[ovs-dev] [PATCH v2 3/5] ipsec: IPv6 default route support for Libreswan

Aaron Conole aconole at redhat.com
Wed Mar 31 13:30:57 UTC 2021


Mark Gray <mark.d.gray at redhat.com> writes:

> When configuring IPsec, "ovs-monitor-ipsec" honours
> the 'local_ip' option in the 'Interface' table by configuring
> the 'left' side of the Libreswan connection with 'local_ip'.
> If 'local_ip' is not specified, "ovs-monitor-ipsec" sets
> 'left' to '%defaultroute' which is interpreted as the IP
> address of the default gateway interface.
>
> However, when 'remote_ip' is an IPv6 address, Libreswan
> still interprets '%defaultroute' as the IPv4 address on the
> default gateway interface (see:
> https://github.com/libreswan/libreswan/issues/416) giving
> an "address family inconsistency" error.
>
> This patch resolves this issue by specifying the
> connection as IPv6 when the 'remote_ip' is IPv6 and
> 'local_ip' has not been set.
>
> Signed-off-by: Mark Gray <mark.d.gray at redhat.com>
> ---

Acked-by: Aaron Conole <aconole at redhat.com>



More information about the dev mailing list