Am 31.12.2018 um 14:07 schrieb Lou Berger:
What's your ip next hop state?
------------------------------------------------------------------------
On December 31, 2018 8:02:47 AM "John Antypas" <jantypas@busygeeks.com> wrote:
The subject basically says it all..... I have two sites connected over an IPSEC tunnel. Each site has its own internal routes managed by OSPF, and I am trying to exchange them by BGP.
* We know the traffic is being passed over the IPSEC tunnel, and we can see that each side does get the other's BGP routes. We did have to install directives to allow multihop and disable-connection-checks.... * We do not see the routes being installed into the local kernel routing tables but for the life us, we can't understand why. We see the routes come across in the BGP debug info, but it never makes it into the FIB.
John, just to be sure. You are using route-based IPSEC with pfSense? Otherwise you wont get any routes via IPSEC as it is an emulated enc device. It'd also be possible to run a GRE tunnel inside IPSEC ... Michael