http://bugzilla.opensuse.org/show_bug.cgi?id=1000220 Bug ID: 1000220 Summary: OVS support for ipsec-gre tunnels Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: All OS: openSUSE 42.1 Status: NEW Severity: Enhancement Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: boleslaw.tokarski@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- The packages in openSUSE 42.1 contained support for ipsec-gre tunnels, which was disabled by default. After the release, even this support was removed from the package. I explicitly needed ipsec-gre support in openSUSE 42.1, I made it work: 1. I enabled the trigger that builds the openvswitch-ipsec packages. 2. The openvswitch-ipsec.init script was a 1:1 copy from a previous openvswitch release (pre-2.3 series), from debian/openvswitch-ipsec.init. It was missing an iptables MARK rule and had Debain-style log functions. I updated the init script and modified the log messages to either something that I found in opensuse's init-functions or with an echo. 3. openvswitch-ipsec needs to start before openvswitch, so I made a systemd wrapper similar to that of openvswitch.service 4. The debian/ovs-monitor-ipsec file was installed into an incorrect directory, so the init script didn't pick it up. 5. ovs-monitor-ipsec relied on /etc/init.d/racoon init script to control racoon. 6. In the openvswitch.service I needed to alter the dependencies so that wicked can use the already-started openvswitch. 7. I needed to add OVS_CTL_OPTS='--delete-bridges' in openvswitch-switch.template. I don't remember the reason now, but I think it was badly interacting with wickedd. 8. The spec file required some changes to accomodate that. Patches: ad. 1/4/8. openvswitch.spec.diff - contains a diff from 42.1 spec ad. 2. openvswitch-ipsec.init - full init script text, updated to 2.3 and with Debianisms removed ad. 3. openvswitch-ipsec.service - systemd wrapper around the init.d script ad. 5. ovs-monitor-ipsec.patch - patch applied from the altered spec file ad. 6. openvswitch.service - altered systemd wrapper around the original init.d script ad. 7. openvswitch-switch.template.diff - diff from 42.1 file Please review the changes and include ipsec-gre support in forthcoming openvswitch package releases in openSUSE. -- You are receiving this mail because: You are on the CC list for the bug.