bird and ipsec (strongswan) routes
Ondrej Zajicek
santiago at crfreenet.org
Thu Nov 21 18:59:17 CET 2024
On Tue, Nov 19, 2024 at 09:35:53PM -0800, Brian C. Hill via Bird-users wrote:
> Hello,
>
> I want to use bird to mutually propagate routes throughout several sites
> connected with vpn gateways, probably with ospf.
>
> e.g. site A net(s) <-> site A vpn gateway <-> vpn 'concentrator' <->
> site B vpn gateway <-> hosts site B net(s), etc..
Hello
Can you (or others) give me an idea how it should work in some brief
outline how it ideally should work? I.e. what would you expect from
BIRD w.r.t. IPsec?
I know there are SA/SP tables (accessed by ip xfrm state/policy), xfrm
routing table 220, all of these managed by Strongswan. What records from
these tables are supposed to be read or even managed by BIRD?
> My questions:
>
> 1) Is it sill the case that bird cannot read directly from the xfrm table?
> (I tried this with a pipe config but nothing gets imported)
I do not know why it should not. It seems like regular routing table. But
it is possible that it contains routes with some strange attributes
causing BIRD to ignore them (i noticed 'throw' action). Can you give me an output
of 'ip route show table 220'?
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list