[ovs-discuss] [OVN] VPN IPsec and Wireguard

Engelmann Florian florian.engelmann at everyware.ch
Fri Mar 20 10:21:40 UTC 2020

Am 20.03.20 um 10:08 schrieb Numan Siddique:
> On Fri, Mar 20, 2020 at 4:11 AM Engelmann Florian
> <florian.engelmann at everyware.ch> wrote:
>> yes but only to encrypt its tunnels not to build a IPsec site2site connection. We do use Neutron-VPNaaS and would like to migrate to OVN asap. But currently VPNaaS does not support OVN and while using namespaces is an option I would love to see "native" VPN (site2site ipsec and Wireguard) support in OVN.
> By site2site you mean IPSec between 2 independent OVN deployments ? Or
> one OVN deployment and other non OVN deployment ?

We (and our customers) have to create IPsec site2site VPNs to all kind 
of devices of our customers (eg. Cisco ASA, M0n0wall, ...)

> As I understand, neutron VPNaaS is an advanced service in openstack.
> Doesn't neutron-vpnaas work with OVN ?

There was some effort but it was never finished:


This solution was based on Linux namespaces but natvie IPsec site2site 
VPN support in OVN would be much more solid.

NSX-T also supports Neutron-VPNaaS:

So I guess OVN could as well?
> If not can we add support in neutron-vpnaas for OVN ? I'm really not
> sure how we can add this support natively in OVN.
> If your requirement is to interconnect 2 OVN deployments, you can
> probably explore the ovn interconnection feature
> which was added recently. You can refer here [1] if you're interested.
> Thanks
> Numan
> [1] - https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwww.ovn.org%2fen%2fsupport%2fdist%2ddocs%2fovn%2darchitecture.7.html&umid=36e071a2-bd0c-4ef9-b46f-8e177d986a49&auth=da68674867a7b34a52174765f5bf466e2f7c8c98-04bdf5b54b589434dc522b0d889f2936285bb4aa
> (and grep for OVN Deployments Interconnection)
>       - https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwww.ovn.org%2fen%2fsupport%2fdist%2ddocs%2fovn%2dic.8.html&umid=36e071a2-bd0c-4ef9-b46f-8e177d986a49&auth=da68674867a7b34a52174765f5bf466e2f7c8c98-618a0023de1bb5d57bcfcdd428b386bd14b38dcb
>       - https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fdocs.ovn.org%2fen%2flatest%2ftutorials%2fovn%2dinterconnection.html&umid=36e071a2-bd0c-4ef9-b46f-8e177d986a49&auth=da68674867a7b34a52174765f5bf466e2f7c8c98-3c62decabd68bf5b751ddf5675b3667dff8c073e
>> Holen Sie sich Outlook für Android
>> ________________________________
>> From: Ben Pfaff <blp at ovn.org>
>> Sent: Thursday, March 19, 2020 9:15:03 PM
>> To: Engelmann Florian <florian.engelmann at everyware.ch>
>> Cc: ovs-discuss at openvswitch.org <ovs-discuss at openvswitch.org>
>> Subject: Re: [ovs-discuss] [OVN] VPN IPsec and Wireguard
>> On Thu, Mar 19, 2020 at 08:34:10AM +0000, Engelmann Florian wrote:
>>> are there any plans to support any VPN technology with OVN like IPsec
>>> or Wireguard?
>> OVN supports IPsec.
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org
>> https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fmail.openvswitch.org%2fmailman%2flistinfo%2fovs%2ddiscuss&umid=36e071a2-bd0c-4ef9-b46f-8e177d986a49&auth=da68674867a7b34a52174765f5bf466e2f7c8c98-74259adec5f937388f4074a326850cfb0c6bcf8e

EveryWare AG
Florian Engelmann
Cloud Platform Architect
Zurlindenstrasse 52a
CH-8003 Zürich

T  +41 44 466 60 00
F  +41 44 466 60 10

florian.engelmann at everyware.ch

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2818 bytes
Desc: not available
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20200320/76c23972/attachment-0001.p7s>

More information about the discuss mailing list