<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">2018-04-04 10:59 GMT+02:00 Jan Maria Matejka <span dir="ltr"><<a href="mailto:jan.matejka@nic.cz" target="_blank">jan.matejka@nic.cz</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
please could you enable 'debug all' for the ospf protocol at server?<br>
It should tell you whether it receives the packets and what is it doing<br>
with them.<br></blockquote><div><br></div><div>It is enabled, Here the logs: </div><div><br></div><div><div><br></div><div>2018-04-04 11:22:42 <TRACE> myOSPF3: Initializing</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3: Starting</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3: Adding area 0.0.0.0</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3: Connected to table master</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3: State changed to feed</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3 < added <a href="http://1.1.1.1/32">1.1.1.1/32</a> via 192.168.20.94 on eth0</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3: Originating LSA: Type: 4005, Id: 1.1.1.1, Rt: 10.29.0.1, Seq: 80000001</div><div>2018-04-04 11:22:42 <INFO> Started</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3 < interface lo goes up</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address <a href="http://127.0.0.0/8">127.0.0.0/8</a> on interface lo added</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3 < interface eth0 goes up</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address <a href="http://192.168.20.0/24">192.168.20.0/24</a> on interface eth0 added</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3 < interface tun0 goes up</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address <a href="http://10.29.0.0/22">10.29.0.0/22</a> on interface tun0 added</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3: Adding interface tun0 (<a href="http://10.29.0.0/22">10.29.0.0/22</a>) to area 0.0.0.0</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3 < added <a href="http://1.1.1.1/32">1.1.1.1/32</a> via 192.168.20.94 on eth0</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3: State changed to up</div><div>2018-04-04 11:22:42 <ERR> KRT: Received route <a href="http://1.1.1.1/32">1.1.1.1/32</a> with strange next-hop 192.168.20.94</div><div>2018-04-04 11:22:42 <ERR> KRT: Received route <a href="http://1.1.1.1/32">1.1.1.1/32</a> with strange next-hop 192.168.20.94</div><div>2018-04-04 11:22:42 <ERR> KRT: Received route <a href="http://10.29.0.0/20">10.29.0.0/20</a> with strange next-hop 10.29.0.1</div><div>2018-04-04 11:22:42 <WARN> Netlink: File exists</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3: Interface tun0 changed state from Down to Waiting</div><div>2018-04-04 11:22:42 <TRACE> myOSPF3: HELLO packet sent via tun0</div><div>2018-04-04 11:22:43 <TRACE> myOSPF3: Updating router state for area 0.0.0.0</div><div>2018-04-04 11:22:43 <TRACE> myOSPF3: Originating LSA: Type: 2001, Id: 10.29.0.1, Rt: 10.29.0.1, Seq: 80000001</div><div>2018-04-04 11:22:43 <TRACE> myOSPF3: Scheduling routing table calculation</div><div>2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation</div><div>2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for area 0.0.0.0</div><div>2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for inter-area (area 0.0.0.0)</div><div>2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for ext routes</div><div>2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table synchronisation</div><div>2018-04-04 11:22:43 <TRACE> myOSPF3 > added [best] <a href="http://10.29.0.0/22">10.29.0.0/22</a> dev tun0</div><div>2018-04-04 11:22:43 <TRACE> myOSPF3 < rejected by protocol <a href="http://10.29.0.0/22">10.29.0.0/22</a> dev tun0</div><div>2018-04-04 11:22:52 <TRACE> myOSPF3: HELLO packet sent via tun0</div><div>2018-04-04 11:22:52 <TRACE> myOSPF3: Wait timer fired on tun0</div><div>2018-04-04 11:22:52 <TRACE> myOSPF3: Interface tun0 changed state from Waiting to DR</div><div>2018-04-04 11:22:52 <TRACE> myOSPF3: Updating router state for area 0.0.0.0</div></div><div><br></div><div><br></div><div>no received packets, but with tcpdump on server I can see, that all devices are sending hello