Strongswan GRE IPSec and OSPF (Bird)
OK, so I finally got Strongswan with a GRE over IPSec tunnel and OSPF (BIRD) running on Centos 6
Two remote sites are connected to the main site via Metro-Ethernet. In case of the Metro failing, the idea is to establish backup connectivity over the Internet via secure VPN tunnels. That poses a few problems: IPSec alone doesn’t play well with routing protocols (OSPF in my case), which is why we need GRE over IPSec. I chose “Strongswan” for IPSec on Centos 6 – the Centos 6 was already in place and I didn’t want to first update everything to Centos 7.
Note, Centos 6 uses iproute2, which does not support VTI interfaces ๐
A “few” caveats that the usual how-to docs don’t quite seem to address:
(Two “tunnel” tunnels with left/rightsubnet 0.0.0.0/0 easily results in that you can only ping across the tunnel that came up last. And I couldn’t get the mark/key options of ‘tunnel’/’ipsec.conf’ to work right)
While all this might be “obvious” to people who’ve “been there” before, it wasn’t obvious to me and my google-fu totally failed for quite a while. I hope this helps others (and future-me).
Yes man you definitely saved me. This GRE TTL issue hung me for a night and Google doesn’t help at all.
I’m glad I could be of help. Most of my notes are “so I don’t forget”, and after 9 years, I didn’t expect a new comment!