Setting the local address to 0.0.0.0 (v4 address) while setting the remote address to a v6 address results in an invalid configuration.
See https://github.com/strongswan/strongswan/discussions/821 Signed-off-by: Antonin Bas <[email protected]> --- ipsec/ovs-monitor-ipsec.in | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index 89a36fe17..a8b0705d9 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -202,18 +202,18 @@ conn prevent_unencrypted_vxlan """ auth_tmpl = {"psk": Template("""\ - left=0.0.0.0 + left=%any right=$remote_ip authby=psk"""), "pki_remote": Template("""\ - left=0.0.0.0 + left=%any right=$remote_ip leftid=$local_name rightid=$remote_name leftcert=$certificate rightcert=$remote_cert"""), "pki_ca": Template("""\ - left=0.0.0.0 + left=%any right=$remote_ip leftid=$local_name rightid=$remote_name @@ -299,11 +299,11 @@ conn prevent_unencrypted_vxlan def config_tunnel(self, tunnel): if tunnel.conf["psk"]: - self.secrets_file.write('0.0.0.0 %s : PSK "%s"\n' % + self.secrets_file.write('%%any %s : PSK "%s"\n' % (tunnel.conf["remote_ip"], tunnel.conf["psk"])) auth_section = self.auth_tmpl["psk"].substitute(tunnel.conf) else: - self.secrets_file.write("0.0.0.0 %s : RSA %s\n" % + self.secrets_file.write("%%any %s : RSA %s\n" % (tunnel.conf["remote_ip"], tunnel.conf["private_key"])) if tunnel.conf["remote_cert"]: -- 2.23.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
