Cannot connect two ospf-instances over tun-interface
I'm trying to set up pretty simply configuration consisting of two linux machines connected over tun-interface created by OpenVPN. The VPN-connection is working fine - I can send data over this interface. Now I installed bird and configured ospf on both devices. I can see that both bird instances are sending hello packets on tun-interface however no one of them is getting the message. I can see with tcpdump, that every device is getting the hello-message. However they are not forwarded to bird or bird just ignores them. I tried my setup over cabel with eth0-interface and everything is working fine. Right now every machine is advertising just one example static network. I will focus on correct advertising later after I connect those two instances. The tun0 interface is working in type ptp and the netmask is 255.255.255.255. Do you have any idea what's wrong? Thanks for every input, tookie009
Here my configuration (client): ifconfig tun0: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.29.0.10 P-t-P:10.29.0.9 Mask:255.255.255.255 bird_ospf.conf (included in bird.conf) : protocol ospf myOSPF { area 0.0.0.0 { interface "tun0" { cost 10; type ptp; stub no; hello 10; transmit delay 5; wait 10; dead 40; neighbors { 10.29.0.1; }; }; }; tcpdump -v -XX proto ospf -i tun0 (confirmation, that hello messages are sent and received) : 12:59:03.143238 IP (tos 0xc0, ttl 1, id 15765, offset 0, flags [none], proto OSPF (89), length 64) 10.29.0.01 > 224.0.0.5: OSPFv2, Hello, length 44 ... 12:59:09.157965 IP (tos 0xc0, ttl 1, id 59599, offset 0, flags [none], proto OSPF (89), length 64) 10.29.0.10 > 224.0.0.5: OSPFv2, Hello, length 44 The server is using similar configuration. It differs only by IP(10.29.0.1) and router-ID. 2018-03-29 13:37 GMT+02:00 dawid k <tookie009smieci@gmail.com>:
I'm trying to set up pretty simply configuration consisting of two linux machines connected over tun-interface created by OpenVPN.
The VPN-connection is working fine - I can send data over this interface. Now I installed bird and configured ospf on both devices. I can see that both bird instances are sending hello packets on tun-interface however no one of them is getting the message.
I can see with tcpdump, that every device is getting the hello-message. However they are not forwarded to bird or bird just ignores them.
I tried my setup over cabel with eth0-interface and everything is working fine. Right now every machine is advertising just one example static network. I will focus on correct advertising later after I connect those two instances.
The tun0 interface is working in type ptp and the netmask is 255.255.255.255. Do you have any idea what's wrong?
Thanks for every input, tookie009
On Thu, Mar 29, 2018 at 03:02:52PM +0200, dawid k wrote:
Here my configuration (client):
ifconfig tun0: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.29.0.10 P-t-P:10.29.0.9 Mask:255.255.255.255
bird_ospf.conf (included in bird.conf) :
protocol ospf myOSPF { area 0.0.0.0 { interface "tun0" { cost 10; type ptp; stub no; hello 10; transmit delay 5; wait 10; dead 40; neighbors { 10.29.0.1; }; }; };
Hi What do you get from: ip addr list birdc show interfaces birdc show ospf interface birdc show ospf neighbors tcpdump -v -s 0 proto ospf -i tun0 Do you have anything interesting in logs? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
ip addr list: server: eth0, lo and 5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100 link/[65534] inet 10.29.0.1 peer 10.29.0.2/32 scope global tun0 client: 977: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100 link/[65534] inet 10.29.0.6 peer 10.29.0.5/32 scope global tun0 valid_lft forever preferred_lft forever Following commands resulted in similar output on client and server with different IP-Addresses. birdc show interfaces: tun0 up (index=5) PtP Multicast AdminUp LinkUp MTU=1500 10.29.0.1/32 (Primary, opposite 10.29.0.2, scope site) birdc show ospf interface: BIRD 1.6.3 ready. myOSPF3: Interface tun0 (peer 10.29.0.2) Type: ptp Area: 0.0.0.0 (0) State: PtP Priority: 1 Cost: 10 Hello timer: 10 Wait timer: 10 Dead timer: 40 Retransmit timer: 5 birdc show ospf neighbors: no neighbours. tcpdump -v -s 0 proto ospf -i tun0 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto OSPF (89), length 64) server > ospf-all.mcast.net: OSPFv2, Hello, length 44 Router-ID repo.traffic.local, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto OSPF (89), length 64) 10.29.0.6 > ospf-all.mcast.net: OSPFv2, Hello, length 44 Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1 Where server is the name of my server. In logs I can see only multiple <TRACE> myOSPF3: HELLO packet sent via tun0 - messages and once after start initial logs like adding area and originating lsa for routes from static-protocol. Now i'm trying to establish ptp-connection for ospf, but in future the server should run in ptmp mode. I suppose, that there is somethnig wrong with the IP-Address of peer, since the server has IP-Address 10.29.0.1 and the client 10.29.0.10. But I declared these IP-Adresses as neighbour in config file. Maybe there is an issue, that the IP-Addresses are in /32-network? But unfortunately I cannot change anything in openvpn settings. Do you have any idea, what I'm doing wrong? 2018-03-30 0:25 GMT+02:00 Ondrej Zajicek <santiago@crfreenet.org>:
On Thu, Mar 29, 2018 at 03:02:52PM +0200, dawid k wrote:
Here my configuration (client):
ifconfig tun0: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.29.0.10 P-t-P:10.29.0.9 Mask:255.255.255.255
bird_ospf.conf (included in bird.conf) :
protocol ospf myOSPF { area 0.0.0.0 { interface "tun0" { cost 10; type ptp; stub no; hello 10; transmit delay 5; wait 10; dead 40; neighbors { 10.29.0.1; }; }; };
Hi
What do you get from:
ip addr list birdc show interfaces birdc show ospf interface birdc show ospf neighbors tcpdump -v -s 0 proto ospf -i tun0
Do you have anything interesting in logs?
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
2018-03-30 0:25 GMT+02:00 Ondrej Zajicek <santiago@crfreenet.org>:
On Thu, Mar 29, 2018 at 03:02:52PM +0200, dawid k wrote:
Here my configuration (client):
ifconfig tun0: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.29.0.10 P-t-P:10.29.0.9 Mask:255.255.255.255
bird_ospf.conf (included in bird.conf) :
protocol ospf myOSPF { area 0.0.0.0 { interface "tun0" { cost 10; type ptp; stub no; hello 10; transmit delay 5; wait 10; dead 40; neighbors { 10.29.0.1; }; }; };
Hi
What do you get from:
ip addr list birdc show interfaces birdc show ospf interface birdc show ospf neighbors tcpdump -v -s 0 proto ospf -i tun0
Do you have anything interesting in logs?
