[ovs-dev] [PATCH v2 3/5] ipsec: IPv6 default route support for Libreswan

Flavio Leitner fbl at sysclose.org
Wed Mar 31 20:37:55 UTC 2021


On Wed, Mar 31, 2021 at 04:05:07AM -0400, Mark Gray wrote:
> When configuring IPsec, "ovs-monitor-ipsec" honours
> the 'local_ip' option in the 'Interface' table by configuring
> the 'left' side of the Libreswan connection with 'local_ip'.
> If 'local_ip' is not specified, "ovs-monitor-ipsec" sets
> 'left' to '%defaultroute' which is interpreted as the IP
> address of the default gateway interface.
> 
> However, when 'remote_ip' is an IPv6 address, Libreswan
> still interprets '%defaultroute' as the IPv4 address on the
> default gateway interface (see:
> https://github.com/libreswan/libreswan/issues/416) giving
> an "address family inconsistency" error.
> 
> This patch resolves this issue by specifying the
> connection as IPv6 when the 'remote_ip' is IPv6 and
> 'local_ip' has not been set.
> 
> Signed-off-by: Mark Gray <mark.d.gray at redhat.com>
> ---

LGTM
Acked-by: Flavio Leitner <fbl at sysclose.org>



More information about the dev mailing list