IPSec and RIP



  • Hi all,

    I'm begging to have doubts about whether what I'm trying to do will actually work or not, so I figured I'd run it past you all.

    I've got a couple of pfsense boxes scattered around and running IPSec tunnels for me. They've been great, very stable and nice to configure.

    Anyway, I'm trying to get a pfsense box to advertise it's IPSec tunnels over the local LAN via RIPv2. If I have a box that's 10.0.0.1 on my LAN and it brings up a tunnel to a remote network using 192.168.1.x, I'd like 10.0.0.1 to advertise to the other routers on the 10.0.0.x that it knows how to find 192.168.1.x.

    At the moment I think I've got it set up correctly, but the pfsense box isn't sending any RIP advertisements. Part of the problem might be that when I run a netstat -rn on the box while the tunnel is up, there's no route shown for the network at the other end of the tunnel. The traffic still gets there fine, it's just not listed in the local routing table.

    Any thoughts? Am I attempting the impossible?

    Cheers,

    Ryan



  • I've been playing with this again today, and discovered that I must have broken something last time.

    I'm now seeing RIPv2 advertise packets when I sniff, but they don't contain any reference to the IP range at the other end of my IPSec tunnel.

    Here's an example packet, decoded by Wireshark.

    No.    Time        Source                Destination          Protocol Info
          7 180.006426  10.0.1.250            224.0.0.9            RIPv2    Response

    Frame 7 (106 bytes on wire, 106 bytes captured)
        Arrival Time: Oct 29, 2008 16:43:18.834316000


Log in to reply