On Thu, Jun 16, 2005 at 12:51:53PM -0700, Michael Favinsky wrote: > Can two 3.7 servers running OSPFd talk OSPF to each other over an IPSEC > tunnel, or worded in another way, an enc interface? > > I have two sites with a WAN link and I want to use the Internet (VPN) as a > backup route. The concept is that under normal circumstances, the OSPF > routing table would have valid routes between the two sites over both the > VPN and WAN links. If the WAN link failed, there'd still be a valid route > between the two sites over VPN.
I have exactly this situation working with a gre tunnel over ipsec (using isakmpd). I'm not sure if it will work with enc as ospf needs multicast ability, which I don't believe is supported by straight ipsec. (I could well be wrong here). Openbsd's ospfd (beautiful work from Esben Norby and Claudio Jeker) is ideal for this, although it is still work in progress. Zebra (quagga from packages or ports) also works well, but its configuration and operation is ugly in comparison to the native daemon. Let me know if you want any help with the configs. -- stephen
