On 4/26/22 14:31, Andreas Karis wrote: > Hi! > > No worries! After some reflection, the '--force-encapsulation' patch IMO is > not the correct way to go, but I did not know how to recall it once it was > acknowledged ... :-(
Acknowledged doesn't mean accepted. :) In any case, the procedure is to just reply to the email. Even if something is already accepted it can be reverted if the justification is solid. > I would prefer to have the patch that allows the generic options instead, so > that 'options:ipsec_encapsulation=yes' can be specified. > So, I think that `ovs-monitor-ipsec: Allow custom options per tunnel` is the > correct way to go forward and we can cancel the other patch that I submitted > as it's the wrong approach for solving this problem. Ok. Makes sense. I'll mark the other patch as superseded by this one. Thanks for clarification! Best regards, Ilya Maximets. > > - Andreas > > > > El mar, 26 abr 2022 a las 12:03, Ilya Maximets (<i.maxim...@ovn.org > <mailto:i.maxim...@ovn.org>>) escribió: > > On 3/2/22 14:40, Andreas Karis wrote: > > Tunnels in LibreSwan and OpenSwan allow for many options to be set on a > > per tunnel basis. Pass through any options starting with ipsec_ to the > > connection in the configuration file. Administrators are responsible for > > picking valid key/value pairs. > > > > Signed-off-by: Andreas Karis <ak.ka...@gmail.com > <mailto:ak.ka...@gmail.com>> > > --- > > Documentation/tutorials/ipsec.rst | 45 +++++++++++++++++++++++++++++++ > > ipsec/ovs-monitor-ipsec.in <http://ovs-monitor-ipsec.in> | 17 > +++++++++++- > > vswitchd/vswitch.xml | 4 ++- > > 3 files changed, 64 insertions(+), 2 deletions(-) > > > > diff --git a/Documentation/tutorials/ipsec.rst > b/Documentation/tutorials/ipsec.rst > > index b6cc1c3a8..00cdc5ec2 100644 > > --- a/Documentation/tutorials/ipsec.rst > > +++ b/Documentation/tutorials/ipsec.rst > > @@ -303,6 +303,50 @@ external IP is 1.1.1.1, and `host_2`'s external IP > is 2.2.2.2. Make sure > > You should be able to see that ESP packets are being sent from > `host_1` to > > `host_2`. > > > > +Custom options > > +--------------- > > + > > +Any parameter prefixed with `ipsec_` will be added to the connection > profile. > > +For example:: > > + > > + # ovs-vsctl set interface tun options:ipsec_encapsulation=yes > > Hi, Andreas. > > Thanks for working on this, and sorry for my slow replies. > > I'm trying to understand the difference between 2 patches that you sent. > The '--force-encapsulation' and this one. It seems to me that > '--force-encapsulation' is the same as 'options:ipsec_encapsulation=yes', > is that true or am I missing something? I'm just trying to understand > why we need both. > > Best regards, Ilya Maximets. > _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
