<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
</style>
</head>
<body class='hmmessage'>
Hi Andy !<br> It would be helpful if you could post your configuration files and the output of "route -n" after your vpn comes up.<br><br><br><span style="font-family: Tahoma,Helvetica,Sans-Serif; font-style: italic; font-weight: bold;">-<span style="font-family: Times New Roman,Times,Serif;"> Simon Charles - </span></span><br><br><br><br><br><hr id="stopSpelling">From: andrew.lemin@monitorsoft.com<br>To: charlessimon@hotmail.com; users@openswan.org<br>Subject: RE: [Openswan Users] dynamic routing protocols with NETKEY<br>Date: Sat, 21 Feb 2009 19:13:05 +0000<br><br>
<style>
.ExternalClass .EC_shape
{;}
</style>
<style>
.ExternalClass p.EC_MsoNormal, .ExternalClass li.EC_MsoNormal, .ExternalClass div.EC_MsoNormal
{margin-bottom:.0001pt;font-size:12.0pt;font-family:'Times New Roman','serif';}
.ExternalClass a:link, .ExternalClass span.EC_MsoHyperlink
{color:blue;text-decoration:underline;}
.ExternalClass a:visited, .ExternalClass span.EC_MsoHyperlinkFollowed
{color:purple;text-decoration:underline;}
.ExternalClass p
{margin-right:0cm;margin-left:0cm;font-size:12.0pt;font-family:'Times New Roman','serif';}
.ExternalClass p.EC_ecmsonormal, .ExternalClass li.EC_ecmsonormal, .ExternalClass div.EC_ecmsonormal
{margin-right:0cm;margin-left:0cm;font-size:12.0pt;font-family:'Times New Roman','serif';}
.ExternalClass p.EC_ecmsoplaintext, .ExternalClass li.EC_ecmsoplaintext, .ExternalClass div.EC_ecmsoplaintext
{margin-right:0cm;margin-left:0cm;font-size:12.0pt;font-family:'Times New Roman','serif';}
.ExternalClass span.EC_ecmsohyperlink
{;}
.ExternalClass span.EC_ecmsohyperlinkfollowed
{;}
.ExternalClass span.EC_ecemailstyle17
{;}
.ExternalClass span.EC_ecplaintextchar
{;}
.ExternalClass p.EC_ecmsonormal1, .ExternalClass li.EC_ecmsonormal1, .ExternalClass div.EC_ecmsonormal1
{margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;font-size:11.0pt;font-family:'Calibri','sans-serif';}
.ExternalClass span.EC_ecmsohyperlink1
{color:blue;text-decoration:underline;}
.ExternalClass span.EC_ecmsohyperlinkfollowed1
{color:purple;text-decoration:underline;}
.ExternalClass p.EC_ecmsoplaintext1, .ExternalClass li.EC_ecmsoplaintext1, .ExternalClass div.EC_ecmsoplaintext1
{margin-right:0cm;margin-bottom:0cm;margin-left:0cm;margin-bottom:.0001pt;font-size:10.5pt;font-family:Consolas;}
.ExternalClass span.EC_ecemailstyle171
{font-family:'Calibri','sans-serif';color:windowtext;}
.ExternalClass span.EC_ecplaintextchar1
{font-family:Consolas;}
.ExternalClass span.EC_EmailStyle30
{font-family:'Calibri','sans-serif';color:#1F497D;}
.ExternalClass .EC_MsoChpDefault
{font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;}
.ExternalClass div.EC_Section1
{page:Section1;}
</style>
<div class="EC_Section1">
<p class="EC_MsoNormal"><span style="font-size: 11pt; font-family: 'Calibri','sans-serif'; color: rgb(31, 73, 125);">Hi Simon,</span></p>
<p class="EC_MsoNormal"><span style="font-size: 11pt; font-family: 'Calibri','sans-serif'; color: rgb(31, 73, 125);">Cheers for your suggestion.</span></p>
<p class="EC_MsoNormal"><span style="font-size: 11pt; font-family: 'Calibri','sans-serif'; color: rgb(31, 73, 125);">What do you mean by kernel routes exactly?</span></p>
<p class="EC_MsoNormal"><span style="font-size: 11pt; font-family: 'Calibri','sans-serif'; color: rgb(31, 73, 125);"> </span></p>
<p class="EC_MsoNormal"><span style="font-size: 11pt; font-family: 'Calibri','sans-serif'; color: rgb(31, 73, 125);">Please bear in mind that this is a 2.6.x Vanilla Kernel using
NETKEY and, not, KLIPS as in the old 2.4.x kernels. Therefore there are no
ipsecX interfaces to create routes for. Instead NETKEY performs policy matching
