On 30 August 2016 at 02:21, Jesse Gross wrote:
> On Mon, Aug 29, 2016 at 11:57 AM, Ansis Atteka wrote:
> > If ipsec_gre tunnel configuration is changed in OVSDB,
> > then GRE packets may sometimes exit unencrypted until
> > per-tunnel IPsec policies are installed by ovs-monitor-ipsec
> > daemon.
On Mon, Aug 29, 2016 at 11:57 AM, Ansis Atteka wrote:
> If ipsec_gre tunnel configuration is changed in OVSDB,
> then GRE packets may sometimes exit unencrypted until
> per-tunnel IPsec policies are installed by ovs-monitor-ipsec
> daemon.
>
> This patch fixes this issue by installing single, low
If ipsec_gre tunnel configuration is changed in OVSDB,
then GRE packets may sometimes exit unencrypted until
per-tunnel IPsec policies are installed by ovs-monitor-ipsec
daemon.
This patch fixes this issue by installing single, low
priority IPsec block policy that drops all GRE packets
coming out
