On Fri, Mar 11, 2011 at 10:13 PM, Justin Pettit <[email protected]> wrote: > IPsec tunnels are only supported on Debian systems running > ovs-monitor-ipsec. Since that daemon configures IPsec, ovs-vswitchd > doesn't actually know whether IPsec will actually work. With this > commit, a warning is printed that it is unlikely to work unless that > daemon is started. > > There is a more serious issue that IPsec traffic can pass unencrypted if > that daemon is not running. To fix that problem, changes to the kernel > module will need to occur. A future commit will address that issue, but > this earlier warning will be useful regardless.
Why don't we just block the creation of the tunnel? What kernel changes are you envisioning? _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
