On Fri, 2005-08-05 at 14:16, Aleksandar Milivojevic wrote:
> > Can you fix this the way it is commonly done in routers? That is,
> > configure a GRE tunnel as the end points to get a real-looking
> > interface that you can route over, do multicast, etc., and then
> > push the GRE packets through ipsec. I've wondered if this would
> > work between a Linux box and a Cisco router but never had time to
> > test it. (I have done GRE tunnels and multicast, just not the
> > ipsec part).
>
> Well, I did some preliminary testing, and basically it seems to be working
> between two CentOS boxes. For testing, I've created GRE tunnel between two
> boxes, and then configured IPSec in transport mode between their external
> interfaces. Then pinged from one to another using addresses of local
> interfaces. Ping worked, and tcpdump showed ESP packets happily flying
> around.
>
> Now, this works between two CentOS boxes (kernel 2.6.9-11.EL). If the same
> thing works between two Cisco routers, and GRE and IPSec on their own work
> between Cisco and Linux, I'd say there's good chance that GRE+IPSec will work
> too.
This should give you an interface that looks real enough to run zebra
with rip or ospf and at least in theory it should work the same with
a cisco at the other end.
--
Les Mikesell
lesmikesell@xxxxxxxxx
