Hey All,
I'm interested in finding out how to import routes from StrongSwan IPSec
installed XFRM tables (220) into Quagga (OSPF, 254)?
The XFRM policy based rules are saved in table 220 while Quagga (OSPF)
saves the routes in table 254. I have an IPSec StrongSwan on-prem GW
paired up with
Hey All,
I've configured the VTI's and routing is now fully working between the 9
VLAN's.
XFRM, as far as I can tell, isn't as well documented. I might try this
later on o see if OpenWRT supprots it.
Thx,
On 10/25/2020 9:48 PM, TomK wrote:
Hey Noel,
I have four VLAN's on the Azure
Hello Tom,
That is the right wiki page.
What I forgot to mention though is that with interfaces, you can then talk your
routing protocol over it.
It does not give you information about the subnets though for which IPsec
policies are installed.
What is the goal of this in the end?
Kind regards
Hi,
if it's option, you can consider Bird, which can import from specified
table - https://bird.network.cz/?get_doc=20=bird-6.html#ss6.6 :
|kernel table /number/|
Select which kernel table should this particular instance of the
Kernel protocol work with. Available only on systems
Hello everyone,
I wish to create an IPSEC v2 connection and use two authentication rounds, both
with assymetric key pairs (one round using ECDSA followed by one round using
BLISS).
Since BLISS is rather new I would like the second round as safe-guard in case
the near future shows any fatal
Hi Tom,
The routes in table 220 are only used to tell the kernel which source IP to use
for sending packets to a remote network.
They aren't part of XFRM and only tangentially pertain IPsec.
Also, routes are only added if they are required, so those routes in table 220
are not necessarily
That's certainly an option I've reviewed. Whatever the option, would
like to keep customization to nothing, if possible.
Cheers,
TK
On 10/25/2020 3:03 PM, Volodymyr Litovka wrote:
Hi,
if it's option, you can consider Bird, which can import from specified
table -
Hi Christoph,
Specify the keys using connections..local.pubkeys and
connections..remote.pubkeys.
Afterwards, check the output and the log file (best if you enable debug logging
like shown on the HelpRequests page)
to see if the public keys were loaded and the private keys, too.
Kind regards
Hey Noel,
I have four VLAN's on the Azure side. I need all these VLAN's visible
to my on-prem VLAN's, 5 on-prem VLAN's in total. The on-prem GW can see
those Azure VLAN's. The mapping works well.
However, the on-prem StrongSwan GW running on my Raspberry Pi 2
(OpenWRT) isn't
Hey Noel,
Thanks. That would certainly make it automatic with either BIRD or
Quagga.
I'll have a look at the pages again to see what it takes to create
these. Thinking this is still the right page for VTI and XFRM information?
Hello Rajiv,
> 1. What exactly are these "kernel traps installed? Can we view what traps are
> installed?
They're just IPsec policies without a state.
> 3. So are these routes in table-220 correlated and mapped to the kernel-traps?
No. The routes are only added if the source IP needs to be
11 matches
Mail list logo
