On 8/7/24 20:36, Jim C wrote: > Thanks Ilya! > > We do have the directory /etc/strongswan.d on our host. How is this ovs.conf > created? > Is it created when we install the OVS IPSec package and it will look for the > strongSwan > directory and place the file there?
It is created by ovs-monitor-ipsec daemon when it starts. Where the error you posted is coming from? I'd suggest checking audit log in case selinux is blocking access to that directory. And generally checking if the daemon has access to that directory, i.e. user/group permissions. > > If that's the case, does it mean that we must install OVS after strongSwan is > installed? > > Thanks. > > On Wed, Aug 7, 2024 at 9:14 AM Ilya Maximets <i.maxim...@ovn.org > <mailto:i.maxim...@ovn.org>> wrote: > > On 8/7/24 09:11, Jim C wrote: > > Thanks Ilya, but we see an error complaining: > > > > *FileNotFoundError: [Errno 2] No such file or directory: > '/etc/strongswan.d/ovs.conf' > > Does the /etc/strongswan.d directory exist? > If not, you may need to check your strongswan installation > and find out why it is not there. > > Best regards, Ilya Maximets. > > > * > > > > We are using: > > strongSwan 5.10 > > Rocky (RHEL) Linux > > > > We do hope to get rid of the libreswan dependency tho. But for now, we > can't switch to using strongSwan. > > > > Thanks. > > > > On Wed, Jul 24, 2024 at 4:50 AM Ilya Maximets <i.maxim...@ovn.org > <mailto:i.maxim...@ovn.org> <mailto:i.maxim...@ovn.org > <mailto:i.maxim...@ovn.org>>> wrote: > > > > On 7/24/24 08:31, Jim C via discuss wrote: > > > Hi, > > > > > > We saw our OVS has the following specs from this service file: > > > > > > # cat > /etc/systemd/system/multi-user.target.wants/openvswitch-ipsec.service > > > [Unit] > > > Description=OVS IPsec daemon > > > Requires=openvswitch.service > > > After=openvswitch.service > > > > > > [Service] > > > Type=forking > > > PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid > > > *ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ > > > --ike-daemon=libreswan start-ovs-ipsec* > > > ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec > > > > > > [Install] > > > WantedBy=multi-user.target > > > > > > It seems it's using libreswan. How can we switch to using > strongSwan instead? > > > > If you have strongSwan installed, you should be able to just > > replace --ike-daemon=libreswan with --ike-daemon=strongswan > > in the service file. > > > > Best regards, Ilya Maximets. > > > _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
