Hello all, I have the following question (== misunderstanding from my part?) w.r.t. openbgp support for dynamic keying: I was living under the impression (hope?) that the said support means not only that the keys for the BGP peering session per se are established dynamically but also that the SPD itself is kept in sync with the coresp. BGP routing info i.e. bgp updates the IPsec flows to be consistent with the BGP routing info exchanged with the said peer.
In my current setup I have bgpd setting up the flows for the peering session (on top of an "isakmpd -Ka"), routing tables are updated correctly at both peers _through_ the IPsec tunnel but the SPD entries/IPsec flows for these networks are not set up. As a consequence the traffic between those nets doesn't go through the IPsec tunnel but is routed "as usual" (i.e. via the physical iface). To sum up, the question is: Is it me doing smth wrong and this supposed to work or is this feature not supported (*ahem*... yet). TIA for any hints and suggestions and (most kindly) pointers to relevant resources. I (think I've) done my homework and the usual googling and nothing of relevance showed up. But (of course) I might have missed smth... Rgrds, Florian
