On Mon, Jun 17, 2019 at 10:59:00AM +0000, Kenth Eriksson wrote:
Hi!
Hi Sorry for late reply, i finally got to answer some mails i missed in the past due to my mail delivery issue: https://bird.network.cz/pipermail/bird-users/2019-July/013549.html
What is the plan for IPsec with regards to OSPFv3? Is it part of roadmap?
We do not have any plans for IPsec for OSPFv3. AFAIK, IPsec is not well suited for multicast and RFC 7166 is a better solution for OSPFv3. OTOH, it is something that seems to be easy to implement, as it is just a few syscalls to configure manual SA entries. So patches are welcome.
If not a roadmap item, what is the recommended way to get IPsec support for OSPFv3 with bird? libreswan?
Where was setkey command from ipsec-tools, which would likely allow configuring manual SA entries necessary for OSPFv3, but it seems to be abandoned. I do not think that libreswan or other dynamic keying daemons are applicable for OSPFv3 due to its multicast nature. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."