[quagga-users 15042] Re: Importing routes into Quagga from XFRM

Matthias Ferdinand mf at 14v.de
Mon Oct 26 17:29:30 GMT 2020

On Mon, Oct 26, 2020 at 12:00:02PM +0000, quagga-users-request at lists.quagga.net wrote:
> Message: 1
> Date: Sun, 25 Oct 2020 13:56:53 -0400
> From: TomK <tomkcpr at mdevsys.com>
> To: quagga-users at lists.quagga.net
> Subject: [quagga-users 15041] Importing routes into Quagga from XFRM
> Message-ID: <e7eb63f4-497d-3379-65a4-53fe5730bc03 at mdevsys.com>
> Content-Type: text/plain; charset=utf-8; format=flowed
> Hey Everyone,
> I'm interested in finding out how to import routes from XFRM tables 
> (220) into Quagga (OSPF, 254)?
> The XFRM policy based rules are saved in table 220 while Quagga (OSPF) 
> saves the routes in table 254.  I have a IPSec StrongSwan on-prem GW 
> paired up with one of the Cloud providers.  The connection is 
> established however I can't ping the remote VLAN's from any other device 
> on the on-prem network except from the on-prem GW itself.
> I would like to make OSPF aware of table 220 so it can import the rules. 
>   Or at least find another way to export the rules in table 220 and into 
> table 254.  Is this possible?

Hi, I would try to solve this (mostly) outside of quagga. You could
follow routing changes indicated in the output of

    ip monitor route

and add/delete route entries in default table appropriately.
You need to make sure you filter out your own route additions/deletions
from the "ip monitor route" output stream, or you might run into endless

With that done, you have these routes as static routes in the default
table, and you can use 

  router ospf
     redistribute kernel ...

in ospfd.conf to feed these routes to OSPF.


More information about the Quagga-users mailing list