messages:</div><div><br></div><div><div><br></div><div>11:18:26.328789 IP (tos 0xc0, ttl 1, id 15244, offset 0, flags [none], proto OSPF (89), length 64)</div><div> 10.29.0.1 (that's the server) > <a href="http://ospf-all.mcast.net">ospf-all.mcast.net</a>: OSPFv2, Hello, length 44</div><div> Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)</div><div> Options [External]</div><div> Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1</div><div> Designated Router 10.29.0.1</div><div>11:18:31.408140 IP (tos 0xc0, ttl 1, id 62511, offset 0, flags [none], proto OSPF (89), length 72)</div><div> 10.29.0.8 > <a href="http://ospf-all.mcast.net">ospf-all.mcast.net</a>: OSPFv2, Hello, length 52</div><div> Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0)</div><div> Options [External]</div><div> Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1</div><div> Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8</div><div> Neighbor List:</div><div> 192.168.21.17</div><div> 10.29.0.1</div><div>11:18:31.741169 IP (tos 0xc0, ttl 1, id 55888, offset 0, flags [none], proto OSPF (89), length 72)</div><div> 10.29.0.4 > <a href="http://ospf-all.mcast.net">ospf-all.mcast.net</a>: OSPFv2, Hello, length 52</div><div> Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0)</div><div> Options [External]</div><div> Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1</div><div> Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8</div><div> Neighbor List:</div><div> 192.168.21.1</div><div> 10.29.0.1</div></div><div><br></div><div><br></div><div>The issue is, that the server cannot leave the init state. The clients see each other. </div><div><br></div><div>on client: </div><div><div>birdc show ospf neighbors</div><div>BIRD 1.6.3 ready.</div><div>myOSPF2:</div><div>Router ID Pri State DTime Interface Router IP</div><div>192.168.20.54 1 Full/DR 00:36 eth0 192.168.21.22</div><div>192.168.21.1 1 Full/BDR 00:32 tun0 10.29.0.8</div><div>10.29.0.1 1 Init/Other 00:37 tun0 10.29.0.1</div></div><div><br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
OpenVPN in TUN mode does quite strange things with routing. Have you tried<br>
routing by static routes first (to see whether it works or not)?<br>
<br>
Example:<br>
<br>
Server has <a href="http://10.29.0.1/30" rel="noreferrer" target="_blank">10.29.0.1/30</a> (peer 10.29.0.2).<br>
Client A has <a href="http://10.29.0.5/30" rel="noreferrer" target="_blank">10.29.0.5/30</a> (peer 10.29.0.6) and <a href="http://172.30.5.0/24" rel="noreferrer" target="_blank">172.30.5.0/24</a> on other iface.<br>
Client B has <a href="http://10.29.0.9/30" rel="noreferrer" target="_blank">10.29.0.9/30</a> (peer 10.29.0.10) and <a href="http://172.30.9.0/24" rel="noreferrer" target="_blank">172.30.9.0/24</a> on other iface.<br>
<br>
Have you managed to add a route on Client A that would route traffic<br>
to <a href="http://172.30.9.0/24" rel="noreferrer" target="_blank">172.30.9.0/24</a>? (If yes, please tell me, I also need something like that.)<br>
<br></blockquote><div><br></div><div>Yes, such settings is working even dynamically. I added a real router between two clients so, that there are now two possible ways (vpn and cable) to each client and both are working after disconnected the second connection. </div><div><br></div><div>Now I would like to ping a client from server over another client : server ------ (tun0) ----> client ------- (eth0) ------> client</div><div><br></div><div>But on the server bird cannot communicate and add routes form neighbours.</div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Now I overcome these problems by several GRE (or GRETAP) tunnels over the VPN,<br>
these are real PtP links and also routing works over them quite well.<br>
<br>
M.<br>
<span class="gmail-"><br>
On 04/04/2018 10:29 AM, dawid k wrote:<br>
> Additional info:<br>
><br>
> bird show ospf state on server:<br>
><br>
> area 0.0.0.0<br>
><br>
> router 10.29.0.1<br>
> distance 0<br>
</span>> stubnet <a href="http://10.29.0.0/22" rel="noreferrer" target="_blank">10.29.0.0/22</a> <<a href="http://10.29.0.0/22" rel="noreferrer" target="_blank">http://10.29.0.0/22</a>> metric 10 <br>
