search

openvswitch / ovs-issues

Issue tracker repo for Open vSwitch
10 stars 3 forks source link

how do openvswitch-ipsec deal with libreswan on centos9? #305

Closed bettswang closed 1 year ago

bettswang commented 1 year ago

Hi,maintainers

I try to deploy openvswitch with ipsec function on centos9. Then I install openvswitch-ipsec package with other dependencies. I set up the ipsec tunnel with PSK . It works well. However there are some error when I change to use self-signed cert. The libreswan uses nss database for ipsec, so it is unable to assign the path of cert and private key to the openvswitch. 

[root@localhost ~]# yum install openvswitch3.1-ipsec.x86_64
Last metadata expiration check: 0:00:12 ago on Thu 14 Sep 2023 05:32:18 PM CST.
Dependencies resolved.
==============================================================================================================================================================
 Package                                            Architecture             Version                           Repository                                Size
==============================================================================================================================================================
Installing:
 openvswitch3.1-ipsec                               x86_64                   3.1.0-36.el9s                     centos-nfv-openvswitch                    27 k
Installing dependencies:
 ldns                                               x86_64                   1.7.1-11.el9                      appstream                                161 k
 libreswan                                          x86_64                   4.12-1.el9                        appstream                                1.3 M
 openvswitch-selinux-extra-policy                   noarch                   1.0-31.el9s                       centos-nfv-openvswitch                    14 k
 openvswitch3.1                                     x86_64                   3.1.0-36.el9s                     centos-nfv-openvswitch                   6.8 M
 python3-openvswitch3.1                             x86_64                   3.1.0-36.el9s                     centos-nfv-openvswitch                   267 k
bettswang commented 1 year ago

Import cert and key into nss. Reffer to https://github.com/libreswan/libreswan/issues/1267. And then create certs|private under /etc/ipsec.d/ , put the cert and private-key into the dir.