[ovs-dev] [PATCH 0/3] IPsec support for tunneling

Aaron Conole aconole at redhat.com
Wed Jun 27 19:41:59 UTC 2018 

Qiuyu Xiao <qiuyu.xiao.qyx at gmail.com> writes:

> This patch series reintroduce IPsec support for OVS tunneling and adds new
> features to prepare for the OVN IPsec support. The new features are:
>
> 1) Add CA-cert based authentication support to ovs-monitor-ipsec.
> 2) Enable ovs-pki to generate x.509 version 3 certificate.
>
> Ansis Atteka (1):
>   ipsec: reintroduce IPsec support for tunneling
>
> Qiuyu Xiao (2):
>   ipsec: add CA-cert based authentication
>   ovs-pki: generate x.509 v3 certificate

When the bot tested this, all of the IPSec tests failed.  I had disabled
the bot's report to the list.

ovs-monitor-ipsec (XFRM)

876: Parse "ip xfrm policy" output                   FAILED (ovs-monitor-ipsec.at:145)
877: Parse "ip xfrm state" output                    FAILED (ovs-monitor-ipsec.at:175)

ovs-monitor-ipsec (strongSwan)

878: Ignore non-IPsec tunnels                        FAILED (ovs-monitor-ipsec.at:195)
879: Parse "ipsec status" output                     FAILED (ovs-monitor-ipsec.at:226)
880: ipsec_gre with PSK authentication               FAILED (ovs-monitor-ipsec.at:243)
881: ipsec_stt with PSK authentication               FAILED (ovs-monitor-ipsec.at:317)
882: ipsec_geneve with PSK authentication            FAILED (ovs-monitor-ipsec.at:400)
883: ipsec_vxlan with PSK authentication             FAILED (ovs-monitor-ipsec.at:483)
884: ipsec_gre with PKI authentication (use_ssl_cert) FAILED (ovs-monitor-ipsec.at:570)
885: ipsec_gre with PKI authentication               FAILED (ovs-monitor-ipsec.at:649)
886: ipsec_gre and ipsec_stt to two different hosts  FAILED (ovs-monitor-ipsec.at:727)
887: ipsec_gre and ipsec_stt to the same host        FAILED (ovs-monitor-ipsec.at:816)
888: Sequence of IPsec tunnel reconfiguration events FAILED (ovs-monitor-ipsec.at:907)

I have the complete dist directory saved off (which includes the
testsuite.dir) if you'd like to see it.

>  Documentation/automake.mk        |    1 +
>  Documentation/howto/index.rst    |    1 +
>  Documentation/howto/ipsec.rst    |  259 +++++++
>  Makefile.am                      |    1 +
>  debian/automake.mk               |    3 +
>  debian/control                   |   21 +
>  debian/openvswitch-ipsec.dirs    |    1 +
>  debian/openvswitch-ipsec.init    |  189 ++++++
>  debian/openvswitch-ipsec.install |    1 +
>  ipsec/automake.mk                |    9 +
>  ipsec/ovs-monitor-ipsec          |  763 +++++++++++++++++++++
>  tests/automake.mk                |    1 +
>  tests/ovs-monitor-ipsec.at       | 1076 ++++++++++++++++++++++++++++++
>  tests/testsuite.at               |    1 +
>  utilities/ovs-pki.in             |   18 +-
>  vswitchd/vswitch.xml             |   83 ++-
>  16 files changed, 2421 insertions(+), 7 deletions(-)
>  create mode 100644 Documentation/howto/ipsec.rst
>  create mode 100644 debian/openvswitch-ipsec.dirs
>  create mode 100644 debian/openvswitch-ipsec.init
>  create mode 100644 debian/openvswitch-ipsec.install
>  create mode 100644 ipsec/automake.mk
>  create mode 100755 ipsec/ovs-monitor-ipsec
>  create mode 100644 tests/ovs-monitor-ipsec.at

More information about the dev mailing list