diff options
| author | Andreas Karis <ak.karis@gmail.com> | 2022-03-02 14:40:05 +0100 |
|---|---|---|
| committer | Ilya Maximets <i.maximets@ovn.org> | 2022-05-04 16:30:21 +0200 |
| commit | e8515c8cc082964f7611e6f03300e614b9b8eaca (patch) | |
| tree | 5580898aff959d682b6d75213e4314664001bbf4 /Documentation | |
| parent | af864cedb0c893bad0c54b7f7f6a73627965b358 (diff) | |
| download | openvswitch-e8515c8cc082964f7611e6f03300e614b9b8eaca.tar.gz | |
ovs-monitor-ipsec: Allow custom options per tunnel.
Tunnels in LibreSwan and OpenSwan allow for many options to be set on a
per tunnel basis. Pass through any options starting with ipsec_ to the
connection in the configuration file. Administrators are responsible for
picking valid key/value pairs.
Signed-off-by: Andreas Karis <ak.karis@gmail.com>
Acked-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/tutorials/ipsec.rst | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/Documentation/tutorials/ipsec.rst b/Documentation/tutorials/ipsec.rst index b6cc1c3a8..7088f9036 100644 --- a/Documentation/tutorials/ipsec.rst +++ b/Documentation/tutorials/ipsec.rst @@ -303,6 +303,50 @@ external IP is 1.1.1.1, and `host_2`'s external IP is 2.2.2.2. Make sure You should be able to see that ESP packets are being sent from `host_1` to `host_2`. +Custom options +-------------- + +Any parameter prefixed with `ipsec_` will be added to the connection profile. +For example:: + + # ovs-vsctl set interface tun options:ipsec_encapsulation=yes + +Will result in:: + + # ovs-appctl -t ovs-monitor-ipsec tunnels/show + Interface name: tun v7 (CONFIGURED) + Tunnel Type: vxlan + Local IP: 192.0.0.1 + Remote IP: 192.0.0.2 + Address Family: IPv4 + SKB mark: None + Local cert: None + Local name: None + Local key: None + Remote cert: None + Remote name: None + CA cert: None + PSK: swordfish + Custom Options: {'encapsulation': 'yes'} + +And in the following connection profiles:: + + conn tun-in-7 + left=192.0.0.1 + right=192.0.0.2 + authby=secret + encapsulation=yes + leftprotoport=udp/4789 + rightprotoport=udp + + conn tun-out-7 + left=192.0.0.1 + right=192.0.0.2 + authby=secret + encapsulation=yes + leftprotoport=udp + rightprotoport=udp/4789 + Troubleshooting --------------- @@ -329,6 +373,7 @@ For example:: Remote name: None CA cert: None PSK: swordfish + Custom Options: {} Ofport: 1 <--- Whether ovs-vswitchd has assigned Ofport number to this Tunnel Port CFM state: Up <--- Whether CFM declared this tunnel healthy |