2018-04-04 10:59 GMT+02:00 Jan Maria Matejka <jan.matejka@nic.cz>:

Hello,

please could you enable 'debug all' for the ospf protocol at server?
It should tell you whether it receives the packets and what is it doing
with them.

It is enabled, Here the logs:

2018-04-04 11:22:42 <TRACE> myOSPF3: Initializing

2018-04-04 11:22:42 <TRACE> myOSPF3: Starting

2018-04-04 11:22:42 <TRACE> myOSPF3: Adding area 0.0.0.0

2018-04-04 11:22:42 <TRACE> myOSPF3: Connected to table master

2018-04-04 11:22:42 <TRACE> myOSPF3: State changed to feed

2018-04-04 11:22:42 <TRACE> myOSPF3 < added 1.1.1.1/32 via 192.168.20.94 on eth0

2018-04-04 11:22:42 <TRACE> myOSPF3: Originating LSA: Type: 4005, Id: 1.1.1.1, Rt: 10.29.0.1, Seq: 80000001

2018-04-04 11:22:42 <INFO> Started

2018-04-04 11:22:42 <TRACE> myOSPF3 < interface lo goes up

2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address 127.0.0.0/8 on interface lo added

2018-04-04 11:22:42 <TRACE> myOSPF3 < interface eth0 goes up

2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address 192.168.20.0/24 on interface eth0 added

2018-04-04 11:22:42 <TRACE> myOSPF3 < interface tun0 goes up

2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address 10.29.0.0/22 on interface tun0 added

2018-04-04 11:22:42 <TRACE> myOSPF3: Adding interface tun0 (10.29.0.0/22) to area 0.0.0.0

2018-04-04 11:22:42 <TRACE> myOSPF3 < added 1.1.1.1/32 via 192.168.20.94 on eth0

2018-04-04 11:22:42 <TRACE> myOSPF3: State changed to up

2018-04-04 11:22:42 <ERR> KRT: Received route 1.1.1.1/32 with strange next-hop 192.168.20.94

2018-04-04 11:22:42 <ERR> KRT: Received route 10.29.0.0/20 with strange next-hop 10.29.0.1

2018-04-04 11:22:42 <WARN> Netlink: File exists

2018-04-04 11:22:42 <TRACE> myOSPF3: Interface tun0 changed state from Down to Waiting

2018-04-04 11:22:42 <TRACE> myOSPF3: HELLO packet sent via tun0

2018-04-04 11:22:43 <TRACE> myOSPF3: Updating router state for area 0.0.0.0

2018-04-04 11:22:43 <TRACE> myOSPF3: Originating LSA: Type: 2001, Id: 10.29.0.1, Rt: 10.29.0.1, Seq: 80000001

2018-04-04 11:22:43 <TRACE> myOSPF3: Scheduling routing table calculation

2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation

2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for area 0.0.0.0

2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for inter-area (area 0.0.0.0)

2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for ext routes

2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table synchronisation

2018-04-04 11:22:43 <TRACE> myOSPF3 > added [best] 10.29.0.0/22 dev tun0

2018-04-04 11:22:43 <TRACE> myOSPF3 < rejected by protocol 10.29.0.0/22 dev tun0

2018-04-04 11:22:52 <TRACE> myOSPF3: HELLO packet sent via tun0

2018-04-04 11:22:52 <TRACE> myOSPF3: Wait timer fired on tun0

2018-04-04 11:22:52 <TRACE> myOSPF3: Interface tun0 changed state from Waiting to DR

2018-04-04 11:22:52 <TRACE> myOSPF3: Updating router state for area 0.0.0.0

no received packets, but with tcpdump on server I can see, that all devices are sending hello messages:

11:18:26.328789 IP (tos 0xc0, ttl 1, id 15244, offset 0, flags [none], proto OSPF (89), length 64)

10.29.0.1 (that's the server) > ospf-all.mcast.net: OSPFv2, Hello, length 44

Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)

Options [External]

Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1

Designated Router 10.29.0.1

11:18:31.408140 IP (tos 0xc0, ttl 1, id 62511, offset 0, flags [none], proto OSPF (89), length 72)

10.29.0.8 > ospf-all.mcast.net: OSPFv2, Hello, length 52

Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0)

Options [External]

Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1

Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8

Neighbor List:

192.168.21.17

10.29.0.1

11:18:31.741169 IP (tos 0xc0, ttl 1, id 55888, offset 0, flags [none], proto OSPF (89), length 72)

10.29.0.4 > ospf-all.mcast.net: OSPFv2, Hello, length 52

Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0)

Options [External]

Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1

Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8

Neighbor List:

192.168.21.1

10.29.0.1

The issue is, that the server cannot leave the init state. The clients see each other.

on client:

birdc show ospf neighbors

BIRD 1.6.3 ready.

myOSPF2:

Router ID Pri State DTime Interface Router IP

192.168.20.54 1 Full/DR 00:36 eth0 192.168.21.22

192.168.21.1 1 Full/BDR 00:32 tun0 10.29.0.8

10.29.0.1 1 Init/Other 00:37 tun0 10.29.0.1

OpenVPN in TUN mode does quite strange things with routing. Have you tried
routing by static routes first (to see whether it works or not)?

Example:

Server has 10.29.0.1/30 (peer 10.29.0.2).
Client A has 10.29.0.5/30 (peer 10.29.0.6) and 172.30.5.0/24 on other iface.
Client B has 10.29.0.9/30 (peer 10.29.0.10) and 172.30.9.0/24 on other iface.

Have you managed to add a route on Client A that would route traffic
to 172.30.9.0/24? (If yes, please tell me, I also need something like that.)

Yes, such settings is working even dynamically. I added a real router between two clients so, that there are now two possible ways (vpn and cable) to each client and both are working after disconnected the second connection.

