[ovs-discuss] Is it possible to protect CAPWAP tunnel through IPSec?

Jesse Gross jesse at nicira.com
Thu May 5 16:10:16 UTC 2011

On Thu, May 5, 2011 at 7:39 AM, Rajesh Kumar G <crimsonbloat at gmail.com> wrote:
> Hi,
> Greetings,
> I would like to know if it is possible to protect an OVS CAPWAP tunnel using
> IPSec? If Yes, what should be the SA, SP created to make the traffic hit
> that?

When Open vSwitch sets up IPsec tunnels itself it changes the behavior
of the tunneling code to make it compatible with IPsec.  However, this
does not happen if you configure IPsec manually yourself.  Is there a
reason that you are using CAPWAP instead of GRE?  We have not found
any uses yet for CAPWAP over IPsec, which is why it is not
implemented.  GRE is more standard and should work fine with the OVS
IPsec support.

More information about the discuss mailing list