Hi Guru, Thanks for the Info.
Yes , racoon binary is running, but whenever i configure type=ipsec_gre with the following command the psk.txt and racoon.conf are not updating with configured values. What would be the reason ? # ovs-vsctl add-port br1 gre1 -- set interface gre1 type=ipsec_gre options:remote_ip=192.168.122.151 options:psk=testing Regards, Venkata Santhosh On Thu, Aug 25, 2016 at 7:57 PM, Guru Shetty <g...@ovn.org> wrote: > > > On 25 August 2016 at 07:15, santhu vaddepally <santhuvaddepa...@gmail.com> > wrote: > >> Hi, >> >> Now i am able to configure the GRE over IPSEC, but not able to establish >> the tunnel. I have checked in the backend, ovs-monitor-ipsec daemon is >> running , but no racoon binary is running, even the secrets and policies >> were not seen in /etc/racoon/racoon.conf and /etc/racoon/psk.txt. >> > > You will have to run racoon. If this is important, I suggest reading > ovs-monitor-ipsec daemon. It is straight-forward. > > >> >> Here is the configuration >> >> Host1 : >> >> # ovs-vsctl add-br br0 >> # ovs-vsctl add-br br1 >> # ovs-vsctl add-port br0 eth0 >> # ifconfig eth0 0 && ifconfig br0 192.168.122.7 netmask 255.255.255.0 >> # ifconfig br1 10.1.2.1 netmask 255.255.255.0 >> # ovs-vsctl add-port br1 gre1 -- set interface gre1 type=ipsec_gre >> options:remote_ip=192.168.122.151 options:psk=testing >> >> >> Host2 : >> >> >> # ovs-vsctl add-br br0 >> # ovs-vsctl add-br br1 >> # ovs-vsctl add-port br0 eth0 >> # ifconfig eth0 0 && ifconfig br0 192.168.122.151 netmask 255.255.255.0 >> # ifconfig br1 10.1.2.2 netmask 255.255.255.0 >> # ovs-vsctl add-port br1 gre1 -- set interface gre1 type=ipsec_gre >> options:remote_ip=192.168.122.7 options:psk=testing >> >> Can anyone help, why racoon is not being invoked ..? >> >> Regards, >> Venkata Santhosh >> >> >> On Thu, Aug 25, 2016 at 5:15 PM, santhu vaddepally < >> santhuvaddepa...@gmail.com> wrote: >> >> > Hi , >> > >> > Now i am able to run ovs-monitor-ipsec. >> > >> > # /usr/bin/python /usr/share/openvswitch/scripts/ovs-monitor-ipsec >> > --pidfile=/var/run/openvswitch/ovs-monitor-ipsec.pid >> > \ --log-gile --detach --monitor >> > unix:/var/run/openvswitch/db.sock >> > >> > But still facing issue on executing below command >> > >> > # ovs-vsctl add-port br1 gre1 -- set interface gre1 type=ipsec_gre >> > options:remot_ip=15.15.15.15 optioins:psk=secret >> > >> > Error Log : >> > --------------- >> > >> > IPsec requires the ovs-monitor-ipsec daemon. >> > >> > >> > Thanks, >> > Venkata Santhosh >> > >> > On Thu, Aug 25, 2016 at 2:30 PM, santhu vaddepally < >> > santhuvaddepa...@gmail.com> wrote: >> > >> >> Hi, >> >> >> >> I am trying to establish GRE over IPSEC , but with the following >> command >> >> getting error logs. >> >> >> >> # ovs-vsctl add-port br1 gre1 -- set interface gre1 type=ipsec_gre >> >> options:remot_ip=15.15.15.15 optioins:psk=secret >> >> >> >> Error Log : >> >> --------------- >> >> >> >> IPsec requires the ovs-monitor-ipsec daemon. >> >> >> >> >> >> >> >> I tried to run ovs-monitor-ipsec script with following command , >> >> >> >> # /usr/share/openvswitch/scripts/ovs-monitor-ipsec >> >> /etc/openvswitch/conf.db >> >> >> >> Logs : >> >> -------- >> >> >> >> Connecting ... >> >> Connection attempt failed (address family not supported by protocol) >> >> >> >> >> >> Can anyone please tell me the exact command to run ovs-monitor-ipsec >> with >> >> proper arguments ? >> >> >> >> Thanks in Advance .. >> >> >> >> Regards, >> >> Venkata Santhosh >> >> >> > >> > >> _______________________________________________ >> dev mailing list >> dev@openvswitch.org >> http://openvswitch.org/mailman/listinfo/dev >> > > _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
