[ovs-discuss] Multiple IPSEC bridges

Benjamin benjamin.reis at vates.fr
Mon Sep 16 06:30:18 UTC 2019


Hello Ansis,

Thank you for your answer!


Le 13/09/2019 à 19:52, Ansis a écrit :
> On Fri, 13 Sep 2019 at 01:26, Benjamin <benjamin.reis at vates.fr> wrote:
>> Hello,
>>
>> Is it possible to have multiple bridges using IPSEC/GRE tunnels with
>> same configuration?
> IIRC, it is not possible to create multiple IPsec tunnels of same
> flavor (in your case GRE) between the same two endpoints.
>
> This limitation kinda comes from Linux IPsec stack. While ip-xfrm man
> page mentions that it is possible for IPsec stack to match on GRE key,
> there is not way to match on Geneve, VXLAN, STT and other protocols
> the same way. So since we could not implement this in uniform manner
> across all transport protocols, then we did not bother to implement
> that for GRE either.
>
>
>> For now, creating one works fine but as soon as I create a 2nd none
>> works, there's no active connections and no error in logs.
>> I'm using `options:key` to allow having multiple GRE tunnels with same
>> configuration.
>>
>> Thanks
>> Benjamin Reis
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss



More information about the discuss mailing list