Route based VPN in Linux

Ondrej Zajicek santiago at crfreenet.org
Wed Apr 18 17:58:08 CEST 2018


On Mon, Apr 16, 2018 at 11:52:30PM +0530, Kaushal Shriyan wrote:
> Hi,
> 
>  I have setup libreswan IPSec VPN tunnel using route based VPN through VTI
> interface. Please find the below configurations.
> ...
> >   BGP state:          Idle
> >     Neighbor address: 10.1.2.2
> >     Neighbor AS:      65003
> > bird>
> > [root at ip-172-31-15-8 ~]#
> 
> Please let me know if the above configurations are correct and is the right
> approach to setup redundant route based VPN using VTI. I have couple of
> followup questions like how do i test failover between the two IPSec VPN
> servers using VTI and how do i test BIRD Daemon using BGP as i have
> configured BIRD on both the servers for the network architecture shown in

Hi

While i do not have much experience whith running IPSec tunnels, i don't
see why it should not work. There are problems with running routing protocols
through IPSec tunnel mode, but thes VTI interfaces looks like IPIP tunnels
in IPSec transport mode, which is AFAIK the recommended way.

Note that your BGP is in Idle state, because its neighbor address 10.1.2.2
is unreachable (i see you have 10.0.1.0/24 in tunnel, but that is a different
prefix).

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."


More information about the Bird-users mailing list