More IPSEC routes for OSPF
Ruben Laban
r.laban+lists at ism.nl
Mon Nov 11 15:19:26 CET 2013
Hi,
On 10-11-2013 16:35, Iain Buchanan wrote:
> I’m in pretty much the same position. I’ve tried Ondrej Zajicek’s
> suggestion of using transport mode IPSEC links, but this doesn’t seem to
> create visible routes (I’m using the netkey stack, which may be the
> issue). At the moment I’ve got GRE tunnels working on top of the IPSEC
> links, and if I enable debugging mode I can see instances of Bird
> communicating with one another over them (but not sending any of the
> OpenSWAN link information).
The idea here is to have IPsec protected GRE tunnels over which one can
talk OSPF. There wouldn't be any IPsec routes to (re)distribute in that
case (as there's only transport ones). If you have other IPsec "routes"
(policies in fact) that you want to insert into OSPF, then you'll need
one of two alternatives indeed:
* Have a script parse the IPsec policies, or
* Use the KLIPS stack instead of NETKEY, which gives you routes you can
insert into OSPF nicely (this is what I do).
Regards,
Ruben
More information about the Bird-users
mailing list