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
On Tue, Apr 03, 2018 at 09:23:34AM +0200, dawid k wrote:
ip addr list: server:
eth0, lo and 5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100 link/[65534] inet 10.29.0.1 peer 10.29.0.2/32 scope global tun0
client:
977: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100 link/[65534] inet 10.29.0.6 peer 10.29.0.5/32 scope global tun0 valid_lft forever preferred_lft forever
Now i'm trying to establish ptp-connection for ospf, but in future the server should run in ptmp mode. I suppose, that there is somethnig wrong with the IP-Address of peer, since the server has IP-Address 10.29.0.1 and the client 10.29.0.10. But I declared these IP-Adresses as neighbour in config file. Maybe there is an issue, that the IP-Addresses are in /32-network?
Yes, that is the issue. BIRD OSPFv2 works really on per-ip-range basis instead of per-iface. So if you have 10.29.0.2/32 range on tun0, then incoming packets outside of 10.29.0.2/32 are ignored. You could use /32 network, but it must be matching (10.29.0.2 peer 10.29.0.1/32 on the client). Option 'neighbors' in config file works only with NBMA or PtMP iface types, is ignored otherwise. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
OpenVPN won’t do multicast over TUN, only TAP. -- Michael McConnell WINK Streaming; email: michael@winkstreaming.com toll free: 877-GO-4-WINK x 7400 direct: +1 312 281-5434 cell: +506 8706-2389 skype: wink-michael web: http://winkstreaming.com
On Apr 3, 2018, at 1:23 AM, dawid k <tookie009smieci@gmail.com> wrote:
ip addr list: server:
eth0, lo and 5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100 link/[65534] inet 10.29.0.1 peer 10.29.0.2/32 <http://10.29.0.2/32> scope global tun0
client:
977: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100 link/[65534] inet 10.29.0.6 peer 10.29.0.5/32 <http://10.29.0.5/32> scope global tun0 valid_lft forever preferred_lft forever
Following commands resulted in similar output on client and server with different IP-Addresses.
birdc show interfaces:
tun0 up (index=5) PtP Multicast AdminUp LinkUp MTU=1500 10.29.0.1/32 <http://10.29.0.1/32> (Primary, opposite 10.29.0.2, scope site)
birdc show ospf interface:
BIRD 1.6.3 ready. myOSPF3: Interface tun0 (peer 10.29.0.2) Type: ptp Area: 0.0.0.0 (0) State: PtP Priority: 1 Cost: 10 Hello timer: 10 Wait timer: 10 Dead timer: 40 Retransmit timer: 5
birdc show ospf neighbors: no neighbours.
tcpdump -v -s 0 proto ospf -i tun0
06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto OSPF (89), length 64) server > ospf-all.mcast.net <http://ospf-all.mcast.net/>: OSPFv2, Hello, length 44 Router-ID repo.traffic.local, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto OSPF (89), length 64) 10.29.0.6 > ospf-all.mcast.net <http://ospf-all.mcast.net/>: OSPFv2, Hello, length 44 Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
Where server is the name of my server.
In logs I can see only multiple <TRACE> myOSPF3: HELLO packet sent via tun0 - messages and once after start initial logs like adding area and originating lsa for routes from static-protocol.
Now i'm trying to establish ptp-connection for ospf, but in future the server should run in ptmp mode. I suppose, that there is somethnig wrong with the IP-Address of peer, since the server has IP-Address 10.29.0.1 and the client 10.29.0.10. But I declared these IP-Adresses as neighbour in config file. Maybe there is an issue, that the IP-Addresses are in /32-network? But unfortunately I cannot change anything in openvpn settings. Do you have any idea, what I'm doing wrong?
2018-03-30 0:25 GMT+02:00 Ondrej Zajicek <santiago@crfreenet.org <mailto:santiago@crfreenet.org>>: On Thu, Mar 29, 2018 at 03:02:52PM +0200, dawid k wrote:
Here my configuration (client):
ifconfig tun0: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.29.0.10 P-t-P:10.29.0.9 Mask:255.255.255.255
bird_ospf.conf (included in bird.conf) :
protocol ospf myOSPF { area 0.0.0.0 { interface "tun0" { cost 10; type ptp; stub no; hello 10; transmit delay 5; wait 10; dead 40; neighbors { 10.29.0.1; }; }; };
Hi
What do you get from:
ip addr list birdc show interfaces birdc show ospf interface birdc show ospf neighbors tcpdump -v -s 0 proto ospf -i tun0
Do you have anything interesting in logs?
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org <mailto:santiago@crfreenet.org>) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net <http://wwwkeys.pgp.net/>) "To err is human -- to blame it on a computer is even more so."
2018-03-30 0:25 GMT+02:00 Ondrej Zajicek <santiago@crfreenet.org <mailto:santiago@crfreenet.org>>: On Thu, Mar 29, 2018 at 03:02:52PM +0200, dawid k wrote:
Here my configuration (client):
ifconfig tun0: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.29.0.10 P-t-P:10.29.0.9 Mask:255.255.255.255
bird_ospf.conf (included in bird.conf) :
protocol ospf myOSPF { area 0.0.0.0 { interface "tun0" { cost 10; type ptp; stub no; hello 10; transmit delay 5; wait 10; dead 40; neighbors { 10.29.0.1; }; }; };
Hi
What do you get from:
ip addr list birdc show interfaces birdc show ospf interface birdc show ospf neighbors tcpdump -v -s 0 proto ospf -i tun0
Do you have anything interesting in logs?
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org <mailto:santiago@crfreenet.org>) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net <http://wwwkeys.pgp.net/>) "To err is human -- to blame it on a computer is even more so."
On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote:
OpenVPN won’t do multicast over TUN, only TAP.
Well, that would be silly from OpenVPN. But tcpdump output from Dawid K shows that multicast packets are propagated throught TUN:
06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto OSPF (89), length 64) server > 224.0.0.5: OSPFv2, Hello, length 44 Router-ID repo.traffic.local, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto OSPF (89), length 64) 10.29.0.6 > 224.0.0.5: OSPFv2, Hello, length 44 Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
-- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Therefore I tried running ospf in broadcast mode as well, but then it changed automatically: <WARN> myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp I tried the tap-Interface and it's working (or at least the neighbours were detected) but as said, my system has to use tun and I cannot change it. So there is propably no solution for such settings. I will try bgp instead. Thank you for your help. 2018-04-03 16:18 GMT+02:00 Ondrej Zajicek <santiago@crfreenet.org>:
On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote:
OpenVPN won’t do multicast over TUN, only TAP.
