More IPSEC routes for OSPF

Iain Buchanan iainbuc at gmail.com
Tue Nov 12 22:41:03 CET 2013


Thanks Ruben, I'll give the script option a go.

Iain


On 11 November 2013 14:19, Ruben Laban <r.laban+lists at ism.nl> wrote:

> Hi,
>
>
> On 10-11-2013 16:35, Iain Buchanan wrote:
>
>> I’m in pretty much the same position.  I’ve tried Ondrej Zajicek’s
>> suggestion of using transport mode IPSEC links, but this doesn’t seem to
>> create visible routes (I’m using the netkey stack, which may be the
>> issue).  At the moment I’ve got GRE tunnels working on top of the IPSEC
>> links, and if I enable debugging mode I can see instances of Bird
>> communicating with one another over them (but not sending any of the
>> OpenSWAN link information).
>>
>
> The idea here is to have IPsec protected GRE tunnels over which one can
> talk OSPF. There wouldn't be any IPsec routes to (re)distribute in that
> case (as there's only transport ones). If you have other IPsec "routes"
> (policies in fact) that you want to insert into OSPF, then you'll need one
> of two alternatives indeed:
>
> * Have a script parse the IPsec policies, or
> * Use the KLIPS stack instead of NETKEY, which gives you routes you can
> insert into OSPF nicely (this is what I do).
>
> Regards,
> Ruben
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20131112/73daf2dd/attachment-0001.html>


More information about the Bird-users mailing list