On Fri, Jul 27, 2018 at 04:32:32PM -0700, Ben Pfaff wrote: > On Fri, Jul 27, 2018 at 01:44:28PM -0700, Qiuyu Xiao wrote: > > This patch series reintroduce IPsec support for OVS tunneling and > > enable OVN to use IPsec tunnels. GRE, VXLAN, GENEVE, and STT IPsec > > tunnels are supported. StrongSwan and LibreSwan IKE daemons are > > supported. > > Thank you. > > My first impression is that this is a really complete, high-quality > series. I'll work on reviewing it in detail.
I have a couple of overall questions about security here. What happens if IPsec is configured on a tunnel in OVS, but the OVS kernel module is too old to support IPsec? (Will traffic be sent and received in cleartext?) What about if IPsec is configured on a tunnel, but the OVS userspace is too old to support IPsec? Thanks, Ben. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
