Exporting IPSec routes to OSPF
Daryl Turner
daryl.turner at gmail.com
Mon Jul 8 08:19:36 CEST 2013
Hi Michael
Have looked at something like OSPF over GRE over IPsec? You may need to
play around with MTU/MSS so you don't run into fragmentation issues. I've
never done this myself in BIRD but it's pretty common on other network kit.
Daryl
On 8 Jul 2013 05:57, "Michael Ludvig" <mludvig at logix.net.nz> wrote:
> Hi
>
> I've got a handful of Linux IPsec gateways, some running OpenSwan some
> with ipsec-tools. Each gateway handles a number of tunnels with dozens
> of remote subnets. Unfortunately these remote subnets don't show up in
> the Linux routing table, i.e. "ip route show" only comes up with the
> standard two records for the link subnet and for the default route.
> Obviously bird doesn't see the ipsec routes either.
>
> Now I've got a script that parses the output of "ip xfrm policy show"
> and exports them as static routes but that involves a manual rebuild
> every time the tunnels change and "birdc configure" to propagate the
> changes.
>
> Is there any way to automatically export these ipsec routes to OSPF?
>
> Thanks!
>
> Michael
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20130708/d00604cb/attachment-0001.html>
More information about the Bird-users
mailing list