<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Daryl<br>
<br>
Thanks for that. However my the problem isn't running OSPF over
IPsec but instead how to get the IPsec routes from the kernel to
bird. From there on to OSPF it's trivial. In the first place Bird
needs to learn the routes somehow...<br>
<br>
Cheers<br>
<br>
Michael<br>
<br>
On 08/07/13 18:19, Daryl Turner wrote:<br>
</div>
<blockquote
cite="mid:CAAYfy9Av0PYmvGAE0TWC1sOziVEU3tHkVc8nW-CmV5EjCq2NfQ@mail.gmail.com"
type="cite">
<p dir="ltr">Hi Michael</p>
<p dir="ltr">Have looked at something like OSPF over GRE over
IPsec? You may need to play around with MTU/MSS so you don't run
into fragmentation issues. I've never done this myself in BIRD
but it's pretty common on other network kit. <br>
</p>
<p dir="ltr">Daryl</p>
<div class="gmail_quote">On 8 Jul 2013 05:57, "Michael Ludvig"
<<a moz-do-not-send="true" href="mailto:mludvig@logix.net.nz">mludvig@logix.net.nz</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi<br>
<br>
I've got a handful of Linux IPsec gateways, some running
OpenSwan some<br>
with ipsec-tools. Each gateway handles a number of tunnels
with dozens<br>
of remote subnets. Unfortunately these remote subnets don't
show up in<br>
the Linux routing table, i.e. "ip route show" only comes up
with the<br>
standard two records for the link subnet and for the default
route.<br>
Obviously bird doesn't see the ipsec routes either.<br>
<br>
Now I've got a script that parses the output of "ip xfrm
policy show"<br>
and exports them as static routes but that involves a manual
rebuild<br>
every time the tunnels change and "birdc configure" to
propagate the<br>
changes.<br>
<br>
Is there any way to automatically export these ipsec routes to
OSPF?<br>
<br>
Thanks!<br>
<br>
Michael<br>
<br>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>