On Mon, Jun 17, 2019 at 10:59:00AM +0000, Kenth Eriksson wrote: > Hi! Hi
Sorry for late reply, i finally got to answer some mails i missed in the past due to my mail delivery issue: https://bird.network.cz/pipermail/bird-users/2019-July/013549.html > What is the plan for IPsec with regards to OSPFv3? Is it part of > roadmap? We do not have any plans for IPsec for OSPFv3. AFAIK, IPsec is not well suited for multicast and RFC 7166 is a better solution for OSPFv3. OTOH, it is something that seems to be easy to implement, as it is just a few syscalls to configure manual SA entries. So patches are welcome. > If not a roadmap item, what is the recommended way to get IPsec support > for OSPFv3 with bird? libreswan? Where was setkey command from ipsec-tools, which would likely allow configuring manual SA entries necessary for OSPFv3, but it seems to be abandoned. I do not think that libreswan or other dynamic keying daemons are applicable for OSPFv3 due to its multicast nature. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: [email protected]) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
