<p dir="ltr">Hi Michael</p>
<p dir="ltr">Have looked at something like OSPF over GRE over IPsec? You may need to play around with MTU/MSS so you don't run into fragmentation issues. I've never done this myself in BIRD but it's pretty common on other network kit. <br>
</p>
<p dir="ltr">Daryl</p>
<div class="gmail_quote">On 8 Jul 2013 05:57, "Michael Ludvig" <<a href="mailto:mludvig@logix.net.nz">mludvig@logix.net.nz</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi<br>
<br>
I've got a handful of Linux IPsec gateways, some running OpenSwan some<br>
with ipsec-tools. Each gateway handles a number of tunnels with dozens<br>
of remote subnets. Unfortunately these remote subnets don't show up in<br>
the Linux routing table, i.e. "ip route show" only comes up with the<br>
standard two records for the link subnet and for the default route.<br>
Obviously bird doesn't see the ipsec routes either.<br>
<br>
Now I've got a script that parses the output of "ip xfrm policy show"<br>
and exports them as static routes but that involves a manual rebuild<br>
every time the tunnels change and "birdc configure" to propagate the<br>
changes.<br>
<br>
Is there any way to automatically export these ipsec routes to OSPF?<br>
<br>
Thanks!<br>
<br>
Michael<br>
<br>
</blockquote></div>