Well, that would be silly from OpenVPN. But tcpdump output from Dawid K shows that multicast packets are propagated throught TUN:
06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto OSPF (89), length 64) server > 224.0.0.5: OSPFv2, Hello, length 44 Router-ID repo.traffic.local, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto OSPF (89), length 64) 10.29.0.6 > 224.0.0.5: OSPFv2, Hello, length 44 Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
[re-sending to the list with the correct From address] Hi, You should be able to do this with 'topology subnet' on your server end. It doesn't work with net30 (the default) or p2p, but I can confirm that OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'. I think there are issues with IPv6 on tun links with respect to multicast, so you may struggle to get OSPFv3 working, but I haven't had to do that yet. HTH, Chris On 03/04/18 15:34, dawid k wrote:
Therefore I tried running ospf in broadcast mode as well, but then it changed automatically:
<WARN> myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp
I tried the tap-Interface and it's working (or at least the neighbours were detected) but as said, my system has to use tun and I cannot change it. So there is propably no solution for such settings. I will try bgp instead. Thank you for your help.
2018-04-03 16:18 GMT+02:00 Ondrej Zajicek <santiago@crfreenet.org <mailto:santiago@crfreenet.org>>:
On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote: > OpenVPN won’t do multicast over TUN, only TAP.
Well, that would be silly from OpenVPN. But tcpdump output from Dawid K shows that multicast packets are propagated throught TUN:
> 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto OSPF (89), length 64) > server > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44 > Router-ID repo.traffic.local, Backbone Area, Authentication Type: none (0) > Options [External] > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1 > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto OSPF (89), length 64) > 10.29.0.6 > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44 > Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) > Options [External] > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org <mailto:santiago@crfreenet.org>) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net <http://wwwkeys.pgp.net>) "To err is human -- to blame it on a computer is even more so."
-- Chris Boot bootc@boo.tc -- Chris Boot bootc@boo.tc
Hi Chris, Thank you for your advice, I got a little bit forward. I expended my topology with another pc - another vpn client - and I got these two vpn clients working, but somehow I cannot get the server to work properly. The server remains always in state Init/Other. I can see with tcpdump, that every pc is sending the hello-message, but the server is missing the neighbor list: 08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none], proto OSPF (89), length 64) server > ospf-all.mcast.net: OSPFv2, Hello, length 44 Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.1 08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none], proto OSPF (89), length 72) 10.29.0.8 > ospf-all.mcast.net: OSPFv2, Hello, length 52 Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 Neighbor List: 192.168.21.17 10.29.0.1 08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none], proto OSPF (89), length 72) 10.29.0.4 > ospf-all.mcast.net: OSPFv2, Hello, length 52 Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 Neighbor List: 192.168.21.1 10.29.0.1 Here the output from birdc show ospf neighbors on client: Router ID Pri State DTime Interface Router IP 192.168.21.17 1 Full/DR 00:35 tun0 10.29.0.4 10.29.0.1 1 Init/Other 00:38 tun0 10.29.0.1 and finally my ospf-setup for every device: protocol ospf myOSPFX { # X depending on device (1,2,3) debug all; import filter importAll; export filter onlyLocalExport; area 0.0.0.0 { interface "tun0" { cost 10; type bcast; stub no; hello 10; transmit delay 5; wait 10; dead 40; }; }; } Do you have any idea, what I'm missing? 2018-04-03 16:52 GMT+02:00 Chris Boot <lists@bootc.boo.tc>:
[re-sending to the list with the correct From address]
Hi,
You should be able to do this with 'topology subnet' on your server end. It doesn't work with net30 (the default) or p2p, but I can confirm that OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'.
I think there are issues with IPv6 on tun links with respect to multicast, so you may struggle to get OSPFv3 working, but I haven't had to do that yet.
HTH, Chris
On 03/04/18 15:34, dawid k wrote:
Therefore I tried running ospf in broadcast mode as well, but then it changed automatically:
<WARN> myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp
I tried the tap-Interface and it's working (or at least the neighbours were detected) but as said, my system has to use tun and I cannot change it. So there is propably no solution for such settings. I will try bgp instead. Thank you for your help.
2018-04-03 16:18 GMT+02:00 Ondrej Zajicek <santiago@crfreenet.org <mailto:santiago@crfreenet.org>>:
On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote: > OpenVPN won’t do multicast over TUN, only TAP.
Well, that would be silly from OpenVPN. But tcpdump output from Dawid K shows that multicast packets are propagated throught TUN:
> 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto OSPF (89), length 64) > server > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44 > Router-ID repo.traffic.local, Backbone Area, Authentication Type: none (0) > Options [External] > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1 > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto OSPF (89), length 64) > 10.29.0.6 > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44 > Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) > Options [External] > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org <mailto:santiago@crfreenet.org>) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net <http://wwwkeys.pgp.net>) "To err is human -- to blame it on a computer is even more so."
-- Chris Boot bootc@boo.tc
-- Chris Boot bootc@boo.tc
Additional info: bird show ospf state on server: area 0.0.0.0 router 10.29.0.1 distance 0 stubnet 10.29.0.0/22 metric 10 external 1.1.1.1/32 metric 33 external 10.29.0.0/22 metric 33 I wonder, why my netowrk is marked as stubnet. I defined in config stub no. I suppose, that's the problem, but how can I avoid this ? bird show ospf state on first client : router 192.168.21.17 distance 20 network 192.168.21.16/28 metric 5 network 10.29.0.0/22 metric 10 #ethernet external 192.168.9.17/32 metric2 10000 via 192.168.21.25 #static network ...... 2018-04-04 8:59 GMT+02:00 dawid k <tookie009smieci@gmail.com>:
Hi Chris,
Thank you for your advice, I got a little bit forward.
I expended my topology with another pc - another vpn client - and I got these two vpn clients working, but somehow I cannot get the server to work properly. The server remains always in state Init/Other.
I can see with tcpdump, that every pc is sending the hello-message, but the server is missing the neighbor list:
08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none], proto OSPF (89), length 64) server > ospf-all.mcast.net: OSPFv2, Hello, length 44 Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.1 08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none], proto OSPF (89), length 72) 10.29.0.8 > ospf-all.mcast.net: OSPFv2, Hello, length 52 Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 Neighbor List: 192.168.21.17 10.29.0.1 08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none], proto OSPF (89), length 72) 10.29.0.4 > ospf-all.mcast.net: OSPFv2, Hello, length 52 Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 Neighbor List: 192.168.21.1 10.29.0.1
Here the output from birdc show ospf neighbors on client:
Router ID Pri State DTime Interface Router IP 192.168.21.17 1 Full/DR 00:35 tun0 10.29.0.4 10.29.0.1 1 Init/Other 00:38 tun0 10.29.0.1
and finally my ospf-setup for every device:
protocol ospf myOSPFX { # X depending on device (1,2,3) debug all; import filter importAll; export filter onlyLocalExport; area 0.0.0.0 { interface "tun0" { cost 10; type bcast; stub no; hello 10; transmit delay 5; wait 10; dead 40; }; }; }
Do you have any idea, what I'm missing?
