Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 386
  • Last Modified:

Can you use OSPF or other routing protocols over Linux Free SWAN ipsec VPNs using linux iptables firewalls?

I am a user of linux iptables firewalls and wanted to know if it was possible to configure routing protocols over VPN networks. Currently the VPN networks we are builing are getting larger and larger so we will need to implement a routing protocol at some point. I have read the cisco article below but any suggestions or experiences you have had with this would be greatly appreciated if you could share them.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800a43f6.shtml
0
harryyeh
Asked:
harryyeh
  • 3
  • 3
1 Solution
 
grbladesCommented:
Hi harryyeh,
As the article you found describes it is possible to use routing protocols over VPN links. You need to encapsulate the routing protocol into an IP packet so that it will go across the VPN. In the article this is performed by a router which site between the VPN device and the internal network.
0
 
harryyehAuthor Commented:
What would you use to encapsulate it? I am not going to be using cicso routers, probably just the firewalls with zebra routing software on it.
0
 
grbladesCommented:
In that case encapsulation would be very difficult. I suggest you use the RIP routing protocol which uses UDP port 520 and therefore being IP based will go across the VPN. It is a basic routing protocol and not as full featured as OSPF but it is commonly supported.
I suspect for your needs the only downside will be if there are two routes to a destination and one fails it may take a couple of minutes before traffic is sent across the redundant link.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
harryyehAuthor Commented:
I prefer to use OSPF, what is the method you were recommending to encapsulate OSPF? Are you saying to use cisco routers to encapsulate the OSPF packets? I mean if I HAVE to use cisco routers I will be I was just seeing if it was possible to use a linux router program like zebra.
0
 
grbladesCommented:
I am not aware of any Linux software which performs GRE encapsulation and a quick search on sourceforge found nothing. If you wanted to do it I think you would have to write something yourself.
I think if you need to use OSPF you will need to get some Cisco routers.
0
 
harryyehAuthor Commented:
Thanks grblades, let me know if you ever come across anything
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now