git://git.onelab.eu / sliver-openvswitch.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f10a033) | patch
debian: Add support for GRE-over-IPsec
authorJustin Pettit <jpettit@nicira.com>
Fri, 17 Sep 2010 02:19:11 +0000 (19:19 -0700)
committerJustin Pettit <jpettit@nicira.com>
Thu, 23 Sep 2010 05:23:23 +0000 (22:23 -0700)
commita3acf0b0c46a28d6c891086e054d81dd915eea2e
tree51ec6dc886bfcfea97440b6ed6eb03586421dbfatree | snapshot
parentf10a03343b5dd77a41dfefad150b65863af38a00commit | diff
debian: Add support for GRE-over-IPsec

The ovs-monitor-ipsec daemon monitors the Interface table for GRE
entries.  If an entry specifies other-config parameters "ipsec-local-ip"
and ("ipsec-psk" or "ipsec-cert"), it will create the appropriate
security associations so that all GRE traffic to the remote host will be
encrypted.  In order for the two GRE tunnels to communicate, both sides
need to be configured for IPsec with appropriate authentication.

Currently, ovs-monitor-ipsec does not support certificate authentication
or ensure that an interface is actually attached to a bridge.  Both of
these issues will be addressed in a forthcoming patch.

NB: While GRE-over-IPsec should work on any system with a relatively
recent racoon and setkey, it has only been tested on Debian.  As such,
only Debian packaging has been provided.
debian/.gitignore diff | blob | history
debian/automake.mk diff | blob | history
debian/control diff | blob | history
debian/openvswitch-ipsec.dirs [new file with mode: 0644] blob
debian/openvswitch-ipsec.init [new file with mode: 0755] blob
debian/openvswitch-ipsec.install [new file with mode: 0644] blob
debian/ovs-monitor-ipsec [new file with mode: 0755] blob
vswitchd/vswitch.ovsschema diff | blob | history
vswitchd/vswitch.xml diff | blob | history
sliver-openvswitch