On Tue, 19 Nov 2024, Brian C. Hill via Bird-users wrote:
Hello,
I want to use bird to mutually propagate routes throughout several sites
connected with vpn gateways, probably
with ospf.
ipsecvti is what you want
deb12 with strongswan/swanctl works well
I have swan2swan swan2srx swan2watchguard (cust configured the WG
side) all working well with bird1 and bgp on deb12.
Working on jinja2 templates to automate it all better but manual
config is pretty easy too for small builds.
I use EBGP (with bfd) mostly but ospf should work well too.
e.g. site A net(s) <-> site A vpn gateway <-> vpn 'concentrator' <-> site B vpn
gateway <-> hosts site B
net(s), etc..
I couldn't find many posts about the best strategy to use, and the ones did
find are many years old, but it
seems to boil down to these options:
? use a script to migrate xfrm route table (220) to a bird-readable table
? use static routes inside bird
? use vti instead of xfrm
My questions:
1) Is it sill the case that bird cannot read directly from the xfrm table? (I
tried this with a pipe config but
nothing gets imported)
2) What is the strategy that most of you are using now? (as opposed to many
years ago)
Thanks!
Brian
