[ovs-discuss] [ovs-dev] GRE over IPsec on CentOS

Ansis Atteka ansisatteka at gmail.com
Tue Sep 27 16:25:18 UTC 2016


On Sep 26, 2016 7:02 PM, <mrityunjay.kumar2 at wipro.com> wrote:
>
> Hi all ,
>
> I have been trying to test IPSEC over GRE on Centos7.3 . I am able to
test on ubuntu14.04 .

The ovs-monitor-ipsec daemon never was packaged (ie had *.rpm package) for
CentOS. Just for debain/ubuntu.

However, now we just removed debian package as well. See latest Pravin's
patch for more details that he sent a day ago.

The history behind this is that skb mark was taken away from IPsec. I will
try to think about it if it it still somehow possible to salvage the
situation and have IPsec work properly without havin least significant skb
mark bit assigned to IPsec.

>
> I wanted to know whether this feature is supported on Centos .
>
>
> If not supported, please let me know how to achieve IPSEC over GRE on
Centos .
>
>
> thanks
> MJ
> -------------
>
> We did integration on Debian, but it shouldn't be hard to port to
CentOS.  It uses racoon and ipsec-tools, and is managed by the
"debian/ovs-monitor-ipsec".  I'm not 100% happy with our solution, but it
works.  I'd start by looking there.
>
> --Justin
>
>
> On Dec 14, 2012, at 1:49 AM, Diego Rivero <riverod9 at gmail.com<
http://openvswitch.org/mailman/listinfo/dev>> wrote:
>
> > How can I achieve GRE over IPsec on CentOS 6.3 instead of debian?
> >
> > So far what I've understood is the following..
> >
> > # ovs-vsctl add-port br0 gre0
> > # ovs-vsctl set interface gre0 type=ipsec_gre \
> > options:remote_ip=192.168.2.xxx \
> > options:psk=testtest \
> > options:certificate=cert.pem \
> > options:peer_cert='"-----BEGIN CERTIFICATE-----(not a real peer
certificate)-----END CERTIFICATE----- \
> >
> >
> > But I don't know how to move it forward. Do I need to install openswan
for encryption? How can I configure to tell open vswitch the existance of
openswan? Does open vswitch have an encription module on its own?
> >
> > Thanks in advance.
> >
> > Diego
> > _______________________________________________
> > dev mailing list
> > dev at openvswitch.org<http://openvswitch.org/mailman/listinfo/dev>
> > http://openvswitch.org/mailman/listinfo/dev
>
>
>
> The information contained in this electronic message and any attachments
to this message are intended for the exclusive use of the addressee(s) and
may contain proprietary, confidential or privileged information. If you are
not the intended recipient, you should not disseminate, distribute or copy
this e-mail. Please notify the sender immediately and destroy all copies of
this message and any attachments. WARNING: Computer viruses can be
transmitted via email. The recipient should check this email and any
attachments for the presence of viruses. The company accepts no liability
for any damage caused by any virus transmitted by this email. www.wipro.com
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20160927/236dc149/attachment-0002.html>


More information about the discuss mailing list