Actually, we may not have the right path. Instead of /etc/strongswan.d, we have /etc/strongswan/strongswan.d.
Is it fine as long as we manually create /etc/strongswan.d to allow OVS to place its config file? Also, by `by ovs-monitor-ipsec daemon when it starts`, is it when we run `systemctl start openvswitch-ipsec`? On Wed, Aug 7, 2024 at 12:03 PM Ilya Maximets <i.maxim...@ovn.org> wrote: > On 8/7/24 20:36, Jim C wrote: > > Thanks Ilya! > > > > We do have the directory /etc/strongswan.d on our host. How is this > ovs.conf created? > > Is it created when we install the OVS IPSec package and it will look for > the strongSwan > > directory and place the file there? > > It is created by ovs-monitor-ipsec daemon when it starts. > Where the error you posted is coming from? > > I'd suggest checking audit log in case selinux is blocking access > to that directory. And generally checking if the daemon has access > to that directory, i.e. user/group permissions. > > > > > If that's the case, does it mean that we must install OVS after > strongSwan is installed? > > > > Thanks. > > > > On Wed, Aug 7, 2024 at 9:14 AM Ilya Maximets <i.maxim...@ovn.org > <mailto:i.maxim...@ovn.org>> wrote: > > > > On 8/7/24 09:11, Jim C wrote: > > > Thanks Ilya, but we see an error complaining: > > > > > > *FileNotFoundError: [Errno 2] No such file or directory: > '/etc/strongswan.d/ovs.conf' > > > > Does the /etc/strongswan.d directory exist? > > If not, you may need to check your strongswan installation > > and find out why it is not there. > > > > Best regards, Ilya Maximets. > > > > > * > > > > > > We are using: > > > strongSwan 5.10 > > > Rocky (RHEL) Linux > > > > > > We do hope to get rid of the libreswan dependency tho. But for > now, we can't switch to using strongSwan. > > > > > > Thanks. > > > > > > On Wed, Jul 24, 2024 at 4:50 AM Ilya Maximets <i.maxim...@ovn.org > <mailto:i.maxim...@ovn.org> <mailto:i.maxim...@ovn.org <mailto: > i.maxim...@ovn.org>>> wrote: > > > > > > On 7/24/24 08:31, Jim C via discuss wrote: > > > > Hi, > > > > > > > > We saw our OVS has the following specs from this service > file: > > > > > > > > # cat > /etc/systemd/system/multi-user.target.wants/openvswitch-ipsec.service > > > > [Unit] > > > > Description=OVS IPsec daemon > > > > Requires=openvswitch.service > > > > After=openvswitch.service > > > > > > > > [Service] > > > > Type=forking > > > > PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid > > > > *ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ > > > > --ike-daemon=libreswan start-ovs-ipsec* > > > > ExecStop=/usr/share/openvswitch/scripts/ovs-ctl > stop-ovs-ipsec > > > > > > > > [Install] > > > > WantedBy=multi-user.target > > > > > > > > It seems it's using libreswan. How can we switch to using > strongSwan instead? > > > > > > If you have strongSwan installed, you should be able to just > > > replace --ike-daemon=libreswan with --ike-daemon=strongswan > > > in the service file. > > > > > > Best regards, Ilya Maximets. > > > > > > >
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