2018-04-03 16:52 GMT+02:00 Chris Boot <lists@bootc.boo.tc>:
[re-sending to the list with the correct From address]
Hi,
You should be able to do this with 'topology subnet' on your server end. It doesn't work with net30 (the default) or p2p, but I can confirm that OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'.
I think there are issues with IPv6 on tun links with respect to multicast, so you may struggle to get OSPFv3 working, but I haven't had to do that yet.
HTH, Chris
On 03/04/18 15:34, dawid k wrote:
Therefore I tried running ospf in broadcast mode as well, but then it changed automatically:
<WARN> myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp
I tried the tap-Interface and it's working (or at least the neighbours were detected) but as said, my system has to use tun and I cannot change it. So there is propably no solution for such settings. I will try bgp instead. Thank you for your help.
2018-04-03 16:18 GMT+02:00 Ondrej Zajicek <santiago@crfreenet.org <mailto:santiago@crfreenet.org>>:
On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote: > OpenVPN won’t do multicast over TUN, only TAP.
Well, that would be silly from OpenVPN. But tcpdump output from Dawid K shows that multicast packets are propagated throught TUN:
> 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto OSPF (89), length 64) > server > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44 > Router-ID repo.traffic.local, Backbone Area, Authentication Type: none (0) > Options [External] > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1 > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto OSPF (89), length 64) > 10.29.0.6 > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44 > Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) > Options [External] > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org <mailto:santiago@crfreenet.org>) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net <http://wwwkeys.pgp.net>) "To err is human -- to blame it on a computer is even more so."
-- Chris Boot bootc@boo.tc
-- Chris Boot bootc@boo.tc
Hello, please could you enable 'debug all' for the ospf protocol at server? It should tell you whether it receives the packets and what is it doing with them. OpenVPN in TUN mode does quite strange things with routing. Have you tried routing by static routes first (to see whether it works or not)? Example: Server has 10.29.0.1/30 (peer 10.29.0.2). Client A has 10.29.0.5/30 (peer 10.29.0.6) and 172.30.5.0/24 on other iface. Client B has 10.29.0.9/30 (peer 10.29.0.10) and 172.30.9.0/24 on other iface. Have you managed to add a route on Client A that would route traffic to 172.30.9.0/24? (If yes, please tell me, I also need something like that.) Now I overcome these problems by several GRE (or GRETAP) tunnels over the VPN, these are real PtP links and also routing works over them quite well. M. On 04/04/2018 10:29 AM, dawid k wrote:
Additional info:
bird show ospf state on server:
area 0.0.0.0
router 10.29.0.1 distance 0 stubnet 10.29.0.0/22 <http://10.29.0.0/22> metric 10 external 1.1.1.1/32 <http://1.1.1.1/32> metric 33 external 10.29.0.0/22 <http://10.29.0.0/22> metric 33
I wonder, why my netowrk is marked as stubnet. I defined in config stub no. I suppose, that's the problem, but how can I avoid this ?
bird show ospf state on first client :
router 192.168.21.17 distance 20 network 192.168.21.16/28 <http://192.168.21.16/28> metric 5 network 10.29.0.0/22 <http://10.29.0.0/22> metric 10 #ethernet external 192.168.9.17/32 <http://192.168.9.17/32> metric2 10000 via 192.168.21.25 #static
network ......
2018-04-04 8:59 GMT+02:00 dawid k <tookie009smieci@gmail.com <mailto:tookie009smieci@gmail.com>>:
Hi Chris,
Thank you for your advice, I got a little bit forward.
I expended my topology with another pc - another vpn client - and I got these two vpn clients working, but somehow I cannot get the server to work properly. The server remains always in state Init/Other.
I can see with tcpdump, that every pc is sending the hello-message, but the server is missing the neighbor list:
08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none], proto OSPF (89), length 64) server > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, length 44 Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.1 08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none], proto OSPF (89), length 72) 10.29.0.8 > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, length 52 Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 Neighbor List: 192.168.21.17 10.29.0.1 08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none], proto OSPF (89), length 72) 10.29.0.4 > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, length 52 Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 Neighbor List: 192.168.21.1 10.29.0.1
Here the output from birdc show ospf neighbors on client:
Router ID Pri State DTime Interface Router IP 192.168.21.17 1 Full/DR 00:35 tun0 10.29.0.4 10.29.0.1 1 Init/Other 00:38 tun0 10.29.0.1
and finally my ospf-setup for every device:
protocol ospf myOSPFX { # X depending on device (1,2,3) debug all; import filter importAll; export filter onlyLocalExport; area 0.0.0.0 { interface "tun0" { cost 10; type bcast; stub no; hello 10; transmit delay 5; wait 10; dead 40; }; }; }
Do you have any idea, what I'm missing?
2018-04-03 16:52 GMT+02:00 Chris Boot <lists@bootc.boo.tc <mailto:lists@bootc.boo.tc>>:
[re-sending to the list with the correct From address]
Hi,
You should be able to do this with 'topology subnet' on your server end. It doesn't work with net30 (the default) or p2p, but I can confirm that OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'.
I think there are issues with IPv6 on tun links with respect to multicast, so you may struggle to get OSPFv3 working, but I haven't had to do that yet.
HTH, Chris
On 03/04/18 15:34, dawid k wrote: > Therefore I tried running ospf in broadcast mode as well, but then it > changed automatically: > > <WARN> myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp > > I tried the tap-Interface and it's working (or at least the neighbours > were detected) but as said, my system has to use tun and I cannot change > it. So there is propably no solution for such settings. I will try bgp > instead. Thank you for your help. > > 2018-04-03 16:18 GMT+02:00 Ondrej Zajicek <santiago@crfreenet.org <mailto:santiago@crfreenet.org> > <mailto:santiago@crfreenet.org <mailto:santiago@crfreenet.org>>>: > > On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote: > > OpenVPN won’t do multicast over TUN, only TAP. > > Well, that would be silly from OpenVPN. But tcpdump output from Dawid K > shows that multicast packets are propagated throught TUN: > > > 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto OSPF (89), length 64) > > server > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44 > > Router-ID repo.traffic.local, Backbone Area, Authentication Type: none (0) > > Options [External] > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1 > > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto OSPF (89), length 64) > > 10.29.0.6 > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44 > > Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) > > Options [External] > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1 > > -- > Elen sila lumenn' omentielvo > > Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org <mailto:santiago@crfreenet.org> > <mailto:santiago@crfreenet.org <mailto:santiago@crfreenet.org>>) > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, > wwwkeys.pgp.net <http://wwwkeys.pgp.net> <http://wwwkeys.pgp.net>) > "To err is human -- to blame it on a computer is even more so." > >
-- Chris Boot bootc@boo.tc <mailto:bootc@boo.tc>
-- Chris Boot bootc@boo.tc <mailto:bootc@boo.tc>
2018-04-04 10:59 GMT+02:00 Jan Maria Matejka <jan.matejka@nic.cz>:
Hello,
please could you enable 'debug all' for the ospf protocol at server? It should tell you whether it receives the packets and what is it doing with them.
