Hi, Dynamic routig works works good with route based ipsec. Some time I wrote a blog article about ipsec and bgp with bird. See blog.sys4.de
Michael Am 8. August 2019 15:04:14 MESZ schrieb Ondrej Zajicek <[email protected]>: >On Mon, Jun 17, 2019 at 10:59:00AM +0000, Kenth Eriksson wrote: >> Hi! > >Hi > >Sorry for late reply, i finally got to answer some mails i missed in >the >past due to my mail delivery issue: > >https://bird.network.cz/pipermail/bird-users/2019-July/013549.html > > >> What is the plan for IPsec with regards to OSPFv3? Is it part of >> roadmap? > >We do not have any plans for IPsec for OSPFv3. AFAIK, IPsec is not well >suited for multicast and RFC 7166 is a better solution for OSPFv3. > >OTOH, it is something that seems to be easy to implement, as it is just >a few syscalls to configure manual SA entries. So patches are welcome. > > >> If not a roadmap item, what is the recommended way to get IPsec >support >> for OSPFv3 with bird? libreswan? > >Where was setkey command from ipsec-tools, which would likely allow >configuring manual SA entries necessary for OSPFv3, but it seems to be >abandoned. > >I do not think that libreswan or other dynamic keying daemons are >applicable for OSPFv3 due to its multicast nature. > >-- >Elen sila lumenn' omentielvo > >Ondrej 'Santiago' Zajicek (email: [email protected]) >OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) >"To err is human -- to blame it on a computer is even more so." -- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
