[ovs-git] [openvswitch/ovs] cab998: ipsec: Fix IPv6 default route support for Libreswan.
noreply at github.com
Thu Apr 1 18:28:34 UTC 2021
Author: Mark Gray <mark.d.gray at redhat.com>
Date: 2021-04-01 (Thu, 01 Apr 2021)
ipsec: Fix IPv6 default route support for Libreswan.
When configuring IPsec, "ovs-monitor-ipsec" honours
the 'local_ip' option in the 'Interface' table by configuring
the 'left' side of the Libreswan connection with 'local_ip'.
If 'local_ip' is not specified, "ovs-monitor-ipsec" sets
'left' to '%defaultroute' which is interpreted as the IP
address of the default gateway interface.
However, when 'remote_ip' is an IPv6 address, Libreswan
still interprets '%defaultroute' as the IPv4 address on the
default gateway interface (see:
an "address family inconsistency" error.
This patch resolves this issue by specifying the
connection as IPv6 when the 'remote_ip' is IPv6 and
'local_ip' has not been set.
Fixes: 22c5eafb6efa ("ipsec: reintroduce IPsec support for tunneling")
Signed-off-by: Mark Gray <mark.d.gray at redhat.com>
Acked-by: Flavio Leitner <fbl at sysclose.org>
Acked-by: Aaron Conole <aconole at redhat.com>
Acked-by: Eelco Chaudron <echaudro at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
More information about the git