Now I would like to ping a client from server over another client : server ------ (tun0) ----> client ------- (eth0) ------> client

But on the server bird cannot communicate and add routes form neighbours.

Now I overcome these problems by several GRE (or GRETAP) tunnels over the VPN,
these are real PtP links and also routing works over them quite well.

M.

On 04/04/2018 10:29 AM, dawid k wrote:
> Additional info:
>
> bird show ospf state on server:
>
> area 0.0.0.0
>
> router 10.29.0.1
> distance 0
> stubnet 10.29.0.0/22 <http://10.29.0.0/22> metric 10
> external 1.1.1.1/32 <http://1.1.1.1/32> metric 33
> external 10.29.0.0/22 <http://10.29.0.0/22> metric 33
>
> I wonder, why my netowrk is marked as stubnet. I defined in config stub no. I suppose, that's the problem, but how can I avoid this ?
>
> bird show ospf state on first client :
>
> router 192.168.21.17
> distance 20
> network 192.168.21.16/28 <http://192.168.21.16/28> metric 5
> network 10.29.0.0/22 <http://10.29.0.0/22> metric 10 #ethernet
> external 192.168.9.17/32 <http://192.168.9.17/32> metric2 10000 via 192.168.21.25 #static
>
> network
> ......
>
>
>
>
> 2018-04-04 8:59 GMT+02:00 dawid k <tookie009smieci@gmail.com <mailto:tookie009smieci@gmail.com>>:
>
> Hi Chris,
>
> Thank you for your advice, I got a little bit forward.
>
> I expended my topology with another pc - another vpn client - and I got these two vpn clients working, but somehow I cannot get the server to work properly. The server remains always in state  Init/Other.
>
> I can see with tcpdump, that every pc is sending the hello-message, but the server is missing the neighbor list:
>
>
> 08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none], proto OSPF (89), length 64)
> server > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, length 44
>    Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)
>    Options [External]
>    Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>    Designated Router 10.29.0.1
> 08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none], proto OSPF (89), length 72)
>    10.29.0.8 > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, length 52
>    Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0)
>    Options [External]
>    Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>    Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
>    Neighbor List:
>    192.168.21.17
>    10.29.0.1
> 08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none], proto OSPF (89), length 72)
>    10.29.0.4 > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, length 52

>    Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0)
>    Options [External]
>    Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>    Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
>    Neighbor List:
>    192.168.21.1
>    10.29.0.1
>
> Here the output from birdc show ospf neighbors on client:
>
> Router ID Pri State DTime Interface Router IP
> 192.168.21.17 1 Full/DR 00:35 tun0 10.29.0.4
> 10.29.0.1 1 Init/Other 00:38 tun0 10.29.0.1
>
> and finally my ospf-setup for every device:
>
>
> protocol ospf myOSPFX { # X depending on device (1,2,3)
>    debug all;
>    import filter importAll;
>    export filter onlyLocalExport;
>    area 0.0.0.0 {
>    interface "tun0" {
>    cost 10;
>    type bcast;
>    stub no;
>    hello 10;
>    transmit delay 5;
>    wait 10;
>    dead 40;
>    };
>    };
> }
>
> Do you have any idea, what I'm missing?
>
>
>
>
>
>
>
>
>
>
>
>
>
>

> 2018-04-03 16:52 GMT+02:00 Chris Boot <lists@bootc.boo.tc <mailto:lists@bootc.boo.tc>>:
>
> [re-sending to the list with the correct From address]
>
> Hi,
>
> You should be able to do this with 'topology subnet' on your server end.
> It doesn't work with net30 (the default) or p2p, but I can confirm that
> OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'.
>
> I think there are issues with IPv6 on tun links with respect to
> multicast, so you may struggle to get OSPFv3 working, but I haven't had
> to do that yet.
>
> HTH,
> Chris
>
> On 03/04/18 15:34, dawid k wrote:
> > Therefore I tried running ospf in broadcast mode as well, but then it
> > changed automatically:
> >
> > <WARN> myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp
> >
> > I tried the tap-Interface and it's working (or at least the neighbours
> > were detected) but as said, my system has to use tun and I cannot change
> > it. So there is propably no solution for such settings. I will try bgp
> > instead. Thank you for your help.
> >
> > 2018-04-03 16:18 GMT+02:00 Ondrej Zajicek <santiago@crfreenet.org <mailto:santiago@crfreenet.org>
> > <mailto:santiago@crfreenet.org <mailto:santiago@crfreenet.org>>>:
> >
> > On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote:
> > > OpenVPN won’t do multicast over TUN, only TAP.
> >
> > Well, that would be silly from OpenVPN. But tcpdump output from Dawid K
> > shows that multicast packets are propagated throught TUN:
> >
> > > 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto OSPF (89), length 64)
> > > server > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44
> > > Router-ID repo.traffic.local, Backbone Area, Authentication Type: none (0)
> > > Options [External]
> > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
> > > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto OSPF (89), length 64)
> > > 10.29.0.6 > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44
> > > Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0)
> > > Options [External]
> > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
> >
> > --
> > Elen sila lumenn' omentielvo
> >
> > Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org <mailto:santiago@crfreenet.org>
> > <mailto:santiago@crfreenet.org <mailto:santiago@crfreenet.org>>)
> > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3,
> > wwwkeys.pgp.net <http://wwwkeys.pgp.net> <http://wwwkeys.pgp.net>)
> > "To err is human -- to blame it on a computer is even more so."
> >
> >
>
>
> --
> Chris Boot
> bootc@boo.tc <mailto:bootc@boo.tc>
>
> --
> Chris Boot
> bootc@boo.tc <mailto:bootc@boo.tc>
>
>
>