Assuming then that you can configure the OSPF protocol to look at the IPSec interface costing more than the 2mbit link (based on your description) then the IPSec gateway information is the only thing you would need to setup. All in all that is pretty straightforward, and you would presumably just leave a static link up between the two offices, using the same IP nets that you are currently using, but you would not need the dhcpd part of LEAF. This sounds pretty basic, assuming that the OSPF handles which gateway to use first? Is this the case?
Joey -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 27, 2002 5:05 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: SV: [leaf-user] Building complex routing with OSPF and IPSEC. Hi Joey! OSPF protocol (Open Shortest Path First) is a routing protocol that's doing just what you think's the problem is, determing the gateway. It calculates the shortest (lowest cost) path to the destination network. Our network are rather big, that's why we are using OSPF as the routing protocol. In OSPF you configure each interface with costs. example: You have two connection between two offices one leased line 2Mbit and one ISDN 64kbit. Then you configure the cost same for both interfaces, there is a multipath route and you have problem with ISDN allways comes up. But if you configure the leased with a cost of 65 and the ISDN with 650 then the ISDN interface only comes up when there is a broken leased line. If you are interested you can look at the zebra hompage www.zebra.org and $CISCO at http://www.cisco.com/warp/public/104/1.html. The problem for me is to set up the Linux and IPSec interface to interact with the rest of my OSPF infrastructure. Regards, Paul -----Ursprungligt meddelande----- Från: Joey Officer [mailto:[EMAIL PROTECTED]] Skickat: den 27 juni 2002 23:35 Till: [EMAIL PROTECTED] Kopia: LRP Support Ämne: RE: [leaf-user] Building complex routing with OSPF and IPSEC. I'm not exactly familiar with what you are trying to do, but it looks like you have (currently already in place) an existing dedicated line between the two offices, and want to make it redundant by adding an IPSec tunnel between the two offices. That's pretty easy I think. I'm not familiar with the OSPF protocol (what is it?) At any rate, I think the problem would be determining the gateway. I would assume that the WAN link is more of a cable, and nothing is really routed (ie just an uplink type cable). I'm a bit lost though... could you describe the IP schematics of your network. Does everyone operate on the same subnet, or is it different for each of the two offices? Joey -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Thursday, June 27, 2002 2:08 PM To: [EMAIL PROTECTED] Subject: [leaf-user] Building complex routing with OSPF and IPSEC. Hello all! I'm planning to build a redundant connection between our offices. The networks are connected with E1 WAN links, briefly it look's like: Office1 Office2 | __________ __________ | |_______| Router1 |____ WAN Link____| Router2 |_______| | |__________| |__________| | | | The network are more complex than this. We have an internet connection at Office1 and we are going to connecting Office2 also. We are using OSPF as routing protocol in the network, behind both Office1 and Office2 are other offices connected. The connection between Office1 and Office2 are very important. The new network could look like this: Office1 Office2 | _____ __________ __________ _____ | |____| LRP |____| Router1 |____ WAN Link____| Router2 |____| LRP |____| | |_____| |__________| _ _ _ _ |__________| |_____| | | | _ _ | |_ _| |_ _ | | | | Internet | | |_ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ | _ _ _ _ _ _ _ _| | IPSec VPN connection | |_ _ _ _ _ _| |_ _| |_ _| Of course there are more equipment in the Internet connection. My question are, if anyone have set up this with LRP or other LINUX based firewall/Router? If so, I hope you can help me with some experience of setting up IPSec and OSPF right to reroute the traffic if main link breaks. Regards Paul. ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Bringing you mounds of caffeinated joy. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Bringing you mounds of caffeinated joy. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
