On 2017-11-07, Kim Zeitler <kim.zeit...@konzept-is.de> wrote: > This is a cryptographically signed message in MIME format. > > --------------ms030007050806020307030407 > Content-Type: text/plain; charset=utf-8; format=flowed > Content-Language: en-GB > Content-Transfer-Encoding: quoted-printable > > Hello > > I have a question concerning routes and ospf. > We are using iked(8) with a gif(4) interface and ospfd(8) to set up=20 > routing. > > If the ipsec tunnel is down, no ospf route is set and the default route=20 > used. > > Is it sensible and possible to add a null-route from the vpn-gateway to=20 > the remote-networks so a 'Network not reachable' is sent immediately?
Sensible - yes. Possible - not sure but I think you would probably need to monitor the ipsec status and add the route and/or gif interface only once the SA is up.