It is enabled, Here the logs: 2018-04-04 11:22:42 <TRACE> myOSPF3: Initializing 2018-04-04 11:22:42 <TRACE> myOSPF3: Starting 2018-04-04 11:22:42 <TRACE> myOSPF3: Adding area 0.0.0.0 2018-04-04 11:22:42 <TRACE> myOSPF3: Connected to table master 2018-04-04 11:22:42 <TRACE> myOSPF3: State changed to feed 2018-04-04 11:22:42 <TRACE> myOSPF3 < added 1.1.1.1/32 via 192.168.20.94 on eth0 2018-04-04 11:22:42 <TRACE> myOSPF3: Originating LSA: Type: 4005, Id: 1.1.1.1, Rt: 10.29.0.1, Seq: 80000001 2018-04-04 11:22:42 <INFO> Started 2018-04-04 11:22:42 <TRACE> myOSPF3 < interface lo goes up 2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address 127.0.0.0/8 on interface lo added 2018-04-04 11:22:42 <TRACE> myOSPF3 < interface eth0 goes up 2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address 192.168.20.0/24 on interface eth0 added 2018-04-04 11:22:42 <TRACE> myOSPF3 < interface tun0 goes up 2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address 10.29.0.0/22 on interface tun0 added 2018-04-04 11:22:42 <TRACE> myOSPF3: Adding interface tun0 (10.29.0.0/22) to area 0.0.0.0 2018-04-04 11:22:42 <TRACE> myOSPF3 < added 1.1.1.1/32 via 192.168.20.94 on eth0 2018-04-04 11:22:42 <TRACE> myOSPF3: State changed to up 2018-04-04 11:22:42 <ERR> KRT: Received route 1.1.1.1/32 with strange next-hop 192.168.20.94 2018-04-04 11:22:42 <ERR> KRT: Received route 1.1.1.1/32 with strange next-hop 192.168.20.94 2018-04-04 11:22:42 <ERR> KRT: Received route 10.29.0.0/20 with strange next-hop 10.29.0.1 2018-04-04 11:22:42 <WARN> Netlink: File exists 2018-04-04 11:22:42 <TRACE> myOSPF3: Interface tun0 changed state from Down to Waiting 2018-04-04 11:22:42 <TRACE> myOSPF3: HELLO packet sent via tun0 2018-04-04 11:22:43 <TRACE> myOSPF3: Updating router state for area 0.0.0.0 2018-04-04 11:22:43 <TRACE> myOSPF3: Originating LSA: Type: 2001, Id: 10.29.0.1, Rt: 10.29.0.1, Seq: 80000001 2018-04-04 11:22:43 <TRACE> myOSPF3: Scheduling routing table calculation 2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation 2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for area 0.0.0.0 2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for inter-area (area 0.0.0.0) 2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for ext routes 2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table synchronisation 2018-04-04 11:22:43 <TRACE> myOSPF3 > added [best] 10.29.0.0/22 dev tun0 2018-04-04 11:22:43 <TRACE> myOSPF3 < rejected by protocol 10.29.0.0/22 dev tun0 2018-04-04 11:22:52 <TRACE> myOSPF3: HELLO packet sent via tun0 2018-04-04 11:22:52 <TRACE> myOSPF3: Wait timer fired on tun0 2018-04-04 11:22:52 <TRACE> myOSPF3: Interface tun0 changed state from Waiting to DR 2018-04-04 11:22:52 <TRACE> myOSPF3: Updating router state for area 0.0.0.0 no received packets, but with tcpdump on server I can see, that all devices are sending hello messages: 11:18:26.328789 IP (tos 0xc0, ttl 1, id 15244, offset 0, flags [none], proto OSPF (89), length 64) 10.29.0.1 (that's the server) > ospf-all.mcast.net: OSPFv2, Hello, length 44 Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.1 11:18:31.408140 IP (tos 0xc0, ttl 1, id 62511, offset 0, flags [none], proto OSPF (89), length 72) 10.29.0.8 > ospf-all.mcast.net: OSPFv2, Hello, length 52 Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 Neighbor List: 192.168.21.17 10.29.0.1 11:18:31.741169 IP (tos 0xc0, ttl 1, id 55888, offset 0, flags [none], proto OSPF (89), length 72) 10.29.0.4 > ospf-all.mcast.net: OSPFv2, Hello, length 52 Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 Neighbor List: 192.168.21.1 10.29.0.1 The issue is, that the server cannot leave the init state. The clients see each other. on client: birdc show ospf neighbors BIRD 1.6.3 ready. myOSPF2: Router ID Pri State DTime Interface Router IP 192.168.20.54 1 Full/DR 00:36 eth0 192.168.21.22 192.168.21.1 1 Full/BDR 00:32 tun0 10.29.0.8 10.29.0.1 1 Init/Other 00:37 tun0 10.29.0.1
OpenVPN in TUN mode does quite strange things with routing. Have you tried routing by static routes first (to see whether it works or not)?
Example:
Server has 10.29.0.1/30 (peer 10.29.0.2). Client A has 10.29.0.5/30 (peer 10.29.0.6) and 172.30.5.0/24 on other iface. Client B has 10.29.0.9/30 (peer 10.29.0.10) and 172.30.9.0/24 on other iface.
Have you managed to add a route on Client A that would route traffic to 172.30.9.0/24? (If yes, please tell me, I also need something like that.)
Yes, such settings is working even dynamically. I added a real router between two clients so, that there are now two possible ways (vpn and cable) to each client and both are working after disconnected the second connection. Now I would like to ping a client from server over another client : server ------ (tun0) ----> client ------- (eth0) ------> client But on the server bird cannot communicate and add routes form neighbours.
Now I overcome these problems by several GRE (or GRETAP) tunnels over the VPN, these are real PtP links and also routing works over them quite well.
M.
On 04/04/2018 10:29 AM, dawid k wrote:
Additional info:
bird show ospf state on server:
area 0.0.0.0
router 10.29.0.1 distance 0 stubnet 10.29.0.0/22 <http://10.29.0.0/22> metric 10 external 1.1.1.1/32 <http://1.1.1.1/32> metric 33 external 10.29.0.0/22 <http://10.29.0.0/22> metric 33
I wonder, why my netowrk is marked as stubnet. I defined in config stub no. I suppose, that's the problem, but how can I avoid this ?
bird show ospf state on first client :
router 192.168.21.17 distance 20 network 192.168.21.16/28 <http://192.168.21.16/28> metric 5 network 10.29.0.0/22 <http://10.29.0.0/22> metric 10 #ethernet external 192.168.9.17/32 <http://192.168.9.17/32> metric2 10000 via 192.168.21.25 #static
network ......
