Brad pointed out that openvswitch-ipsec init script defined the variable
DIETIME but attempted to use it as DODTIME. This commit uses DODTIME,
since it's the name used by the openvswitch-switch init script. The
openvswitch-controller init script had the same issue.
As suggested by Ben, the "s" suffixes are removed from sleep commands,
since they are a GNU extension.
Reported-by: Brad Hall <brad@nicira.com>
The ovs-monitor-ipsec daemon monitors the Interface table for GRE
entries. If an entry specifies other-config parameters "ipsec-local-ip"
and ("ipsec-psk" or "ipsec-cert"), it will create the appropriate
security associations so that all GRE traffic to the remote host will be
encrypted. In order for the two GRE tunnels to communicate, both sides
need to be configured for IPsec with appropriate authentication.
Currently, ovs-monitor-ipsec does not support certificate authentication
or ensure that an interface is actually attached to a bridge. Both of
these issues will be addressed in a forthcoming patch.
NB: While GRE-over-IPsec should work on any system with a relatively
recent racoon and setkey, it has only been tested on Debian. As such,
only Debian packaging has been provided.
