Setup of DMVPN on Alpine linux: Difference between revisions

From Alpine Linux
(Created page with "We start by adding mGRE tunnels to our network configuration. In conjunction with IPsec VPNs this allows passing of routing information between connected networks. auto gre1...")
 
No edit summary
Line 14: Line 14:
  thisshouldbetheipsecconfig
  thisshouldbetheipsecconfig


To talk to the vici interface we use Quagga's new NHRP plugin developed by Timo Terras (fabled).
To talk to the vici interface we use Quagga's new NHRP plugin developed by Timo Teras (fabled).
We have to use his modified version, as these changes have not yet been upstreamed.
We have to use his modified version, as these changes have not yet been upstreamed.


NHRP will automatically create GRE tunnels over IPsec, and we will use BGP to router the traffic over it.
NHRP will automatically create GRE tunnels over IPsec, and we will use BGP to router the traffic over it.

Revision as of 13:28, 30 October 2015

We start by adding mGRE tunnels to our network configuration. In conjunction with IPsec VPNs this allows passing of routing information between connected networks.

auto gre1
iface gre1 inet static
       pre-up ip tunnel add $IFACE mode gre key 42 ttl 64 dev br0 || true
       address 192.168.148.2
       netmask 255.255.255.255
       post-down ip tunnel del $IFACE || true

To encrypt the traffic going over this tunnel, we will use ipsec. for ipsec we will use strongswan which has the vici plugin, see: The vici plugin provides VICI, the Versatile IKE Configuration Interface. As its name indicates, it provides an interface for external applications to not only configure, but also to control and monitor the IKE daemon charon. for this we also need a modified version of strongswan, provided by fabled.

thisshouldbetheipsecconfig

To talk to the vici interface we use Quagga's new NHRP plugin developed by Timo Teras (fabled). We have to use his modified version, as these changes have not yet been upstreamed.

NHRP will automatically create GRE tunnels over IPsec, and we will use BGP to router the traffic over it.