Hi People !!!
I''m a newbie in this list and in this concepts.
Please, I need help to learn more about routing tools on Linux and its
interaction with FreeSWAN and IPTables.
I just read the "Fun with iproute2 and FreeS/WAN"
(www.quintilion.com/moat/ipsec+routing/iproute2.html,
very, very, very good text) document but, I need more !!!
On my project, I''m tinking in a lot of linux boxes with 2 or more
uplinks, like this:
Frame Relay uplink
/------------------------------\
/ \
| +---------+/ \+---------+ |
+----+Linux Box|---==============================---|Linux Box|----+
| +---------+\ IPSEC with /+---------+ |
\ FreeS/WAN /
\ /
\ /
\----------+POTS+----------/
Dial on Demand
On my tests, when the tunnel is downed, the routing table is updated but, if the
tunnel broke,
the kernel routing table persists with routes added by freeSWAN.
I''m thinking to use OSPF (Zebra or BIRD): on this protocol we have the
''helo'' packets to determine
the current state of links but, ipsec interface is not a multicast interface !
Reading "Linux Advanced Routing & Traffic Control HOWTO"
(http://lartc.org/howto/,
very good document too), in chapter 5.3 we can read
"GRE is a tunneling protocol that was originally developed by Cisco, and it
can do
a few more things than IP-in-IP tunneling. For example, you can also transport
multicast traffic and IPv6 through a GRE tunnel.".
So, What I use ? Ipsec tunnels from FreeS/WAN or GRE Tunnels ? Both ? How ?
The traffic over GRE Tunnel are encripted ? How ?
I''m tinking to use the OSPF protocol (Zebra) do make a load balance
between FrameRelay and
ipsec interfaces but, in same HOWTO ("Fun...") I see the new
possibilitie with iproute2.
What is better ?
Someone have interest in this solution ? Someone can help me ?
Tanks in Advance .
Isamp
ps.: sorry for my poor english !!!
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/