[ovs-dev] [PATCH v2 3/5] ipsec: IPv6 default route support for Libreswan

Eelco Chaudron echaudro at redhat.com
Wed Mar 31 08:37:50 UTC 2021



On 31 Mar 2021, at 10:05, Mark Gray wrote:

> When configuring IPsec, "ovs-monitor-ipsec" honours
> the 'local_ip' option in the 'Interface' table by configuring
> the 'left' side of the Libreswan connection with 'local_ip'.
> If 'local_ip' is not specified, "ovs-monitor-ipsec" sets
> 'left' to '%defaultroute' which is interpreted as the IP
> address of the default gateway interface.
>
> However, when 'remote_ip' is an IPv6 address, Libreswan
> still interprets '%defaultroute' as the IPv4 address on the
> default gateway interface (see:
> https://github.com/libreswan/libreswan/issues/416) giving
> an "address family inconsistency" error.
>
> This patch resolves this issue by specifying the
> connection as IPv6 when the 'remote_ip' is IPv6 and
> 'local_ip' has not been set.
>
> Signed-off-by: Mark Gray <mark.d.gray at redhat.com>
> ---
> v2: refactor address family parsing

Reviewed v2 changes, and tested the patch, LGTM.

Acked-by: Eelco Chaudron <echaudro at redhat.com>



More information about the dev mailing list