Revert "Configure narrowing=yes for IPsec connections"

This reverts commit e0bfa7e. Signed-off-by: Periyasamy Palanisamy <[email protected]>
openshift · Dec 19, 2024 · 5a0f0e0 · 5a0f0e0
1 parent 7f7957a
commit 5a0f0e0
Showing 1 changed file with 0 additions and 14 deletions.
diff --git a/bindata/network/ovn-kubernetes/common/ipsec-host.yaml b/bindata/network/ovn-kubernetes/common/ipsec-host.yaml
@@ -241,20 +241,6 @@ spec:
             sed -i "/${defaultcpinclude}/s/^/# /" /etc/ipsec.conf
           fi
 
-          # Use /etc/ipsec.d/cno.conf file to write our own default IPsec connection parameters.
-          # The /etc/ipsec.d/openshift.conf file can not be used because it is managed by openvswitch.
-          touch /etc/ipsec.d/cno.conf
-          if ! grep -q "narrowing=yes" /etc/ipsec.d/cno.conf; then
-          cat <<EOF > /etc/ipsec.d/cno.conf
-          # Default IPsec connection parameters rendered by network operator.
-          # The narrowing=yes is needed to narrow down the proposals exchanged
-          # by two peers to a mutually acceptable set, otherwise it sometimes
-          # have traffic hit between peer nodes.
-          conn %default
-              narrowing=yes
-          EOF
-          fi
-
           # since pluto is on the host, we need to restart it after changing connection
           # parameters.
           chroot /proc/1/root ipsec restart