> external <a href="http://1.1.1.1/32" rel="noreferrer" target="_blank">1.1.1.1/32</a> <<a href="http://1.1.1.1/32" rel="noreferrer" target="_blank">http://1.1.1.1/32</a>> metric 33<br>
> external <a href="http://10.29.0.0/22" rel="noreferrer" target="_blank">10.29.0.0/22</a> <<a href="http://10.29.0.0/22" rel="noreferrer" target="_blank">http://10.29.0.0/22</a>> metric 33<br>
<span class="gmail-">><br>
> I wonder, why my netowrk is marked as stubnet. I defined in config stub no. I suppose, that's the problem, but how can I avoid this ?<br>
><br>
> bird show ospf state on first client :<br>
><br>
> router 192.168.21.17<br>
> distance 20<br>
</span>> network <a href="http://192.168.21.16/28" rel="noreferrer" target="_blank">192.168.21.16/28</a> <<a href="http://192.168.21.16/28" rel="noreferrer" target="_blank">http://192.168.21.16/28</a>> metric 5<br>
> network <a href="http://10.29.0.0/22" rel="noreferrer" target="_blank">10.29.0.0/22</a> <<a href="http://10.29.0.0/22" rel="noreferrer" target="_blank">http://10.29.0.0/22</a>> metric 10 #ethernet<br>
> external <a href="http://192.168.9.17/32" rel="noreferrer" target="_blank">192.168.9.17/32</a> <<a href="http://192.168.9.17/32" rel="noreferrer" target="_blank">http://192.168.9.17/32</a>> metric2 10000 via 192.168.21.25 #static<br>
><br>
> network <br>
> ......<br>
><br>
><br>
><br>
><br>
> 2018-04-04 8:59 GMT+02:00 dawid k <<a href="mailto:tookie009smieci@gmail.com">tookie009smieci@gmail.com</a> <mailto:<a href="mailto:tookie009smieci@gmail.com">tookie009smieci@gmail.<wbr>com</a>>>:<br>
<span class="gmail-">><br>
> Hi Chris,<br>
><br>
> Thank you for your advice, I got a little bit forward.<br>
><br>
> I expended my topology with another pc - another vpn client - and I got these two vpn clients working, but somehow I cannot get the server to work properly. The server remains always in state Init/Other.<br>
><br>
> I can see with tcpdump, that every pc is sending the hello-message, but the server is missing the neighbor list:<br>
><br>
><br>
> 08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none], proto OSPF (89), length 64)<br>
</span>> server > <a href="http://ospf-all.mcast.net" rel="noreferrer" target="_blank">ospf-all.mcast.net</a> <<a href="http://ospf-all.mcast.net" rel="noreferrer" target="_blank">http://ospf-all.mcast.net</a>>: OSPFv2, Hello, length 44<br>
<span class="gmail-">> Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)<br>
> Options [External]<br>
> Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1<br>
> Designated Router 10.29.0.1<br>
> 08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none], proto OSPF (89), length 72)<br>
</span>> 10.29.0.8 > <a href="http://ospf-all.mcast.net" rel="noreferrer" target="_blank">ospf-all.mcast.net</a> <<a href="http://ospf-all.mcast.net" rel="noreferrer" target="_blank">http://ospf-all.mcast.net</a>>: OSPFv2, Hello, length 52<br>
<span class="gmail-">> Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0)<br>
> Options [External]<br>
> Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1<br>
> Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8<br>
> Neighbor List:<br>
> 192.168.21.17<br>
> 10.29.0.1<br>
> 08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none], proto OSPF (89), length 72)<br>
</span>> 10.29.0.4 > <a href="http://ospf-all.mcast.net" rel="noreferrer" target="_blank">ospf-all.mcast.net</a> <<a href="http://ospf-all.mcast.net" rel="noreferrer" target="_blank">http://ospf-all.mcast.net</a>>: OSPFv2, Hello, length 52<br>
<div><div class="gmail-h5">> Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0)<br>
> Options [External]<br>
> Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1<br>
> Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8<br>
> Neighbor List:<br>
> 192.168.21.1<br>
> 10.29.0.1<br>
><br>
> Here the output from birdc show ospf neighbors on client:<br>
><br>
> Router ID Pri State DTime Interface Router IP<br>
> 192.168.21.17 1 Full/DR 00:35 tun0 10.29.0.4<br>
> 10.29.0.1 1 Init/Other 00:38 tun0 10.29.0.1<br>
><br>
> and finally my ospf-setup for every device:<br>
><br>
><br>
> protocol ospf myOSPFX { # X depending on device (1,2,3)<br>
> debug all;<br>
> import filter importAll;<br>
> export filter onlyLocalExport;<br>
> area 0.0.0.0 {<br>
> interface "tun0" {<br>
> cost 10;<br>
