Sorry to bother you. I just solved the issue now. I am working on Ubuntu 12.04 with ovs-monitor-ipsec version 1.6.1.
The thing is that I made mistake on ipsec_gre configuration. ovs-vswitch.log says.. 2012-12-18T08:26:31Z|00142|netdev_vport|ERR|gre1: IPsec requires an 'peer_cert' or psk' argument Meanwhile I configured the interface with peer_cert AND psk like following ovs-vsctl set interface gre1 type=ipsec_gre options:peer_cert=peer.pem options:certificate=cert.pem options:psk=testpsk After I omitted peer_cert to leave only options:certificate and options:psk, it worked well. Thanks, On Tue, Dec 18, 2012 at 5:29 PM, Justin Pettit <[email protected]> wrote: > What platform are you using? Are you running ovs-monitor-ipsec? What > does "ovs-dpctl show br1" say when ipsec_gre is configured? Do you see any > errors in ovs-vswitchd.log? > > --Justin > > > On Dec 18, 2012, at 12:05 AM, Diego Rivero <[email protected]> wrote: > > > Hi, > > > > I am now facing some problem while working on GRE over IPsec with Open > vSwitch version 1.6.1. "ovs-ofctl show br1" does not show any port number > for ipsec_gre, so I cannot set up flows for ipsec packets. Only tap1 that > is activated for a kvm instance is shown on the prompt. Does anybody know > how to make it through? > > > > > > > > # ovs-vsctl add-br br1 > > # ovs-vsctl add-port br1 tap1 > > # ovs-vsctl add-port br1 gre1 > > # ovs-vsctl set interface gre1 type=gre options:remote_ip=192.168.2.25 > > # ovs-ofctl show br1 > > OFPT_FEATURES_REPLY (xid=0x1): ver:0x1, dpid:0000aea6970c5149 > > n_tables:255, n_buffers:256 > > features: capabilities:0xc7, actions:0xfff > > 3(tap1): addr:9e:59:be:c9:f5:a6 > > config: 0 > > state: 0 > > current: 10MB-FD COPPER > > 9(gre1): addr:de:25:2e:36:dc:55 > > config: 0 > > state: 0 > > LOCAL(br1): addr:ae:a6:97:0c:51:49 > > config: 0 > > state: 0 > > OFPT_GET_CONFIG_REPLY (xid=0x3): frags=normal miss_send_len=0 > > > > > > > > > > # ovs-vsctl set interface gre1 type=ipsec_gre options:peer_cert=peer.pem > options:certificate=cert.pem options:psk=testpsk > > # ovs-ofctl show br1 > > OFPT_FEATURES_REPLY (xid=0x1): ver:0x1, dpid:0000aea6970c5149 > > n_tables:255, n_buffers:256 > > features: capabilities:0xc7, actions:0xfff > > 3(tap1): addr:9e:59:be:c9:f5:a6 > > config: 0 > > state: 0 > > current: 10MB-FD COPPER > > LOCAL(br1): addr:ae:a6:97:0c:51:49 > > config: 0 > > state: 0 > > OFPT_GET_CONFIG_REPLY (xid=0x3): frags=normal miss_send_len=0 > > > > > > > > > > > > # ovs-vsctl set interface gre1 type=capwap > > root@zenra:~/ovs# ovs-ofctl show br1 > > OFPT_FEATURES_REPLY (xid=0x1): ver:0x1, dpid:0000aea6970c5149 > > n_tables:255, n_buffers:256 > > features: capabilities:0xc7, actions:0xfff > > 3(tap1): addr:9e:59:be:c9:f5:a6 > > config: 0 > > state: 0 > > current: 10MB-FD COPPER > > 10(gre1): addr:aa:70:f5:39:4b:2c > > config: 0 > > state: 0 > > LOCAL(br1): addr:ae:a6:97:0c:51:49 > > config: 0 > > state: 0 > > OFPT_GET_CONFIG_REPLY (xid=0x3): frags=normal miss_send_len=0 > > > > > > > > # ovs-vsctl add-port br1 tap2 > > # ovs-ofctl show br1 > > OFPT_FEATURES_REPLY (xid=0x1): ver:0x1, dpid:0000aea6970c5149 > > n_tables:255, n_buffers:256 > > features: capabilities:0xc7, actions:0xfff > > 3(tap1): addr:9e:59:be:c9:f5:a6 > > config: 0 > > state: 0 > > current: 10MB-FD COPPER > > LOCAL(br1): addr:ae:a6:97:0c:51:49 > > config: 0 > > state: 0 > > OFPT_GET_CONFIG_REPLY (xid=0x3): frags=normal miss_send_len=0 > > > > > > > > > > Thanks, > > _______________________________________________ > > discuss mailing list > > [email protected] > > http://openvswitch.org/mailman/listinfo/discuss > >
_______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
