt to two different hosts FAILED (ovs-monitor-ipsec.at:727)
887: ipsec_gre and ipsec_stt to the same host FAILED (ovs-monitor-ipsec.at:816)
888: Sequence of IPsec tunnel reconfiguration events FAILED (ovs-monitor-ipsec.at:907)
I have the complete dist directory saved off (which includes the
testsuite.dir) if you'd like to see it.
> Documentation/automake.mk | 1 +
> Documentation/howto/index.rst | 1 +
> Documentation/howto/ipsec.rst | 259 +++++++
> Makefile.am | 1 +
> debian/automake.mk | 3 +
> debian/control | 21 +
> debian/openvswitch-ipsec.dirs | 1 +
> debian/openvswitch-ipsec.init | 189 ++++++
> debian/openvswitch-ipsec.install | 1 +
> ipsec/automake.mk | 9 +
> ipsec/ovs-monitor-ipsec | 763 +++++++++++++++++++++
> tests/automake.mk | 1 +
> tests/ovs-monitor-ipsec.at | 1076 ++++++++++++++++++++++++++++++
> tests/testsuite.at | 1 +
> utilities/ovs-pki.in | 18 +-
> vswitchd/vswitch.xml | 83 ++-
> 16 files changed, 2421 insertions(+), 7 deletions(-)
> create mode 100644 Documentation/howto/ipsec.rst
> create mode 100644 debian/openvswitch-ipsec.dirs
> create mode 100644 debian/openvswitch-ipsec.init
> create mode 100644 debian/openvswitch-ipsec.install
> create mode 100644 ipsec/automake.mk
> create mode 100755 ipsec/ovs-monitor-ipsec
> create mode 100644 tests/ovs-monitor-ipsec.at
More information about the dev
mailing list