| Message ID | 0779119bbea4c396256a35f031be25bab516689a.1613487838.git.bnemeth@redhat.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [ovs-dev] docs: Add instruction to set local_ip to ipsec tutorial | expand |
On 16/02/2021 15:06, Balazs Nemeth wrote: Thanks Balazs. Good catch > Signed-off-by: Balazs Nemeth <bnemeth@redhat.com> > --- > Documentation/tutorials/ipsec.rst | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/Documentation/tutorials/ipsec.rst b/Documentation/tutorials/ipsec.rst > index 3b3e42c59..8256b5aa6 100644 > --- a/Documentation/tutorials/ipsec.rst > +++ b/Documentation/tutorials/ipsec.rst > @@ -144,6 +144,14 @@ external IP is 1.1.1.1, and `host_2`'s external IP is 2.2.2.2. Make sure > options:remote_ip=$ip_1 \ > options:psk=swordfish > > + Set the "local_ip" field in the Interface table on host_1:: If I was to be pedantic, this is an optional step. If your system only has one NIC or the default gateway interface is the interface that tunnel traffic egresses from, it is not strictly necessary. However, it doesn't hurt to always include it. Can you add a comment to highlight that? > + > + $ ovs-vsctl set Interface tun options:local_ip=$ip_1 These should probably start with '#' rather than '$' to indicate 'root' privileges. They could also be rolled into the command above rather than a separate command. However, considering my comment below, you may decide to keep like this. > + > + Same on host_2:: > + > + $ ovs-vsctl set Interface tun options:local_ip=$ip_2 > + > .. note:: > > Pre-shared key (PSK) based authentication is easy to set up but less > Can you add something similar to the other authentication methods? Or alternatively you could have some kind of 'note' section that covers all three cases.
diff --git a/Documentation/tutorials/ipsec.rst b/Documentation/tutorials/ipsec.rst index 3b3e42c59..8256b5aa6 100644 --- a/Documentation/tutorials/ipsec.rst +++ b/Documentation/tutorials/ipsec.rst @@ -144,6 +144,14 @@ external IP is 1.1.1.1, and `host_2`'s external IP is 2.2.2.2. Make sure options:remote_ip=$ip_1 \ options:psk=swordfish + Set the "local_ip" field in the Interface table on host_1:: + + $ ovs-vsctl set Interface tun options:local_ip=$ip_1 + + Same on host_2:: + + $ ovs-vsctl set Interface tun options:local_ip=$ip_2 + .. note:: Pre-shared key (PSK) based authentication is easy to set up but less
Signed-off-by: Balazs Nemeth <bnemeth@redhat.com> --- Documentation/tutorials/ipsec.rst | 8 ++++++++ 1 file changed, 8 insertions(+)