diff options
author | Antonin Bas <antonin.bas@gmail.com> | 2021-12-20 17:38:29 -0800 |
---|---|---|
committer | Ilya Maximets <i.maximets@ovn.org> | 2022-01-21 18:45:23 +0100 |
commit | 5b3bb16b84befc98a223906c99231dff25984427 (patch) | |
tree | 2a934fbd3b596a880cdc0b59dc9a654424ba8e3c /ipsec | |
parent | 8723063c3c30177c3fe9c1b34db0066ec7abeb1d (diff) | |
download | openvswitch-5b3bb16b84befc98a223906c99231dff25984427.tar.gz |
ovs-monitor-ipsec: Fix generated strongSwan ipsec.conf for IPv6.
Setting the local address to 0.0.0.0 (v4 address) while setting the
remote address to a v6 address results in an invalid configuration.
See https://github.com/strongswan/strongswan/discussions/821
Signed-off-by: Antonin Bas <antonin.bas@gmail.com>
Acked-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Diffstat (limited to 'ipsec')
-rwxr-xr-x | ipsec/ovs-monitor-ipsec.in | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index 89a36fe17..a8b0705d9 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -202,18 +202,18 @@ conn prevent_unencrypted_vxlan """ auth_tmpl = {"psk": Template("""\ - left=0.0.0.0 + left=%any right=$remote_ip authby=psk"""), "pki_remote": Template("""\ - left=0.0.0.0 + left=%any right=$remote_ip leftid=$local_name rightid=$remote_name leftcert=$certificate rightcert=$remote_cert"""), "pki_ca": Template("""\ - left=0.0.0.0 + left=%any right=$remote_ip leftid=$local_name rightid=$remote_name @@ -299,11 +299,11 @@ conn prevent_unencrypted_vxlan def config_tunnel(self, tunnel): if tunnel.conf["psk"]: - self.secrets_file.write('0.0.0.0 %s : PSK "%s"\n' % + self.secrets_file.write('%%any %s : PSK "%s"\n' % (tunnel.conf["remote_ip"], tunnel.conf["psk"])) auth_section = self.auth_tmpl["psk"].substitute(tunnel.conf) else: - self.secrets_file.write("0.0.0.0 %s : RSA %s\n" % + self.secrets_file.write("%%any %s : RSA %s\n" % (tunnel.conf["remote_ip"], tunnel.conf["private_key"])) if tunnel.conf["remote_cert"]: |