diff --git a/NEWS b/NEWS
index dba1950e562..6e284aac325 100644
--- a/NEWS
+++ b/NEWS
@@ -150,6 +150,7 @@ v2.6.0 - xx xxx xxxx
      * Flow based tunnel match and action can be used for IPv6 address using
        tun_ipv6_src, tun_ipv6_dst fields.
      * Added support for IPv6 tunnels, for details checkout FAQ.
+     * Deprecated support for IPsec tunnels ports.
    - A wrapper script, 'ovs-tcpdump', to easily port-mirror an OVS port and
      watch with tcpdump
    - Introduce --no-self-confinement flag that allows daemons to work with
diff --git a/debian/changelog b/debian/changelog
index 7f38d53e205..28d00babcb0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -118,6 +118,7 @@ openvswitch (2.6.0-1) unstable; urgency=low
      * Flow based tunnel match and action can be used for IPv6 address using
        tun_ipv6_src, tun_ipv6_dst fields.
      * Added support for IPv6 tunnels, for details checkout FAQ.
+     * Deprecated support for IPsec tunnels ports.
    - A wrapper script, 'ovs-tcpdump', to easily port-mirror an OVS port and
      watch with tcpdump
    - Introduce --no-self-confinement flag that allows daemons to work with
diff --git a/debian/control b/debian/control
index 6e704f13d64..da86fe9fd55 100644
--- a/debian/control
+++ b/debian/control
@@ -200,6 +200,7 @@ Description: Open vSwitch GRE-over-IPsec support
  .
  The ovs-monitor-ipsec script provides support for encrypting GRE
  tunnels with IPsec.
+ IPsec tunnels support is deprecated.
 
 Package: openvswitch-pki
 Architecture: all
diff --git a/lib/netdev-vport.c b/lib/netdev-vport.c
index 8d22cf58a22..ac31da6a6e5 100644
--- a/lib/netdev-vport.c
+++ b/lib/netdev-vport.c
@@ -543,6 +543,8 @@ set_tunnel_config(struct netdev *dev_, const struct smap *args)
         static struct ovs_mutex mutex = OVS_MUTEX_INITIALIZER;
         static pid_t pid = 0;
 
+        VLOG_ERR("%s: OVS IPsec tunnel support is deprecated.", name);
+
 #ifndef _WIN32
         ovs_mutex_lock(&mutex);
         if (pid <= 0) {
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index e73023d112c..976f3ca3f5b 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -2008,6 +2008,9 @@
           <dd>
             An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4/IPv6
             IPsec tunnel.
+            IPsec tunnel ports are deprecated. The support will be completely
+            removed in next version.
+
           </dd>
 
           <dt><code>vxlan</code></dt>