2018-04-04 8:59 GMT+02:00 dawid k <tookie009smieci@gmail.com <mailto: tookie009smieci@gmail.com>>:
Hi Chris,
Thank you for your advice, I got a little bit forward.
I expended my topology with another pc - another vpn client - and I got these two vpn clients working, but somehow I cannot get the server to work properly. The server remains always in state Init/Other.
I can see with tcpdump, that every pc is sending the hello-message, but the server is missing the neighbor list:
08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none], proto OSPF (89), length 64) server > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, length 44 Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.1 08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none], proto OSPF (89), length 72) 10.29.0.8 > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, length 52 Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 Neighbor List: 192.168.21.17 10.29.0.1 08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none], proto OSPF (89), length 72) 10.29.0.4 > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, length 52 Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 Neighbor List: 192.168.21.1 10.29.0.1
Here the output from birdc show ospf neighbors on client:
Router ID Pri State DTime Interface Router IP 192.168.21.17 1 Full/DR 00:35 tun0 10.29.0.4 10.29.0.1 1 Init/Other 00:38 tun0 10.29.0.1
and finally my ospf-setup for every device:
protocol ospf myOSPFX { # X depending on device (1,2,3) debug all; import filter importAll; export filter onlyLocalExport; area 0.0.0.0 { interface "tun0" { cost 10; type bcast; stub no; hello 10; transmit delay 5; wait 10; dead 40; }; }; }
Do you have any idea, what I'm missing?
2018-04-03 16:52 GMT+02:00 Chris Boot <lists@bootc.boo.tc <mailto: lists@bootc.boo.tc>>:
[re-sending to the list with the correct From address]
Hi,
You should be able to do this with 'topology subnet' on your server end. It doesn't work with net30 (the default) or p2p, but I can confirm that OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'.
I think there are issues with IPv6 on tun links with respect to multicast, so you may struggle to get OSPFv3 working, but I haven't had to do that yet.
HTH, Chris
On 03/04/18 15:34, dawid k wrote: > Therefore I tried running ospf in broadcast mode as well, but then it > changed automatically: > > <WARN> myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp > > I tried the tap-Interface and it's working (or at least the neighbours > were detected) but as said, my system has to use tun and I cannot change > it. So there is propably no solution for such settings. I will try bgp > instead. Thank you for your help. > > 2018-04-03 16:18 GMT+02:00 Ondrej Zajicek < santiago@crfreenet.org <mailto:santiago@crfreenet.org> > <mailto:santiago@crfreenet.org <mailto:santiago@crfreenet.org
: > > On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote: > > OpenVPN won’t do multicast over TUN, only TAP. > > Well, that would be silly from OpenVPN. But tcpdump output from Dawid K > shows that multicast packets are propagated throught TUN: > > > 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto OSPF (89), length 64) > > server > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44 > > Router-ID repo.traffic.local, Backbone Area, Authentication Type: none (0) > > Options [External] > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1 > > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto OSPF (89), length 64) > > 10.29.0.6 > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44 > > Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) > > Options [External] > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1 > > -- > Elen sila lumenn' omentielvo > > Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org <mailto:santiago@crfreenet.org> > <mailto:santiago@crfreenet.org <mailto: santiago@crfreenet.org>>) > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, > wwwkeys.pgp.net <http://wwwkeys.pgp.net> < http://wwwkeys.pgp.net>) > "To err is human -- to blame it on a computer is even more so." > >
-- Chris Boot bootc@boo.tc <mailto:bootc@boo.tc>
-- Chris Boot bootc@boo.tc <mailto:bootc@boo.tc>
Hmmm ... will try it on my own network some time this week. If I don't send any report until Monday (April 9th), please ping me. M. On 04/04/2018 11:35 AM, dawid k wrote:
2018-04-04 10:59 GMT+02:00 Jan Maria Matejka <jan.matejka@nic.cz <mailto:jan.matejka@nic.cz>>:
Hello,
please could you enable 'debug all' for the ospf protocol at server? It should tell you whether it receives the packets and what is it doing with them.
It is enabled, Here the logs:
2018-04-04 11:22:42 <TRACE> myOSPF3: Initializing 2018-04-04 11:22:42 <TRACE> myOSPF3: Starting 2018-04-04 11:22:42 <TRACE> myOSPF3: Adding area 0.0.0.0 2018-04-04 11:22:42 <TRACE> myOSPF3: Connected to table master 2018-04-04 11:22:42 <TRACE> myOSPF3: State changed to feed 2018-04-04 11:22:42 <TRACE> myOSPF3 < added 1.1.1.1/32 <http://1.1.1.1/32> via 192.168.20.94 on eth0 2018-04-04 11:22:42 <TRACE> myOSPF3: Originating LSA: Type: 4005, Id: 1.1.1.1, Rt: 10.29.0.1, Seq: 80000001 2018-04-04 11:22:42 <INFO> Started 2018-04-04 11:22:42 <TRACE> myOSPF3 < interface lo goes up 2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address 127.0.0.0/8 <http://127.0.0.0/8> on interface lo added 2018-04-04 11:22:42 <TRACE> myOSPF3 < interface eth0 goes up 2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address 192.168.20.0/24 <http://192.168.20.0/24> on interface eth0 added 2018-04-04 11:22:42 <TRACE> myOSPF3 < interface tun0 goes up 2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address 10.29.0.0/22 <http://10.29.0.0/22> on interface tun0 added 2018-04-04 11:22:42 <TRACE> myOSPF3: Adding interface tun0 (10.29.0.0/22 <http://10.29.0.0/22>) to area 0.0.0.0 2018-04-04 11:22:42 <TRACE> myOSPF3 < added 1.1.1.1/32 <http://1.1.1.1/32> via 192.168.20.94 on eth0 2018-04-04 11:22:42 <TRACE> myOSPF3: State changed to up 2018-04-04 11:22:42 <ERR> KRT: Received route 1.1.1.1/32 <http://1.1.1.1/32> with strange next-hop 192.168.20.94 2018-04-04 11:22:42 <ERR> KRT: Received route 1.1.1.1/32 <http://1.1.1.1/32> with strange next-hop 192.168.20.94 2018-04-04 11:22:42 <ERR> KRT: Received route 10.29.0.0/20 <http://10.29.0.0/20> with strange next-hop 10.29.0.1 2018-04-04 11:22:42 <WARN> Netlink: File exists 2018-04-04 11:22:42 <TRACE> myOSPF3: Interface tun0 changed state from Down to Waiting 2018-04-04 11:22:42 <TRACE> myOSPF3: HELLO packet sent via tun0 2018-04-04 11:22:43 <TRACE> myOSPF3: Updating router state for area 0.0.0.0 2018-04-04 11:22:43 <TRACE> myOSPF3: Originating LSA: Type: 2001, Id: 10.29.0.1, Rt: 10.29.0.1, Seq: 80000001 2018-04-04 11:22:43 <TRACE> myOSPF3: Scheduling routing table calculation 2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation 2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for area 0.0.0.0 2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for inter-area (area 0.0.0.0) 2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for ext routes 2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table synchronisation 2018-04-04 11:22:43 <TRACE> myOSPF3 > added [best] 10.29.0.0/22 <http://10.29.0.0/22> dev tun0 2018-04-04 11:22:43 <TRACE> myOSPF3 < rejected by protocol 10.29.0.0/22 <http://10.29.0.0/22> dev tun0 2018-04-04 11:22:52 <TRACE> myOSPF3: HELLO packet sent via tun0 2018-04-04 11:22:52 <TRACE> myOSPF3: Wait timer fired on tun0 2018-04-04 11:22:52 <TRACE> myOSPF3: Interface tun0 changed state from Waiting to DR 2018-04-04 11:22:52 <TRACE> myOSPF3: Updating router state for area 0.0.0.0
