Hi Ansis, I used "ip xfrm add policy" command to add policy. I have not used "ovs-monitor-ipsec".Can it be used to encryt based on GRE key?. I tested with GRE key value only.I will test weather Port no, based filtering is supported in OVS or not and revert.
Regards Harsh jain Regards Harsh Jain On Tue, Jun 9, 2015 at 2:07 AM, Ansis Atteka <[email protected]> wrote: > On Mon, Jun 8, 2015 at 12:19 AM, Harsh Jain <[email protected]> wrote: >> Hi, >> >> >> While trying to encrypt(IPsec policy) packets based on GRE key >> received in packets. kernel didn't encrypted the packets received from >> OVS bridge. The packets forwarded to Desination unencrypted. >> Kernel treats packet having different keys as same flow type. > > It seems that you are not using ovs-monitor-ipsec to install IPsec > policies for you? > >> >> >> Kernel Version used : 3.18.14 >> ovs-vswitchd (Open vSwitch) 2.0.1 >> Compiled Apr 16 2014 14:19:17 >> OpenFlow versions 0x1:0x1 >> >> Fix Applied : Find attached initial patch. >> >> Please confirm if it is bug?. > > I think this could be classified as bug for those use cases when one > wants to install such fine grained IPsec policies based on GRE key. > BTW I looked in ip-xfrm man page and it has more fields in SELECTOR. > > >> >> >> Regards >> Harsh Jain >> >> _______________________________________________ >> discuss mailing list >> [email protected] >> http://openvswitch.org/mailman/listinfo/discuss >> _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss
