On 16/02/2021 15:06, Balazs Nemeth wrote: Thanks Balazs. Good catch
> Signed-off-by: Balazs Nemeth <[email protected]> > --- > Documentation/tutorials/ipsec.rst | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/Documentation/tutorials/ipsec.rst > b/Documentation/tutorials/ipsec.rst > index 3b3e42c59..8256b5aa6 100644 > --- a/Documentation/tutorials/ipsec.rst > +++ b/Documentation/tutorials/ipsec.rst > @@ -144,6 +144,14 @@ external IP is 1.1.1.1, and `host_2`'s external IP is > 2.2.2.2. Make sure > options:remote_ip=$ip_1 \ > options:psk=swordfish > > + Set the "local_ip" field in the Interface table on host_1:: If I was to be pedantic, this is an optional step. If your system only has one NIC or the default gateway interface is the interface that tunnel traffic egresses from, it is not strictly necessary. However, it doesn't hurt to always include it. Can you add a comment to highlight that? > + > + $ ovs-vsctl set Interface tun options:local_ip=$ip_1 These should probably start with '#' rather than '$' to indicate 'root' privileges. They could also be rolled into the command above rather than a separate command. However, considering my comment below, you may decide to keep like this. > + > + Same on host_2:: > + > + $ ovs-vsctl set Interface tun options:local_ip=$ip_2 > + > .. note:: > > Pre-shared key (PSK) based authentication is easy to set up but less > Can you add something similar to the other authentication methods? Or alternatively you could have some kind of 'note' section that covers all three cases. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
