IPsec (OSPFv3)
Ondrej Zajicek
santiago at crfreenet.org
Thu Aug 8 15:04:14 CEST 2019
On Mon, Jun 17, 2019 at 10:59:00AM +0000, Kenth Eriksson wrote:
> Hi!
Hi
Sorry for late reply, i finally got to answer some mails i missed in the
past due to my mail delivery issue:
https://bird.network.cz/pipermail/bird-users/2019-July/013549.html
> What is the plan for IPsec with regards to OSPFv3? Is it part of
> roadmap?
We do not have any plans for IPsec for OSPFv3. AFAIK, IPsec is not well
suited for multicast and RFC 7166 is a better solution for OSPFv3.
OTOH, it is something that seems to be easy to implement, as it is just
a few syscalls to configure manual SA entries. So patches are welcome.
> If not a roadmap item, what is the recommended way to get IPsec support
> for OSPFv3 with bird? libreswan?
Where was setkey command from ipsec-tools, which would likely allow
configuring manual SA entries necessary for OSPFv3, but it seems to be
abandoned.
I do not think that libreswan or other dynamic keying daemons are
applicable for OSPFv3 due to its multicast nature.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list