Hi everyone,
I'm trying to build a simple OVS setup as follows:
-two OVS switches (on separate machines), both having one physical port
(enp0s10) and a virtual one (vxlan0), on the same br0 bridge.
-each br0 has a manually set IPv6 address that's being used as source and
destination for the VXLAN tunnel.
[Scenario 1]
-VXLAN comes up, traffic flows from the physical interface to the VXLAN tunnel
and vice-versa
[Scenario 2]
-I've added strongswan and configured host-to-host IPSec encryption, but
unfortunately traffic is not passing between briges.
Am I missing something? Is there another way to do this? I'm pasting below my
configuration, maybe it helps
[bridge-config]
Bridge "br0"
Controller "tcp:[fd00::100]"
fail_mode: secure
Port "br0"
Interface "br0"
type: internal
Port "vxlan0"
Interface "vxlan0"
type: vxlan
options: {key="1000", local_ip="fd00::10", remote_ip="fd00::11"}
Port "enp0s10"
Interface "enp0s10"
ovs_version: "2.9.0"
[openflow-flows]
cookie=0x0, duration=86993.364s, table=0, n_packets=168419, n_bytes=16303712,
in_port=enp0s10 actions=output:vxlan0
cookie=0x0, duration=86992.812s, table=0, n_packets=167802, n_bytes=16266100,
in_port=vxlan0 actions=output:enp0s10
[strongswan_ipsec.conf]
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
authby=secret
mobike=no
conn host-host
left=fd00::10
leftid=fd00::10
right=fd00::11
rightid=fd00::11
auto=route
Thx,
Seb
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
