<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.ecmsonormal, li.ecmsonormal, div.ecmsonormal
        {mso-style-name:ec_msonormal;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.ecmsoplaintext, li.ecmsoplaintext, div.ecmsoplaintext
        {mso-style-name:ec_msoplaintext;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.ecmsohyperlink
        {mso-style-name:ec_msohyperlink;}
span.ecmsohyperlinkfollowed
        {mso-style-name:ec_msohyperlinkfollowed;}
span.ecemailstyle17
        {mso-style-name:ec_emailstyle17;}
span.ecplaintextchar
        {mso-style-name:ec_plaintextchar;}
p.ecmsonormal1, li.ecmsonormal1, div.ecmsonormal1
        {mso-style-name:ec_msonormal1;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
span.ecmsohyperlink1
        {mso-style-name:ec_msohyperlink1;
        color:blue;
        text-decoration:underline;}
span.ecmsohyperlinkfollowed1
        {mso-style-name:ec_msohyperlinkfollowed1;
        color:purple;
        text-decoration:underline;}
p.ecmsoplaintext1, li.ecmsoplaintext1, div.ecmsoplaintext1
        {mso-style-name:ec_msoplaintext1;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:0cm;
        margin-bottom:.0001pt;
        font-size:10.5pt;
        font-family:Consolas;}
span.ecemailstyle171
        {mso-style-name:ec_emailstyle171;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.ecplaintextchar1
        {mso-style-name:ec_plaintextchar1;
        font-family:Consolas;}
span.EmailStyle30
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page Section1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-GB link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hi Simon,<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Cheers for your suggestion.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>What do you mean by kernel routes exactly?<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Please bear in mind that this is a 2.6.x Vanilla Kernel using
NETKEY and, not, KLIPS as in the old 2.4.x kernels. Therefore there are no
ipsecX interfaces to create routes for. Instead NETKEY performs policy matching
instead of route matching.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>If this is what you meant, how can I show the &#8216;kernel&#8217;
routes if these are not the same as &#8216;route &#8211;n&#8217;.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Thanks.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Andy.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<div>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>

<p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p>&nbsp;</o:p></span></p>

</div>

</div>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:10.0pt;
font-family:"Verdana","sans-serif"'>Hi !<br>
&nbsp;&nbsp;&nbsp; The vpn routes are established as kernel routes and can be
redistributed quite easily using OSPF/BGP.<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Thanks !<br>
<br>
</span><b><i><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>-</span></i></b><b><i><span
style='font-size:10.0pt'> Simon Charles - </span></i></b><span
style='font-size:10.0pt;font-family:"Verdana","sans-serif"'><br>
<br>
<br>
<br>
<o:p></o:p></span></p>

<div class=MsoNormal align=center style='text-align:center'><span
style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>

<hr size=2 width="100%" align=center id=stopSpelling>

</span></div>

<div>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>Hello,<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>&nbsp;<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>I
have been trying to research for any possible method to get dynamic routing
working to advertise VPN routes when using NETKEY.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>&nbsp;<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>So
far I have found nothing!<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>I
just don't understand why NETKEY does not provide a way of exporting
established VPN policies as routes to allow dynamic routing protocols to work.
Surely this is a HUGE deal and I can't be the only one with this problem.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>&nbsp;<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>PS.
KLIPS is not an option, I am stuck with NETKEY.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>&nbsp;<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>Would
it be possible to use the command 'ip xfrm state' in a script to create dummy
routes when can then in turn be advertised?<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>&nbsp;<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>Thank
you in advance.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>&nbsp;<o:p></o:p></span></p>

</div>

</div>

</body>

</html>