Exporting IPSec routes to OSPF

Michael Ludvig mludvig at logix.net.nz
Mon Jul 8 08:36:58 CEST 2013


Hi Daryl

Thanks for that. However my the problem isn't running OSPF over IPsec
but instead how to get the IPsec routes from the kernel to bird. From
there on to OSPF it's trivial. In the first place Bird needs to learn
the routes somehow...

Cheers

Michael

On 08/07/13 18:19, Daryl Turner wrote:
>
> Hi Michael
>
> Have looked at something like OSPF over GRE over IPsec? You may need
> to play around with MTU/MSS so you don't run into fragmentation
> issues.  I've never done this myself in BIRD but it's pretty common on
> other network kit.
>
> Daryl
>
> On 8 Jul 2013 05:57, "Michael Ludvig" <mludvig at logix.net.nz
> <mailto:mludvig at logix.net.nz>> wrote:
>
>     Hi
>
>     I've got a handful of Linux IPsec gateways, some running OpenSwan some
>     with ipsec-tools. Each gateway handles a number of tunnels with dozens
>     of remote subnets. Unfortunately these remote subnets don't show up in
>     the Linux routing table, i.e. "ip route show" only comes up with the
>     standard two records for the link subnet and for the default route.
>     Obviously bird doesn't see the ipsec routes either.
>
>     Now I've got a script that parses the output of "ip xfrm policy show"
>     and exports them as static routes but that involves a manual rebuild
>     every time the tunnels change and "birdc configure" to propagate the
>     changes.
>
>     Is there any way to automatically export these ipsec routes to OSPF?
>
>     Thanks!
>
>     Michael
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20130708/593ed44b/attachment-0001.html>


More information about the Bird-users mailing list