[ovs-git] [openvswitch/ovs] 2c2ace: ipsec: Fix IPv6 default route support for Libreswan.

Mark Gray noreply at github.com
Thu Apr 1 18:28:39 UTC 2021


  Branch: refs/heads/branch-2.14
  Home:   https://github.com/openvswitch/ovs
  Commit: 2c2aced1a11c41ff30d94e6be66d1b9b7fddcf5e
      https://github.com/openvswitch/ovs/commit/2c2aced1a11c41ff30d94e6be66d1b9b7fddcf5e
  Author: Mark Gray <mark.d.gray at redhat.com>
  Date:   2021-04-01 (Thu, 01 Apr 2021)

  Changed paths:
    M ipsec/ovs-monitor-ipsec.in

  Log Message:
  -----------
  ipsec: Fix IPv6 default route support for Libreswan.

When configuring IPsec, "ovs-monitor-ipsec" honours
the 'local_ip' option in the 'Interface' table by configuring
the 'left' side of the Libreswan connection with 'local_ip'.
If 'local_ip' is not specified, "ovs-monitor-ipsec" sets
'left' to '%defaultroute' which is interpreted as the IP
address of the default gateway interface.

However, when 'remote_ip' is an IPv6 address, Libreswan
still interprets '%defaultroute' as the IPv4 address on the
default gateway interface (see:
https://github.com/libreswan/libreswan/issues/416) giving
an "address family inconsistency" error.

This patch resolves this issue by specifying the
connection as IPv6 when the 'remote_ip' is IPv6 and
'local_ip' has not been set.

Fixes: 22c5eafb6efa ("ipsec: reintroduce IPsec support for tunneling")
Signed-off-by: Mark Gray <mark.d.gray at redhat.com>
Acked-by: Flavio Leitner <fbl at sysclose.org>
Acked-by: Aaron Conole <aconole at redhat.com>
Acked-by: Eelco Chaudron <echaudro at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>




More information about the git mailing list