[ovs-dev] [PATCH v2] docs: Add instruction to set local_ip to ipsec tutorial

Balazs Nemeth bnemeth at redhat.com
Wed Feb 17 15:11:45 UTC 2021


Signed-off-by: Balazs Nemeth <bnemeth at redhat.com>
---
 Documentation/tutorials/ipsec.rst | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/Documentation/tutorials/ipsec.rst b/Documentation/tutorials/ipsec.rst
index 3b3e42c59..6bcf3842e 100644
--- a/Documentation/tutorials/ipsec.rst
+++ b/Documentation/tutorials/ipsec.rst
@@ -144,6 +144,14 @@ external IP is 1.1.1.1, and `host_2`'s external IP is 2.2.2.2. Make sure
                                     options:remote_ip=$ip_1 \
                                     options:psk=swordfish

+      Set the "local_ip" field in the Interface table on host_1::
+
+          $ ovs-vsctl set Interface tun options:local_ip=$ip_1
+
+      Same on host_2::
+
+          $ ovs-vsctl set Interface tun options:local_ip=$ip_2
+
       .. note::

         Pre-shared key (PSK) based authentication is easy to set up but less
@@ -273,7 +281,26 @@ external IP is 1.1.1.1, and `host_2`'s external IP is 2.2.2.2. Make sure
         authenticated; otherwise, any certificate signed by the CA would be
         accepted.

-3. Test IPsec tunnel.
+3. Set the `local_ip` field in the Interface table (Optional)
+
+    Make sure that the `local_ip` field in the Interface table is set to the
+    NIC used for egress traffic.
+
+    On `host 1`::
+
+       # ovs-vsctl set Interface tun options:local_ip=$ip_1
+
+    Similarly, on `host 2`::
+
+       # ovs-vsctl set Interface tun options:local_ip=$ip_2
+
+   .. note::
+
+        It is not strictly necessary to set the `local_ip` field if your system
+        only has one NIC or the default gateway interface is set to the NIC
+        used for egress traffic.
+
+4. Test IPsec tunnel.

    Now you should have an IPsec GRE tunnel running between two hosts. To verify
    it, in `host_1`::
--
2.29.2



More information about the dev mailing list