diff options
| author | Boleslaw Tokarski <boleslaw.tokarski@jollamobile.com> | 2020-04-08 11:47:20 +0100 |
|---|---|---|
| committer | Ilya Maximets <i.maximets@ovn.org> | 2020-09-16 01:05:45 +0200 |
| commit | b424becaac58d8cb08fb19ea839be6807d3ed57f (patch) | |
| tree | 9dee85f66bb243c5db34353d95f428ae2cd61bab /ipsec | |
| parent | 8dc3911bb190f59276aac1e710b69b6411e00884 (diff) | |
| download | openvswitch-b424becaac58d8cb08fb19ea839be6807d3ed57f.tar.gz | |
ipsec: Fix Strongswan configuration syntax.
Strongswan seems to have .opt files in the source tree with the dotted
option syntax. It seems that up until version 5.6, the syntax was also
accepted by Strongswan.
However, the .opt files are converted to .conf files during Strongswan
build, and the dotted syntax is no longer accepted by Strongswan (tested
on 5.8.2).
The effect was that the ovs ipsec monitor fails to start Strongswan,
since that complains with:
/etc/strongswan.d/ovs.conf:4: syntax error, unexpected ., expecting : or '{' or '=' [.]
This commit fixes the configuration file provided to Strongswan to .conf
syntax.
Signed-off-by: Boleslaw Tokarski <boleslaw.tokarski@jollamobile.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Diffstat (limited to 'ipsec')
| -rwxr-xr-x | ipsec/ovs-monitor-ipsec.in | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index 1c185bbd8..b84608a55 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -145,10 +145,18 @@ class StrongSwanHelper(object): """This class does StrongSwan specific configurations.""" STRONGSWAN_CONF = """%s -charon.plugins.kernel-netlink.set_proto_port_transport_sa = yes -charon.plugins.kernel-netlink.xfrm_ack_expires = 10 -charon.load_modular = yes -charon.plugins.gcm.load = yes +charon { + plugins { + kernel-netlink { + set_proto_port_transport_sa = yes + xfrm_ack_expires = 10 + } + gcm { + load = yes + } + } + load_modular = yes +} """ % (FILE_HEADER) CONF_HEADER = """%s |