Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow IPSec encryption only for GRE tunnel #329

Merged
merged 1 commit into from
Jan 23, 2020
Merged

Allow IPSec encryption only for GRE tunnel #329

merged 1 commit into from
Jan 23, 2020

Conversation

jianjuns
Copy link
Contributor

IPSec encryption works for only GRE tunnel, so changes Agent config
valiation to allow EnableIPSecTunnel only when the tunnel type is
set to GRE.
Also improve the logging config of strongSwan charon daemon.

@antrea-bot
Copy link
Collaborator

Thanks for your PR.
Unit tests and code linters are run automatically every time the PR is updated.
E2e, conformance and network policy tests can only be triggered by a member of the vmware-tanzu organization. Regular contributors to the project should join the org.

The following commands are available:

  • /test-e2e: to trigger e2e tests.
  • /skip-e2e: to skip e2e tests.
  • /test-conformance: to trigger conformance tests.
  • /skip-conformance: to skip conformance tests.
  • /test-networkpolicy: to trigger networkpolicy tests.
  • /skip-networkpolicy: to skip networkpolicy tests.
  • /test-all: to trigger all tests.
  • /skip-all: to skip all tests.

These commands can only be run by members of the vmware-tanzu organization.

@jianjuns
Copy link
Contributor Author

jianjuns commented Jan 18, 2020
edited
Loading

Although IPSec should be supported for all tunnel types according to the OVS documentation (http://docs.openvswitch.org/en/latest/howto/ipsec/), it never works for other types except GRE in all my tests. So, before we figure out the problem, I would disallow IPSec enabled for other tunnel types.

@jianjuns
Copy link
Contributor Author

/test-all

tnqn
tnqn previously approved these changes Jan 20, 2020
View reviewed changes
Copy link
Member

@tnqn tnqn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jianjuns
Allow IPSec encryption only for GRE tunnel
eaefca8 
IPSec encryption works for only GRE tunnel, so changes Agent config
validation to allow EnableIPSecTunnel only when the tunnel type is
set to GRE.
Also improve the logging config of strongSwan charon daemon.
@jianjuns
Copy link
Contributor Author

/test-all

@jianjuns jianjuns mentioned this pull request Jan 22, 2020
Closed
4 tasks
@jianjuns
Copy link
Contributor Author

Corrected a typo in the commit message.

antoninbas
antoninbas approved these changes Jan 23, 2020
View reviewed changes
Copy link
Contributor

@antoninbas antoninbas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jianjuns jianjuns merged commit fd564a0 into master Jan 23, 2020
@jianjuns jianjuns deleted the ipsec branch January 23, 2020 05:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antoninbas antoninbas antoninbas approved these changes

@tnqn tnqn tnqn left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jianjuns @antrea-bot @antoninbas @tnqn @vmwclabot