Missing network configuration param in ospfd (3.9)
[Pls point to the appropriate resource if this is not the right list] Hello all, I have the following question: In opspfd (as per vanilla 3.9) I cannot find a way to specify/filter which network+mask is announced e.g. which network goes to which area. TIA for any hints, Florian
Re: OpenBGPd with dynamic keying (ipsec ike support)
Without ever having looked at this I would guess that openbgpd support for dynamic keying is for securing the bgp session itself, nothing more. Yes, this is correct. *sigh*. There goes hopes for elegant BGP-IPsec VPNs, back to BGP over GRE over IPsec. Thanks Claudio, Tony for clearing this out, Florian
OpenBGPd with dynamic keying (ipsec ike support)
Hello all, I have the following question (== misunderstanding from my part?) w.r.t. openbgp support for dynamic keying: I was living under the impression (hope?) that the said support means not only that the keys for the BGP peering session per se are established dynamically but also that the SPD itself is kept in sync with the coresp. BGP routing info i.e. bgp updates the IPsec flows to be consistent with the BGP routing info exchanged with the said peer. In my current setup I have bgpd setting up the flows for the peering session (on top of an isakmpd -Ka), routing tables are updated correctly at both peers _through_ the IPsec tunnel but the SPD entries/IPsec flows for these networks are not set up. As a consequence the traffic between those nets doesn't go through the IPsec tunnel but is routed as usual (i.e. via the physical iface). To sum up, the question is: Is it me doing smth wrong and this supposed to work or is this feature not supported (*ahem*... yet). TIA for any hints and suggestions and (most kindly) pointers to relevant resources. I (think I've) done my homework and the usual googling and nothing of relevance showed up. But (of course) I might have missed smth... Rgrds, Florian