[FROG] FRR (5.0) on latest pfSense 2.4.4p1 doesn't insert BGP routes into the kernel
Muenz, Michael
m.muenz at spam-fetish.org
Mon Dec 31 09:21:00 EST 2018
Am 31.12.2018 um 14:07 schrieb Lou Berger:
>
> What's your ip next hop state?
>
> ------------------------------------------------------------------------
>
> On December 31, 2018 8:02:47 AM "John Antypas"
> <jantypas at busygeeks.com> wrote:
>
>> The subject basically says it all..... I have two sites connected
>> over an IPSEC tunnel. Each site has its own internal routes managed
>> by OSPF, and I am trying to exchange them by BGP.
>>
>> * We know the traffic is being passed over the IPSEC tunnel, and we
>> can see that each side does get the other's BGP routes. We did
>> have to install directives to allow multihop and
>> disable-connection-checks....
>> * We do not see the routes being installed into the local kernel
>> routing tables but for the life us, we can't understand why. We
>> see the routes come across in the BGP debug info, but it never
>> makes it into the FIB.
>>
John, just to be sure. You are using route-based IPSEC with pfSense?
Otherwise you wont get any routes via IPSEC as it is an emulated enc device.
It'd also be possible to run a GRE tunnel inside IPSEC ...
Michael
More information about the frog
mailing list