This patch series reintroduce IPsec support for OVS tunneling and enable OVN to use IPsec tunnels. GRE, VXLAN, GENEVE, and STT IPsec tunnels are supported. StrongSwan and LibreSwan IKE daemons are supported.
Changes from v1 to v2: 1) Merged the ovs-monitor-ipsec code to a single patch. Added LibreSwan IKE daemon support. 2) Use openssl to extract CN from certificate so that users don't need to specify the CN information in the configuration interface. 3) Improved documentations as suggested. Qiuyu Xiao (4): datapath: add transport ports in route lookup to enable IPsec policy match. ipsec: reintroduce IPsec support for tunneling ovs-pki: generate x.509 v3 certificate OVN: native support for tunnel encryption Documentation/automake.mk | 1 + Documentation/howto/index.rst | 1 + Documentation/howto/ipsec.rst | 256 +++++++ Makefile.am | 1 + NEWS | 3 + datapath/linux/compat/geneve.c | 29 +- datapath/linux/compat/stt.c | 15 +- datapath/linux/compat/vxlan.c | 14 +- debian/automake.mk | 3 + debian/control | 21 + debian/openvswitch-ipsec.dirs | 1 + debian/openvswitch-ipsec.init | 189 +++++ debian/openvswitch-ipsec.install | 1 + ipsec/automake.mk | 10 + ipsec/ovs-monitor-ipsec | 1152 ++++++++++++++++++++++++++++++ ovn/controller/encaps.c | 33 +- ovn/controller/encaps.h | 7 +- ovn/controller/ovn-controller.c | 4 +- ovn/northd/ovn-northd.c | 8 +- ovn/ovn-architecture.7.xml | 39 + ovn/ovn-nb.ovsschema | 7 +- ovn/ovn-nb.xml | 6 + ovn/ovn-sb.ovsschema | 7 +- ovn/ovn-sb.xml | 6 + utilities/ovs-pki.in | 18 +- vswitchd/vswitch.xml | 124 +++- 26 files changed, 1913 insertions(+), 43 deletions(-) create mode 100644 Documentation/howto/ipsec.rst create mode 100644 debian/openvswitch-ipsec.dirs create mode 100644 debian/openvswitch-ipsec.init create mode 100644 debian/openvswitch-ipsec.install create mode 100644 ipsec/automake.mk create mode 100755 ipsec/ovs-monitor-ipsec -- 2.18.0 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev