Hi Guru, Problem is solved.
ovsdb-server is using /etc/openvswitch/conf.db , where as ovs-monitor-ipsec is using /usr/local/etc/openvsitch/conf.db. On configuring type=ipsec_gre , /etc/openvswitch/conf.db is updating, no information is send to ovs-monitor-ipsec because it's using /usr/local/etc/openvsitch/conf.db. On using same conf.db for both , the synchronization is properly done. Working fine ..! Regards, Venkata Santhosh On Fri, Aug 26, 2016 at 11:25 AM, santhu vaddepally < santhuvaddepa...@gmail.com> wrote: > Hi Guru, > > Thanks for the Info. > > Yes , racoon binary is running, but whenever i configure type=ipsec_gre > with the following command the psk.txt and racoon.conf are not updating > with configured values. What would be the reason ? > > # ovs-vsctl add-port br1 gre1 -- set interface gre1 type=ipsec_gre > options:remote_ip=192.168.122.151 options:psk=testing > > Regards, > Venkata Santhosh > > > > > On Thu, Aug 25, 2016 at 7:57 PM, Guru Shetty <g...@ovn.org> wrote: > >> >> >> On 25 August 2016 at 07:15, santhu vaddepally <santhuvaddepa...@gmail.com >> > wrote: >> >>> Hi, >>> >>> Now i am able to configure the GRE over IPSEC, but not able to establish >>> the tunnel. I have checked in the backend, ovs-monitor-ipsec daemon is >>> running , but no racoon binary is running, even the secrets and policies >>> were not seen in /etc/racoon/racoon.conf and /etc/racoon/psk.txt. >>> >> >> You will have to run racoon. If this is important, I suggest reading >> ovs-monitor-ipsec daemon. It is straight-forward. >> >> >>> >>> Here is the configuration >>> >>> Host1 : >>> >>> # ovs-vsctl add-br br0 >>> # ovs-vsctl add-br br1 >>> # ovs-vsctl add-port br0 eth0 >>> # ifconfig eth0 0 && ifconfig br0 192.168.122.7 netmask 255.255.255.0 >>> # ifconfig br1 10.1.2.1 netmask 255.255.255.0 >>> # ovs-vsctl add-port br1 gre1 -- set interface gre1 type=ipsec_gre >>> options:remote_ip=192.168.122.151 options:psk=testing >>> >>> >>> Host2 : >>> >>> >>> # ovs-vsctl add-br br0 >>> # ovs-vsctl add-br br1 >>> # ovs-vsctl add-port br0 eth0 >>> # ifconfig eth0 0 && ifconfig br0 192.168.122.151 netmask 255.255.255.0 >>> # ifconfig br1 10.1.2.2 netmask 255.255.255.0 >>> # ovs-vsctl add-port br1 gre1 -- set interface gre1 type=ipsec_gre >>> options:remote_ip=192.168.122.7 options:psk=testing >>> >>> Can anyone help, why racoon is not being invoked ..? >>> >>> Regards, >>> Venkata Santhosh >>> >>> >>> On Thu, Aug 25, 2016 at 5:15 PM, santhu vaddepally < >>> santhuvaddepa...@gmail.com> wrote: >>> >>> > Hi , >>> > >>> > Now i am able to run ovs-monitor-ipsec. >>> > >>> > # /usr/bin/python /usr/share/openvswitch/scripts/ovs-monitor-ipsec >>> > --pidfile=/var/run/openvswitch/ovs-monitor-ipsec.pid >>> > \ --log-gile --detach --monitor >>> > unix:/var/run/openvswitch/db.sock >>> > >>> > But still facing issue on executing below command >>> > >>> > # ovs-vsctl add-port br1 gre1 -- set interface gre1 type=ipsec_gre >>> > options:remot_ip=15.15.15.15 optioins:psk=secret >>> > >>> > Error Log : >>> > --------------- >>> > >>> > IPsec requires the ovs-monitor-ipsec daemon. >>> > >>> > >>> > Thanks, >>> > Venkata Santhosh >>> > >>> > On Thu, Aug 25, 2016 at 2:30 PM, santhu vaddepally < >>> > santhuvaddepa...@gmail.com> wrote: >>> > >>> >> Hi, >>> >> >>> >> I am trying to establish GRE over IPSEC , but with the following >>> command >>> >> getting error logs. >>> >> >>> >> # ovs-vsctl add-port br1 gre1 -- set interface gre1 type=ipsec_gre >>> >> options:remot_ip=15.15.15.15 optioins:psk=secret >>> >> >>> >> Error Log : >>> >> --------------- >>> >> >>> >> IPsec requires the ovs-monitor-ipsec daemon. >>> >> >>> >> >>> >> >>> >> I tried to run ovs-monitor-ipsec script with following command , >>> >> >>> >> # /usr/share/openvswitch/scripts/ovs-monitor-ipsec >>> >> /etc/openvswitch/conf.db >>> >> >>> >> Logs : >>> >> -------- >>> >> >>> >> Connecting ... >>> >> Connection attempt failed (address family not supported by protocol) >>> >> >>> >> >>> >> Can anyone please tell me the exact command to run ovs-monitor-ipsec >>> with >>> >> proper arguments ? >>> >> >>> >> Thanks in Advance .. >>> >> >>> >> Regards, >>> >> Venkata Santhosh >>> >> >>> > >>> > >>> _______________________________________________ >>> dev mailing list >>> dev@openvswitch.org >>> http://openvswitch.org/mailman/listinfo/dev >>> >> >> > _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
