Hi,

Dynamic routig works works good with route based ipsec. Some time I wrote a blog article about ipsec and bgp with bird. See blog.sys4.de

Michael

Am 8. August 2019 15:04:14 MESZ schrieb Ondrej Zajicek <santiago@crfreenet.org>:
On Mon, Jun 17, 2019 at 10:59:00AM +0000, Kenth Eriksson wrote:
Hi!

Hi

Sorry for late reply, i finally got to answer some mails i missed in the
past due to my mail delivery issue:

https://bird.network.cz/pipermail/bird-users/2019-July/013549.html


What is the plan for IPsec with regards to OSPFv3? Is it part of
roadmap?

We do not have any plans for IPsec for OSPFv3. AFAIK, IPsec is not well
suited for multicast and RFC 7166 is a better solution for OSPFv3.

OTOH, it is something that seems to be easy to implement, as it is just
a few syscalls to configure manual SA entries. So patches are welcome.


If not a roadmap item, what is the recommended way to get IPsec support
for OSPFv3 with bird? libreswan?

Where was setkey command from ipsec-tools, which would likely allow
configuring manual SA entries necessary for OSPFv3, but it seems to be
abandoned.

I do not think that libreswan or other dynamic keying daemons are
applicable for OSPFv3 due to its multicast nature.

--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.