ipsec: reintroduce IPsec support for tunneling

This patch reintroduces ovs-monitor-ipsec daemon that was previously removed by commit 2b02d77 ("openvswitch: Allow external IPsec tunnel management.") After this patch, there are no IPsec flavored tunnels anymore. IPsec is enabled by setting up the right values in: 1. OVSDB:Interface:options column; 2. OVSDB:Open_vSwitch:other_config column; 3. OpenFlow pipeline. GRE, VXLAN, GENEVE, and STT IPsec tunnels are supported. LibreSwan and StrongSwan IKE daemons are supported. User can choose pre-shared key, self-signed peer certificate, or CA-signed certificate as authentication methods. Signed-off-by: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com> Signed-off-by: Ansis Atteka <aatteka@ovn.org> Co-authored-by: Ansis Atteka <aatteka@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org>
openvswitch · Nov 9, 2018 · 22c5eaf · 22c5eaf
1 parent d96d0b0
commit 22c5eaf
Show file tree

Hide file tree

Showing 3 changed files with 1,246 additions and 0 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -482,6 +482,7 @@ include tests/automake.mk
 include include/automake.mk
 include third-party/automake.mk
 include debian/automake.mk
+include ipsec/automake.mk
 include vswitchd/automake.mk
 include ovsdb/automake.mk
 include rhel/automake.mk

diff --git a/ipsec/automake.mk b/ipsec/automake.mk
@@ -0,0 +1,10 @@
+# Copyright (C) 2017 Nicira, Inc.
+#
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved.  This file is offered as-is,
+# without warranty of any kind.
+
+EXTRA_DIST += \
+        ipsec/ovs-monitor-ipsec
+FLAKE8_PYFILES += ipsec/ovs-monitor-ipsec