On 3/2/22 14:40, Andreas Karis wrote: > Tunnels in LibreSwan and OpenSwan allow for many options to be set on a > per tunnel basis. Pass through any options starting with ipsec_ to the > connection in the configuration file. Administrators are responsible for > picking valid key/value pairs. > > Signed-off-by: Andreas Karis <ak.ka...@gmail.com> > --- > Documentation/tutorials/ipsec.rst | 45 +++++++++++++++++++++++++++++++ > ipsec/ovs-monitor-ipsec.in | 17 +++++++++++- > vswitchd/vswitch.xml | 4 ++- > 3 files changed, 64 insertions(+), 2 deletions(-) > > diff --git a/Documentation/tutorials/ipsec.rst > b/Documentation/tutorials/ipsec.rst > index b6cc1c3a8..00cdc5ec2 100644 > --- a/Documentation/tutorials/ipsec.rst > +++ b/Documentation/tutorials/ipsec.rst > @@ -303,6 +303,50 @@ external IP is 1.1.1.1, and `host_2`'s external IP is > 2.2.2.2. Make sure > You should be able to see that ESP packets are being sent from `host_1` to > `host_2`. > > +Custom options > +--------------- > + > +Any parameter prefixed with `ipsec_` will be added to the connection profile. > +For example:: > + > + # ovs-vsctl set interface tun options:ipsec_encapsulation=yes
Hi, Andreas. Thanks for working on this, and sorry for my slow replies. I'm trying to understand the difference between 2 patches that you sent. The '--force-encapsulation' and this one. It seems to me that '--force-encapsulation' is the same as 'options:ipsec_encapsulation=yes', is that true or am I missing something? I'm just trying to understand why we need both. Best regards, Ilya Maximets. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
