DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 20th December 2012
igy01 igy01 is offline
Port Guard
 
Join Date: Jan 2011
Posts: 17
Thanked 0 Times in 0 Posts
Default Ipsec and backup link

I have two OpenBSD boxes, two WAN network cards for each, and two links ("main" and "backup"):

Code:
LAN1---fxp0 BSD1 em0----Link1 (main)------em0 BSD2 fxp0---LAN2
             ----em1----Link2 (backup)----em1
I have isakmpd/IPsec connections for traffic between LAN1 and LAN2 (tunnel mode on BSD), i.e. IPsec SA between BSD1-em0 & BSD2-em0.

I want to configure some kind of "backup" IPsec for the same traffic, between same hosts BSD1 & BSD2.

I think, without IKE/IPsec, situation is very simple. We put ospfd on BSD1 and BSD2; when main link is broken, ospf send traffic to backup link. But, how configure IPsec i.e. ipsec.conf for this situation? Is there any reason to create CARP and sasyncd? But how? Some other link/idea?

Last edited by igy01; 20th December 2012 at 06:54 PM.
Reply With Quote
  #2   (View Single Post)  
Old 20th December 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,888
Thanked 214 Times in 189 Posts
Default

Here is a blog someone posted about using gre(4) and ospfd(8) with IPSec. Since I don't use OSPF and I don't use GRE, I have not read more than the first paragraph.

I don't know if it will be applicable to your environment, nor do I know if it is either helpful or useless, correct or containing misinformation. It may be out-of-date, as it is from 2009. Use with caution.

http://journal.reallyenglish.com/200...h-openbsd.html
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
NetBSD on D-Link DIR-100/300/320 Lexus45 NetBSD General 3 1st February 2011 12:24 PM
zyd0: no link ........... sleeping kallistoteles OpenBSD Installation and Upgrading 3 25th June 2010 02:38 PM
backup freeBSD 7.0 using Backup Exec ccc FreeBSD General 2 25th April 2009 09:23 PM
D-link (DI-524) router c0mrade General software and network 3 26th January 2009 08:14 AM
kde .desktop file link doesn't act like a link when opening files caesius FreeBSD Ports and Packages 3 14th October 2008 07:35 AM


All times are GMT. The time now is 06:51 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick