Re: Route based IPsec

2023-05-31 Thread B. Atticus Grobe
On 5/31/23 05:03, Valdrin MUJA wrote: > Hi Claudio & David, > > Wireguard can work behind NAT. In that case maybe the solution is wireguard + BGP. I've been using OSPF over wireguard for several years now. It works quite well. You just have to add `wgaip 224.0.0.0/8' to allow multicast over

Re: Route based IPsec

2023-05-31 Thread Valdrin MUJA
g my work with the wireguard config.) From: owner-m...@openbsd.org on behalf of Claudio Jeker Sent: Wednesday, May 31, 2023 12:09 To: David Gwynne Cc: Misc Subject: Re: Route based IPsec On Wed, May 31, 2023 at 06:39:27PM +1000, David Gwynne wrote: > >

Re: Route based IPsec

2023-05-31 Thread Claudio Jeker
On Wed, May 31, 2023 at 06:39:27PM +1000, David Gwynne wrote: > > > > On 31 May 2023, at 18:33, Claudio Jeker wrote: > > > > On Wed, May 31, 2023 at 08:35:45AM +1000, David Gwynne wrote: > >> > >> > >>> On 27 May 2023, at 21:40, Stuart Henderson > >>> wrote: > >>> > >>> On 2023-05-27,

Re: Route based IPsec

2023-05-31 Thread David Gwynne
> On 31 May 2023, at 18:33, Claudio Jeker wrote: > > On Wed, May 31, 2023 at 08:35:45AM +1000, David Gwynne wrote: >> >> >>> On 27 May 2023, at 21:40, Stuart Henderson >>> wrote: >>> >>> On 2023-05-27, Valdrin MUJA wrote: Does OpenBSD have routed based IPsec support? >>> >>> Not

Re: Route based IPsec

2023-05-31 Thread Claudio Jeker
On Wed, May 31, 2023 at 08:35:45AM +1000, David Gwynne wrote: > > > > On 27 May 2023, at 21:40, Stuart Henderson > > wrote: > > > > On 2023-05-27, Valdrin MUJA wrote: > >>Does OpenBSD have routed based IPsec support? > > > > Not yet. > > while you wait, it might be possible to

Re: Route based IPsec

2023-05-31 Thread Valdrin MUJA
Thanks David, I'll try it soon. From: owner-m...@openbsd.org on behalf of David Gwynne Sent: Wednesday, May 31, 2023 01:35 To: Stuart Henderson Cc: misc@openbsd.org Subject: Re: Route based IPsec > On 27 May 2023, at 21:40, Stuart Henderson wr

Re: Route based IPsec

2023-05-30 Thread David Gwynne
> On 27 May 2023, at 21:40, Stuart Henderson wrote: > > On 2023-05-27, Valdrin MUJA wrote: >>Does OpenBSD have routed based IPsec support? > > Not yet. while you wait, it might be possible to configure a gif tunnel protected by ipsec transport mode. dlg

Re: Route based IPsec

2023-05-27 Thread Hrvoje Popovski
On 27.5.2023. 9:24, Valdrin MUJA wrote: > Hello, > > I need Route based IPsec solution to set up between a firewall device and > my OpenBSD firewall. > However, I am a little confused about this: > I created more than one enc device, I did policy based routing with PF but no > results. I

Re: Route based IPsec

2023-05-27 Thread Stuart Henderson
On 2023-05-27, Valdrin MUJA wrote: > Does OpenBSD have routed based IPsec support? Not yet.