IPsec (OSPFv3)

Michael Schwartzkopff ms at sys4.de
Thu Aug 8 20:38:22 CEST 2019


Hi,

Dynamic routig works works good with route based ipsec.  Some time I wrote a blog article about ipsec and bgp with bird. See blog.sys4.de

Michael

Am 8. August 2019 15:04:14 MESZ schrieb Ondrej Zajicek <santiago at crfreenet.org>:
>On Mon, Jun 17, 2019 at 10:59:00AM +0000, Kenth Eriksson wrote:
>> Hi!
>
>Hi
>
>Sorry for late reply, i finally got to answer some mails i missed in
>the
>past due to my mail delivery issue:
>
>https://bird.network.cz/pipermail/bird-users/2019-July/013549.html
>
>
>> What is the plan for IPsec with regards to OSPFv3? Is it part of
>> roadmap?
>
>We do not have any plans for IPsec for OSPFv3. AFAIK, IPsec is not well
>suited for multicast and RFC 7166 is a better solution for OSPFv3.
>
>OTOH, it is something that seems to be easy to implement, as it is just
>a few syscalls to configure manual SA entries. So patches are welcome.
>
>
>> If not a roadmap item, what is the recommended way to get IPsec
>support
>> for OSPFv3 with bird? libreswan?
>
>Where was setkey command from ipsec-tools, which would likely allow
>configuring manual SA entries necessary for OSPFv3, but it seems to be
>abandoned.
>
>I do not think that libreswan or other dynamic keying daemons are
>applicable for OSPFv3 due to its multicast nature.
>
>-- 
>Elen sila lumenn' omentielvo
>
>Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
>OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
>"To err is human -- to blame it on a computer is even more so."

-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20190808/bb71505a/attachment.htm>


More information about the Bird-users mailing list