Hi Chris,

Thank you for your advice, I got a little bit forward.

I expended my topology with another pc - another vpn client - and I got these two vpn clients working, but somehow I cannot get the server to work properly. The server remains always in state  Init/Other.

I can see with tcpdump, that every pc is sending the hello-message, but the server is missing the neighbor list:


08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none], proto OSPF (89), length 64)
server > ospf-all.mcast.net: OSPFv2, Hello, length 44
        Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)
        Options [External]
          Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
          Designated Router 10.29.0.1
08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none], proto OSPF (89), length 72)
    10.29.0.8 > ospf-all.mcast.net: OSPFv2, Hello, length 52
        Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0)
        Options [External]
          Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
          Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
          Neighbor List:
            192.168.21.17
            10.29.0.1
08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none], proto OSPF (89), length 72)
    10.29.0.4 > ospf-all.mcast.net: OSPFv2, Hello, length 52
        Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0)
        Options [External]
          Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
          Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
          Neighbor List:
            192.168.21.1
            10.29.0.1

Here the output from  birdc show ospf neighbors on client:

Router ID       Pri          State      DTime   Interface  Router IP
192.168.21.17     1     Full/DR         00:35   tun0       10.29.0.4
10.29.0.1         1     Init/Other      00:38   tun0       10.29.0.1

and finally my ospf-setup for every device:


protocol ospf myOSPFX { # X depending on device (1,2,3)
        debug all;
        import filter importAll;
        export filter onlyLocalExport;
        area 0.0.0.0 {
                interface "tun0" {
                        cost 10;
                        type  bcast;
                        stub no;
                        hello 10;
                        transmit delay 5;
                        wait 10;
                        dead 40;
                 };
       };
}

Do you have any idea, what I'm missing? 














2018-04-03 16:52 GMT+02:00 Chris Boot <lists@bootc.boo.tc>:
[re-sending to the list with the correct From address]

Hi,

You should be able to do this with 'topology subnet' on your server end.
It doesn't work with net30 (the default) or p2p, but I can confirm that
OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'.

I think there are issues with IPv6 on tun links with respect to
multicast, so you may struggle to get OSPFv3 working, but I haven't had
to do that yet.

HTH,
Chris

On 03/04/18 15:34, dawid k wrote:
> Therefore I tried running ospf in broadcast mode as well, but then it
> changed automatically: 
>
> <WARN> myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp
>
> I tried the tap-Interface and it's working (or at least the neighbours
> were detected) but as said, my system has to use tun and I cannot change
> it. So there is propably no solution for such settings. I will try bgp
> instead. Thank you for your help.
>
> 2018-04-03 16:18 GMT+02:00 Ondrej Zajicek <santiago@crfreenet.org
> <mailto:santiago@crfreenet.org>>:
>
>     On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote:
>     > OpenVPN won’t do multicast over TUN, only TAP.
>
>     Well, that would be silly from OpenVPN. But tcpdump output from Dawid K
>     shows that multicast packets are propagated throught TUN:
>
>     > 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto OSPF (89), length 64)
>     >     server > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44
>     >         Router-ID repo.traffic.local, Backbone Area, Authentication Type: none (0)
>     >         Options [External]
>     >           Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
>     > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto OSPF (89), length 64)
>     >     10.29.0.6 > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44
>     >         Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0)
>     >         Options [External]
>     >           Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
>
>     --
>     Elen sila lumenn' omentielvo
>
>     Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org
>     <mailto:santiago@crfreenet.org>)
>     OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3,
>     wwwkeys.pgp.net <http://wwwkeys.pgp.net>)
>     "To err is human -- to blame it on a computer is even more so."
>
>


--
Chris Boot
bootc@boo.tc

--
Chris Boot
bootc@boo.tc