[ovs-dev] [PATCH] netdev-vport: Warn on IPsec tunnels when ovs-monitor-ipsec not running.
Jesse Gross
jesse at nicira.com
Sun Mar 13 18:13:54 UTC 2011
On Fri, Mar 11, 2011 at 10:13 PM, Justin Pettit <jpettit at nicira.com> wrote:
> IPsec tunnels are only supported on Debian systems running
> ovs-monitor-ipsec. Since that daemon configures IPsec, ovs-vswitchd
> doesn't actually know whether IPsec will actually work. With this
> commit, a warning is printed that it is unlikely to work unless that
> daemon is started.
>
> There is a more serious issue that IPsec traffic can pass unencrypted if
> that daemon is not running. To fix that problem, changes to the kernel
> module will need to occur. A future commit will address that issue, but
> this earlier warning will be useful regardless.
Why don't we just block the creation of the tunnel? What kernel
changes are you envisioning?
More information about the dev
mailing list