I'm trying to set up an OpenVPN server that routes for multiple sites and I'm having a bit of trouble getting Bird to add the routes that go through the tun0 device. I've configured Bird to import routes from both the OS and tun0, but filter out any routes that don't go through the tun0 IP (I only want to advertise routes that go through my OpenVPN tunnel). I'm running Bird 1.3.6. On startup, I receive messages like these:<br>
<br>>>> KRT: Received route <a href="http://172.24.1.16/28">172.24.1.16/28</a> with strange next-hop 172.16.254.1<br>>>> Netlink: File exists<br>>>> Netlink: File exists<br>>>> OSPF: Socket error: Operation not permitted<br>
<br>This appears to be coming from this section of code:<br>sysdep/linux/netlink/netlink.c: 846<br><br> if (!ng || (ng->scope == SCOPE_HOST))<br> {<br> log(L_ERR "KRT: Received route %I/%d with strange next-hop %I",<br>
net->n.prefix, net->n.pxlen, <a href="http://ra.gw">ra.gw</a>);<br> return;<br> }<br><br>My network setup is as follows:<br>Local IP of tun0 on OpenVPN server: <a href="http://172.16.254.1/24">172.16.254.1/24</a> <br>
IP of tun0 on remote server: <a href="http://172.24.1.28/28">172.24.1.28/28</a><br><br>Routes (from ip route) on OpenVPN server:<br>172.16.254.1 dev tun0 proto bird <br><a href="http://172.24.1.0/28">172.24.1.0/28</a> via 172.16.254.1 dev tun0 <br>
<a href="http://172.24.1.16/28">172.24.1.16/28</a> via 172.16.254.1 dev tun0 <br><br>Routes (from ip route) on OpenVPN client:<br><a href="http://172.16.0.0/24">172.16.0.0/24</a> via 172.24.1.28 dev tun0 <br><br>Bird config:<br>
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };<br>filter no_local<br>prefix set local_nets;<br>ip tun0;<br>{<br> local_nets = [ <a href="http://172.16.0.0/16+">172.16.0.0/16+</a> , <a href="http://192.168.0.0/16+">192.168.0.0/16+</a> , <a href="http://10.0.0.0/8+">10.0.0.0/8+</a> ];<br>
tun0 = 172.16.254.1;<br> printn "gw: ", gw;<br> if gw = tun0 then accept "accept: gw is ",gw; <br> reject "reject: gw is ", gw;<br>}<br>protocol kernel {<br> learn; # Learn all alien routes from the kernel<br>
persist; # Don't remove routes on bird shutdown<br> scan time 10; # Scan kernel routing table every 20 seconds<br> device routes on; # this is on so we can accept routes with local nexthop<br>
import filter no_local; # don't import "local" networks<br> import none; # Default is import all<br> export all; # Default is export none<br>}<br>protocol device {<br> scan time 10; # Scan interfaces every 10 seconds<br>
}<br>protocol static {<br>}<br>protocol direct {<br> interface "tun0";<br>}<br>protocol ospf MFOSPF {<br> export all;<br> area 172.16.0.0 {<br> interface "eth4" {<br> type broadcast;<br>
authentication none;<br> neighbors { 10.19.7.11; };<br> };<br> interface "tun0" {<br> type ptmp;<br> authentication none;<br> };<br> };<br>}<br>
<br><br>Any ideas about what I'm doing wrong here? The network configuration (aside from Bird) works as I can ping from another IP, 172.16.1.11, through the OpenVPN server and out to 172.24.1.28. Is there a way to get Bird to advertise a route via OSPF that goes through a local IP (for a tun device) that is not on the same subnet as the remote network?<br>
<br>Thanks much!<br clear="all"><br>--dlloyd<br><br>