Hi, Dynamic routig works works good with route based ipsec. Some time I wrote a blog article about ipsec and bgp with bird. See blog.sys4.de Michael Am 8. August 2019 15:04:14 MESZ schrieb Ondrej Zajicek <santiago@crfreenet.org>:
On Mon, Jun 17, 2019 at 10:59:00AM +0000, Kenth Eriksson wrote:
Hi!
Hi
Sorry for late reply, i finally got to answer some mails i missed in the past due to my mail delivery issue:
https://bird.network.cz/pipermail/bird-users/2019-July/013549.html
What is the plan for IPsec with regards to OSPFv3? Is it part of roadmap?
We do not have any plans for IPsec for OSPFv3. AFAIK, IPsec is not well suited for multicast and RFC 7166 is a better solution for OSPFv3.
OTOH, it is something that seems to be easy to implement, as it is just a few syscalls to configure manual SA entries. So patches are welcome.
If not a roadmap item, what is the recommended way to get IPsec support for OSPFv3 with bird? libreswan?
Where was setkey command from ipsec-tools, which would likely allow configuring manual SA entries necessary for OSPFv3, but it seems to be abandoned.
I do not think that libreswan or other dynamic keying daemons are applicable for OSPFv3 due to its multicast nature.
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
-- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.