Hi Zhongzhou, sorry for the late reply.
On Fri, May 24, 2024 at 3:03 PM Zhongzhou Cai via discuss < ovs-discuss@openvswitch.org> wrote: > Hi Open vSwitch experts, > > I'm following this OVS tutorial > <https://docs.openvswitch.org/en/latest/tutorials/ipsec/#ovs-ipsec-tutorial> > to set up IPsec tunnel to encrypt data flow between VM1 on host1 and VM2 on > host2. VM1 is connected with an OVS bridge on host1, and VM2 is connected > with an OVS bridge on host2. I wonder: > 1) Does this tutorial set up IPsec over GRE or GRE over IPSec? > This tutorial set IPsec over GRE. The current support of IPsec in OVS is transport mode only and if you take a look at ipsec/ovs-monitor-ipsec script you can see that the default mode is hardcoded inside the script so I don't think it's configurable: conn %%default keyingtries=%%forever * type=transport* auto=route ike=aes_gcm256-sha2_256 esp=aes_gcm256 ikev2=insist 2) Also, is OVS IPsec in transport mode or tunnel mode? Is it configurable? > > Thanks, > Zhongzhou Cai > _______________________________________________ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss >
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