instead of route matching.</span></p>
<p class="EC_MsoNormal"><span style="font-size: 11pt; font-family: 'Calibri','sans-serif'; color: rgb(31, 73, 125);"> </span></p>
<p class="EC_MsoNormal"><span style="font-size: 11pt; font-family: 'Calibri','sans-serif'; color: rgb(31, 73, 125);">If this is what you meant, how can I show the ‘kernel’
routes if these are not the same as ‘route –n’.</span></p>
<p class="EC_MsoNormal"><span style="font-size: 11pt; font-family: 'Calibri','sans-serif'; color: rgb(31, 73, 125);"> </span></p>
<p class="EC_MsoNormal"><span style="font-size: 11pt; font-family: 'Calibri','sans-serif'; color: rgb(31, 73, 125);">Thanks.</span></p>
<p class="EC_MsoNormal"><span style="font-size: 11pt; font-family: 'Calibri','sans-serif'; color: rgb(31, 73, 125);">Andy.</span></p>
<p class="EC_MsoNormal"><span style="font-size: 11pt; font-family: 'Calibri','sans-serif'; color: rgb(31, 73, 125);"> </span></p>
<div>
<div style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p class="EC_MsoNormal"><span style="font-size: 10pt; font-family: 'Tahoma','sans-serif';" lang="EN-US"> </span></p>
</div>
</div>
<p class="EC_MsoNormal"> </p>
<p class="EC_MsoNormal" style="margin-bottom: 12pt;"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';">Hi !<br>
The vpn routes are established as kernel routes and can be
redistributed quite easily using OSPF/BGP.<br>
Thanks !<br>
<br>
</span><b><i><span style="font-size: 10pt; font-family: 'Tahoma','sans-serif';">-</span></i></b><b><i><span style="font-size: 10pt;"> Simon Charles - </span></i></b><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';"><br>
<br>
<br>
<br>
</span></p>
<div class="EC_MsoNormal" style="text-align: center;" align="center"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';">
<hr id="EC_stopSpelling" align="center" size="2" width="100%">
</span></div>
<div>
<p class="EC_MsoNormal"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';">Hello,</span></p>
<p class="EC_MsoNormal"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';"> </span></p>
<p class="EC_MsoNormal"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';">I
have been trying to research for any possible method to get dynamic routing
working to advertise VPN routes when using NETKEY.</span></p>
<p class="EC_MsoNormal"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';"> </span></p>
<p class="EC_MsoNormal"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';">So
far I have found nothing!</span></p>
<p class="EC_MsoNormal"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';">I
just don't understand why NETKEY does not provide a way of exporting
established VPN policies as routes to allow dynamic routing protocols to work.
Surely this is a HUGE deal and I can't be the only one with this problem.</span></p>
<p class="EC_MsoNormal"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';"> </span></p>
<p class="EC_MsoNormal"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';">PS.
KLIPS is not an option, I am stuck with NETKEY.</span></p>
<p class="EC_MsoNormal"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';"> </span></p>
<p class="EC_MsoNormal"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';">Would
it be possible to use the command 'ip xfrm state' in a script to create dummy
routes when can then in turn be advertised?</span></p>
<p class="EC_MsoNormal"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';"> </span></p>
<p class="EC_MsoNormal"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';">Thank
you in advance.</span></p>
<p class="EC_MsoNormal"><span style="font-size: 10pt; font-family: 'Verdana','sans-serif';"> </span></p>
</div>
</div></body>
</html>