> type bcast;<br>
> stub no;<br>
> hello 10;<br>
> transmit delay 5;<br>
> wait 10;<br>
> dead 40;<br>
> };<br>
> };<br>
> }<br>
><br>
> Do you have any idea, what I'm missing? <br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
</div></div>> 2018-04-03 16:52 GMT+02:00 Chris Boot <<a href="mailto:lists@bootc.boo.tc">lists@bootc.boo.tc</a> <mailto:<a href="mailto:lists@bootc.boo.tc">lists@bootc.boo.tc</a>>>:<br>
<span class="gmail-">><br>
> [re-sending to the list with the correct From address]<br>
><br>
> Hi,<br>
><br>
> You should be able to do this with 'topology subnet' on your server end.<br>
> It doesn't work with net30 (the default) or p2p, but I can confirm that<br>
> OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'.<br>
><br>
> I think there are issues with IPv6 on tun links with respect to<br>
> multicast, so you may struggle to get OSPFv3 working, but I haven't had<br>
> to do that yet.<br>
><br>
> HTH,<br>
> Chris<br>
><br>
> On 03/04/18 15:34, dawid k wrote:<br>
> > Therefore I tried running ospf in broadcast mode as well, but then it<br>
> > changed automatically: <br>
> ><br>
> > <WARN> myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp<br>
> ><br>
> > I tried the tap-Interface and it's working (or at least the neighbours<br>
> > were detected) but as said, my system has to use tun and I cannot change<br>
> > it. So there is propably no solution for such settings. I will try bgp<br>
> > instead. Thank you for your help.<br>
> ><br>
> > 2018-04-03 16:18 GMT+02:00 Ondrej Zajicek <<a href="mailto:santiago@crfreenet.org">santiago@crfreenet.org</a> <mailto:<a href="mailto:santiago@crfreenet.org">santiago@crfreenet.org</a><wbr>><br>
</span>> > <mailto:<a href="mailto:santiago@crfreenet.org">santiago@crfreenet.org</a> <mailto:<a href="mailto:santiago@crfreenet.org">santiago@crfreenet.org</a><wbr>>>>:<br>
<span class="gmail-">> ><br>
> > On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote:<br>
> > > OpenVPN won’t do multicast over TUN, only TAP.<br>
> ><br>
> > Well, that would be silly from OpenVPN. But tcpdump output from Dawid K<br>
> > shows that multicast packets are propagated throught TUN:<br>
> ><br>
> > > 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto OSPF (89), length 64)<br>
> > > server > 224.0.0.5 <<a href="http://224.0.0.5" rel="noreferrer" target="_blank">http://224.0.0.5</a>>: OSPFv2, Hello, length 44<br>
> > > Router-ID repo.traffic.local, Backbone Area, Authentication Type: none (0)<br>
> > > Options [External]<br>
> > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1<br>
> > > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto OSPF (89), length 64)<br>
> > > 10.29.0.6 > 224.0.0.5 <<a href="http://224.0.0.5" rel="noreferrer" target="_blank">http://224.0.0.5</a>>: OSPFv2, Hello, length 44<br>
> > > Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0)<br>
> > > Options [External]<br>
> > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1<br>
> ><br>
> > --<br>
> > Elen sila lumenn' omentielvo<br>
> ><br>
> > Ondrej 'Santiago' Zajicek (email: <a href="mailto:santiago@crfreenet.org">santiago@crfreenet.org</a> <mailto:<a href="mailto:santiago@crfreenet.org">santiago@crfreenet.org</a><wbr>><br>
</span>> > <mailto:<a href="mailto:santiago@crfreenet.org">santiago@crfreenet.<wbr>org</a> <mailto:<a href="mailto:santiago@crfreenet.org">santiago@crfreenet.org</a><wbr>>>)<br>
<span class="gmail-">> > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3,<br>
</span>> > <a href="http://wwwkeys.pgp.net" rel="noreferrer" target="_blank">wwwkeys.pgp.net</a> <<a href="http://wwwkeys.pgp.net" rel="noreferrer" target="_blank">http://wwwkeys.pgp.net</a>> <<a href="http://wwwkeys.pgp.net" rel="noreferrer" target="_blank">http://wwwkeys.pgp.net</a>>)<br>
<span class="gmail-">> > "To err is human -- to blame it on a computer is even more so."<br>
> ><br>
> ><br>
><br>
><br>
> --<br>
> Chris Boot<br>
</span>> <a href="mailto:bootc@boo.tc">bootc@boo.tc</a> <mailto:<a href="mailto:bootc@boo.tc">bootc@boo.tc</a>><br>
><br>
> --<br>
> Chris Boot<br>
> <a href="mailto:bootc@boo.tc">bootc@boo.tc</a> <mailto:<a href="mailto:bootc@boo.tc">bootc@boo.tc</a>><br>
><br>
><br>
><br>
<br>
</blockquote></div><br></div></div>