More IPSEC routes for OSPF
Eliezer Croitoru
eliezer at ngtech.co.il
Mon Nov 18 02:29:26 CET 2013
Hey Iain,
Nice to know these little details.
I would say that it is good to ask instead of wondering in the "unknown"
place of thinking by yourself.
I have seen that some afraid to ask and they are left by them-selfs for
weeks trying to figure out something so tiny which somebody already
"just know".
With hope you would be able to find a reasonable solution that fits you.
Best Regards,
Eliezer
On 17/11/13 22:14, Iain wrote:
> Sorry, yes - I should have made that clearer. I’m using the netkey stack with OpenSWAN, which does the transforms in the kernel. The routes become visible on an “ip xfrm show”.
>
> I’m doing an “ip addr” to list all the local addresses, then an “ipsec auto —status” looking for connections that are up (STATE_QUICK_R2). I can then pull out the networks on the other side of all the connections.
>
> I’ve discovered how to get OpenSWAN to allow multiple networks on the other end of the route, but it is difficult to work out what the internal routes look like.
>
> I’ll try switching to the klips stack and see if this makes the routes visible. Adding what I thought were the right routes manually didn’t work - this is not really a bird-related problem yet, but more a lack of understanding on my part of how the OpenSWAN routing is working!
>
> Iain
More information about the Bird-users
mailing list