The packages in openSUSE 42.1 contained support for ipsec-gre tunnels, which
was disabled by default. After the release, even this support was removed from
the package.

I explicitly needed ipsec-gre support in openSUSE 42.1, I made it work:
1. I enabled the trigger that builds the openvswitch-ipsec packages.
2. The openvswitch-ipsec.init script was a 1:1 copy from a previous openvswitch
release (pre-2.3 series), from debian/openvswitch-ipsec.init. It was missing an
iptables MARK rule and had Debain-style log functions. I updated the init
script and modified the log messages to either something that I found in
opensuse's init-functions or with an echo.
3. openvswitch-ipsec needs to start before openvswitch, so I made a systemd
wrapper similar to that of openvswitch.service
4. The debian/ovs-monitor-ipsec file was installed into an incorrect directory,
so the init script didn't pick it up. 
5. ovs-monitor-ipsec relied on /etc/init.d/racoon init script to control
racoon.
6. In the openvswitch.service I needed to alter the dependencies so that wicked
can use the already-started openvswitch.
7. I needed to add OVS_CTL_OPTS='--delete-bridges' in
openvswitch-switch.template. I don't remember the reason now, but I think it
was badly interacting with wickedd.
8. The spec file required some changes to accomodate that.

Patches:
ad. 1/4/8. openvswitch.spec.diff - contains a diff from 42.1 spec
ad. 2. openvswitch-ipsec.init - full init script text, updated to 2.3 and with
Debianisms removed
ad. 3. openvswitch-ipsec.service - systemd wrapper around the init.d script
ad. 5. ovs-monitor-ipsec.patch - patch applied from the altered spec file
ad. 6. openvswitch.service - altered systemd wrapper around the original init.d
script
ad. 7. openvswitch-switch.template.diff - diff from 42.1 file

Please review the changes and include ipsec-gre support in forthcoming
openvswitch package releases in openSUSE.