Hi Sebastian, If it is an IPsec configuation problem, you can check syslog to see what error messages were put by the strongswan daemon.
There is a patchset which configures IPsec tunnel for OVS. It should work with VXLAN tunnel and strongswan. You can check it out in https://github.com/qiuyuX/ovs-ipsec. Best, Qiuyu On Mon, Sep 17, 2018 at 3:57 PM Sebastian Pitei <sebast...@pitei.eu> wrote: > > Hi everyone, > > I'm trying to build a simple OVS setup as follows: > -two OVS switches (on separate machines), both having one physical port > (enp0s10) and a virtual one (vxlan0), on the same br0 bridge. > -each br0 has a manually set IPv6 address that's being used as source and > destination for the VXLAN tunnel. > > [Scenario 1] > -VXLAN comes up, traffic flows from the physical interface to the VXLAN > tunnel and vice-versa > > [Scenario 2] > -I've added strongswan and configured host-to-host IPSec encryption, but > unfortunately traffic is not passing between briges. > > Am I missing something? Is there another way to do this? I'm pasting below my > configuration, maybe it helps > > [bridge-config] > Bridge "br0" > Controller "tcp:[fd00::100]" > fail_mode: secure > Port "br0" > Interface "br0" > type: internal > Port "vxlan0" > Interface "vxlan0" > type: vxlan > options: {key="1000", local_ip="fd00::10", > remote_ip="fd00::11"} > Port "enp0s10" > Interface "enp0s10" > ovs_version: "2.9.0" > > [openflow-flows] > cookie=0x0, duration=86993.364s, table=0, n_packets=168419, n_bytes=16303712, > in_port=enp0s10 actions=output:vxlan0 > cookie=0x0, duration=86992.812s, table=0, n_packets=167802, > n_bytes=16266100, in_port=vxlan0 actions=output:enp0s10 > > [strongswan_ipsec.conf] > > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > keyexchange=ikev2 > authby=secret > mobike=no > > conn host-host > left=fd00::10 > leftid=fd00::10 > right=fd00::11 > rightid=fd00::11 > auto=route > > > Thx, > Seb > _______________________________________________ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss