Hi! No worries! After some reflection, the '--force-encapsulation' patch IMO is not the correct way to go, but I did not know how to recall it once it was acknowledged ... :-( I would prefer to have the patch that allows the generic options instead, so that 'options:ipsec_encapsulation=yes' can be specified. So, I think that `ovs-monitor-ipsec: Allow custom options per tunnel` is the correct way to go forward and we can cancel the other patch that I submitted as it's the wrong approach for solving this problem.
- Andreas El mar, 26 abr 2022 a las 12:03, Ilya Maximets (<i.maxim...@ovn.org>) escribió: > On 3/2/22 14:40, Andreas Karis wrote: > > Tunnels in LibreSwan and OpenSwan allow for many options to be set on a > > per tunnel basis. Pass through any options starting with ipsec_ to the > > connection in the configuration file. Administrators are responsible for > > picking valid key/value pairs. > > > > Signed-off-by: Andreas Karis <ak.ka...@gmail.com> > > --- > > Documentation/tutorials/ipsec.rst | 45 +++++++++++++++++++++++++++++++ > > ipsec/ovs-monitor-ipsec.in | 17 +++++++++++- > > vswitchd/vswitch.xml | 4 ++- > > 3 files changed, 64 insertions(+), 2 deletions(-) > > > > diff --git a/Documentation/tutorials/ipsec.rst > b/Documentation/tutorials/ipsec.rst > > index b6cc1c3a8..00cdc5ec2 100644 > > --- a/Documentation/tutorials/ipsec.rst > > +++ b/Documentation/tutorials/ipsec.rst > > @@ -303,6 +303,50 @@ external IP is 1.1.1.1, and `host_2`'s external IP > is 2.2.2.2. Make sure > > You should be able to see that ESP packets are being sent from > `host_1` to > > `host_2`. > > > > +Custom options > > +--------------- > > + > > +Any parameter prefixed with `ipsec_` will be added to the connection > profile. > > +For example:: > > + > > + # ovs-vsctl set interface tun options:ipsec_encapsulation=yes > > Hi, Andreas. > > Thanks for working on this, and sorry for my slow replies. > > I'm trying to understand the difference between 2 patches that you sent. > The '--force-encapsulation' and this one. It seems to me that > '--force-encapsulation' is the same as 'options:ipsec_encapsulation=yes', > is that true or am I missing something? I'm just trying to understand > why we need both. > > Best regards, Ilya Maximets. > _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
