[Openswan Users] Backup routing
Benny Amorsen
benny+usenet at amorsen.dk
Tue Apr 29 08:36:24 EDT 2008
"Greg Scott" <GregScott at InfraSupportEtc.com> writes:
> I suppose I could just poll that telco router and maybe its partner
> router on the other side, and if neither one answer, get rid of the
> route and bring up the tunnel.
The easiest solution is to run GRE over the IPSEC tunnel and use your
favourite dynamic routing protocol.
Some vendors (Netscreen among others) are able to negotiate a
0.0.0.0/0 => 0.0.0.0/0 tunnel and run routing protocols over that.
This is AFAIK not described in any RFC's, and it seems impossible to
achieve with NETKEY at least. NETKEY grabs the packets before they get
to be routed. KLIPS can possibly do it, but I haven't tried.
/Benny
More information about the Users
mailing list