Hi,
On 10-11-2013 16:35, Iain Buchanan wrote:
I’m in pretty much the same position. I’ve tried Ondrej Zajicek’s
suggestion of using transport mode IPSEC links, but this doesn’t seem to
create visible routes (I’m using the netkey stack, which may be the
issue). At the moment I’ve got GRE tunnels working on top of the IPSEC
links, and if I enable debugging mode I can see instances of Bird
communicating with one another over them (but not sending any of the
OpenSWAN link information).
The idea here is to have IPsec protected GRE tunnels over which one can
talk OSPF. There wouldn't be any IPsec routes to (re)distribute in that
case (as there's only transport ones). If you have other IPsec "routes"
(policies in fact) that you want to insert into OSPF, then you'll need
one of two alternatives indeed:
* Have a script parse the IPsec policies, or
* Use the KLIPS stack instead of NETKEY, which gives you routes you can
insert into OSPF nicely (this is what I do).
Regards,
Ruben