no received packets, but with tcpdump on server I can see, that all devices are sending hello messages:
11:18:26.328789 IP (tos 0xc0, ttl 1, id 15244, offset 0, flags [none], proto OSPF (89), length 64) 10.29.0.1 (that's the server) > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, length 44 Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.1 11:18:31.408140 IP (tos 0xc0, ttl 1, id 62511, offset 0, flags [none], proto OSPF (89), length 72) 10.29.0.8 > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, length 52 Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 Neighbor List: 192.168.21.17 10.29.0.1 11:18:31.741169 IP (tos 0xc0, ttl 1, id 55888, offset 0, flags [none], proto OSPF (89), length 72) 10.29.0.4 > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, length 52 Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 Neighbor List: 192.168.21.1 10.29.0.1
The issue is, that the server cannot leave the init state. The clients see each other.
on client: birdc show ospf neighbors BIRD 1.6.3 ready. myOSPF2: Router ID Pri State DTime Interface Router IP 192.168.20.54 1 Full/DR 00:36 eth0 192.168.21.22 192.168.21.1 1 Full/BDR 00:32 tun0 10.29.0.8 10.29.0.1 1 Init/Other 00:37 tun0 10.29.0.1
OpenVPN in TUN mode does quite strange things with routing. Have you tried routing by static routes first (to see whether it works or not)?
Example:
Server has 10.29.0.1/30 <http://10.29.0.1/30> (peer 10.29.0.2). Client A has 10.29.0.5/30 <http://10.29.0.5/30> (peer 10.29.0.6) and 172.30.5.0/24 <http://172.30.5.0/24> on other iface. Client B has 10.29.0.9/30 <http://10.29.0.9/30> (peer 10.29.0.10) and 172.30.9.0/24 <http://172.30.9.0/24> on other iface.
Have you managed to add a route on Client A that would route traffic to 172.30.9.0/24 <http://172.30.9.0/24>? (If yes, please tell me, I also need something like that.)
Yes, such settings is working even dynamically. I added a real router between two clients so, that there are now two possible ways (vpn and cable) to each client and both are working after disconnected the second connection.
Now I would like to ping a client from server over another client : server ------ (tun0) ----> client ------- (eth0) ------> client
But on the server bird cannot communicate and add routes form neighbours.
Now I overcome these problems by several GRE (or GRETAP) tunnels over the VPN, these are real PtP links and also routing works over them quite well.
M.
On 04/04/2018 10:29 AM, dawid k wrote: > Additional info: > > bird show ospf state on server: > > area 0.0.0.0 > > router 10.29.0.1 > distance 0 > stubnet 10.29.0.0/22 <http://10.29.0.0/22> <http://10.29.0.0/22> metric 10 > external 1.1.1.1/32 <http://1.1.1.1/32> <http://1.1.1.1/32> metric 33 > external 10.29.0.0/22 <http://10.29.0.0/22> <http://10.29.0.0/22> metric 33 > > I wonder, why my netowrk is marked as stubnet. I defined in config stub no. I suppose, that's the problem, but how can I avoid this ? > > bird show ospf state on first client : > > router 192.168.21.17 > distance 20 > network 192.168.21.16/28 <http://192.168.21.16/28> <http://192.168.21.16/28> metric 5 > network 10.29.0.0/22 <http://10.29.0.0/22> <http://10.29.0.0/22> metric 10 #ethernet > external 192.168.9.17/32 <http://192.168.9.17/32> <http://192.168.9.17/32> metric2 10000 via 192.168.21.25 #static > > network > ...... > > > > > 2018-04-04 8:59 GMT+02:00 dawid k <tookie009smieci@gmail.com <mailto:tookie009smieci@gmail.com> <mailto:tookie009smieci@gmail.com <mailto:tookie009smieci@gmail.com>>>: > > Hi Chris, > > Thank you for your advice, I got a little bit forward. > > I expended my topology with another pc - another vpn client - and I got these two vpn clients working, but somehow I cannot get the server to work properly. The server remains always in state Init/Other. > > I can see with tcpdump, that every pc is sending the hello-message, but the server is missing the neighbor list: > > > 08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none], proto OSPF (89), length 64) > server > ospf-all.mcast.net <http://ospf-all.mcast.net> <http://ospf-all.mcast.net>: OSPFv2, Hello, length 44 > Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0) > Options [External] > Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 > Designated Router 10.29.0.1 > 08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none], proto OSPF (89), length 72) > 10.29.0.8 > ospf-all.mcast.net <http://ospf-all.mcast.net> <http://ospf-all.mcast.net>: OSPFv2, Hello, length 52 > Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0) > Options [External] > Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 > Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 > Neighbor List: > 192.168.21.17 > 10.29.0.1 > 08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none], proto OSPF (89), length 72) > 10.29.0.4 > ospf-all.mcast.net <http://ospf-all.mcast.net> <http://ospf-all.mcast.net>: OSPFv2, Hello, length 52 > Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) > Options [External] > Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 > Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 > Neighbor List: > 192.168.21.1 > 10.29.0.1 > > Here the output from birdc show ospf neighbors on client: > > Router ID Pri State DTime Interface Router IP > 192.168.21.17 1 Full/DR 00:35 tun0 10.29.0.4 > 10.29.0.1 1 Init/Other 00:38 tun0 10.29.0.1 > > and finally my ospf-setup for every device: > > > protocol ospf myOSPFX { # X depending on device (1,2,3) > debug all; > import filter importAll; > export filter onlyLocalExport; > area 0.0.0.0 { > interface "tun0" { > cost 10; > type bcast; > stub no; > hello 10; > transmit delay 5; > wait 10; > dead 40; > }; > }; > } > > Do you have any idea, what I'm missing? > > > > > > > > > > > > > > > 2018-04-03 16:52 GMT+02:00 Chris Boot <lists@bootc.boo.tc <mailto:lists@bootc.boo.tc> <mailto:lists@bootc.boo.tc <mailto:lists@bootc.boo.tc>>>: > > [re-sending to the list with the correct From address] > > Hi, > > You should be able to do this with 'topology subnet' on your server end. > It doesn't work with net30 (the default) or p2p, but I can confirm that > OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'. > > I think there are issues with IPv6 on tun links with respect to > multicast, so you may struggle to get OSPFv3 working, but I haven't had > to do that yet. > > HTH, > Chris > > On 03/04/18 15:34, dawid k wrote: > > Therefore I tried running ospf in broadcast mode as well, but then it > > changed automatically: > > > > <WARN> myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp > > > > I tried the tap-Interface and it's working (or at least the neighbours > > were detected) but as said, my system has to use tun and I cannot change > > it. So there is propably no solution for such settings. I will try bgp > > instead. Thank you for your help. > > > > 2018-04-03 16:18 GMT+02:00 Ondrej Zajicek <santiago@crfreenet.org <mailto:santiago@crfreenet.org> <mailto:santiago@crfreenet.org <mailto:santiago@crfreenet.org>> > > <mailto:santiago@crfreenet.org <mailto:santiago@crfreenet.org> <mailto:santiago@crfreenet.org <mailto:santiago@crfreenet.org>>>>: > > > > On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote: > > > OpenVPN won’t do multicast over TUN, only TAP. > > > > Well, that would be silly from OpenVPN. But tcpdump output from Dawid K > > shows that multicast packets are propagated throught TUN: > > > > > 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto OSPF (89), length 64) > > > server > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44 > > > Router-ID repo.traffic.local, Backbone Area, Authentication Type: none (0) > > > Options [External] > > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1 > > > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto OSPF (89), length 64) > > > 10.29.0.6 > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44 > > > Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0) > > > Options [External] > > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1 > > > > -- > > Elen sila lumenn' omentielvo > > > > Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org <mailto:santiago@crfreenet.org> <mailto:santiago@crfreenet.org <mailto:santiago@crfreenet.org>> > > <mailto:santiago@crfreenet.org <mailto:santiago@crfreenet.org> <mailto:santiago@crfreenet.org <mailto:santiago@crfreenet.org>>>) > > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, > > wwwkeys.pgp.net <http://wwwkeys.pgp.net> <http://wwwkeys.pgp.net> <http://wwwkeys.pgp.net>) > > "To err is human -- to blame it on a computer is even more so." > > > > > > > -- > Chris Boot > bootc@boo.tc <mailto:bootc@boo.tc> <mailto:bootc@boo.tc <mailto:bootc@boo.tc>> > > -- > Chris Boot > bootc@boo.tc <mailto:bootc@boo.tc> <mailto:bootc@boo.tc <mailto:bootc@boo.tc>> > > >
On Wed, Apr 04, 2018 at 11:35:03AM +0200, dawid k wrote:
2018-04-04 10:59 GMT+02:00 Jan Maria Matejka <jan.matejka@nic.cz>:
Hello,
please could you enable 'debug all' for the ospf protocol at server? It should tell you whether it receives the packets and what is it doing with them.
It is enabled, Here the logs:
no received packets, but with tcpdump on server I can see, that all devices are sending hello messages:
Hello That is interesting, It is possible that there is some problem with multicast on OpenVPN, as mentioned by Michael McConnell, but not in the sense of multicast transmit (which works as seen by tcpdump), but multicast delivery to userspace sockets (so BIRD does not get them). One workaround would be to use NBMA interface type in BIRD OSPF. That uses just unicast, so perhaps there would not be this problem. See 'type nbma' OSPF option. Then you have to use 'neighbors' option to specify client IPs on server and at least server IP (marked 'eligible') on clients and set priority to 0 on clients. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
2018-04-04 12:31 GMT+02:00 Ondrej Zajicek <santiago@crfreenet.org>:
On Wed, Apr 04, 2018 at 11:35:03AM +0200, dawid k wrote:
2018-04-04 10:59 GMT+02:00 Jan Maria Matejka <jan.matejka@nic.cz>:
Hello,
please could you enable 'debug all' for the ospf protocol at server? It should tell you whether it receives the packets and what is it doing with them.
It is enabled, Here the logs:
no received packets, but with tcpdump on server I can see, that all devices are sending hello messages:
Hello
That is interesting, It is possible that there is some problem with multicast on OpenVPN, as mentioned by Michael McConnell, but not in the sense of multicast transmit (which works as seen by tcpdump), but multicast delivery to userspace sockets (so BIRD does not get them).
One workaround would be to use NBMA interface type in BIRD OSPF. That uses just unicast, so perhaps there would not be this problem. See 'type nbma' OSPF option. Then you have to use 'neighbors' option to specify client IPs on server and at least server IP (marked 'eligible') on clients and set priority to 0 on clients.
Thank you for your help, but it is still not working.
I tried the nmba connection between one client and server with following settings: client: interface "tun0" { cost 10; type nbma; strict nonbroadcast yes; #tried with disabled as well stub no; hello 10; transmit delay 5; wait 10; dead 40; priority 0; neighbors { 10.29.0.1 eligible; #server's IP }; }; server interface "tun0" { cost 10; type nbma; strict nonbroadcast yes; stub no; hello 10; transmit delay 5; wait 10; dead 40; neighbors { 10.26.0.4; # client's IP }; }; There are no error messages in logs only the info: HELLO packet sent via tun0. I started tcpdump -v -s 0 proto ospf -i tun0 now on both client and server and there is no traffic at all. The routes are set properly and ping is working. I tried ptp as well with similar result. Im using iptables, but for the test I deactivated it. I have no idea, why tcpdump shows no traffic. I suppose, that there is an issue with OpenVPN, what Michael McConnel and others mentioned.
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hello, I got the server to work. The issue was, that I didn't disable iptables correct. Now two client and the server are exchanging own routes. I connected to one client another one over a router and the router is connected to the ospf-network as well. But somehow I cannot contact the new client from the first client or even from the server. Iptables are surely disabled now. My current setting client3 192.168.30.2 (eth) | | 192.168.30.1 (eth) routerA 192.168.21.5 (eth) | | 192.168.21.1 (eth) client2 10.29.0.8 (tun) | | 10.29.0.1 (tun) Server 10.29.0.1 (tun) | | 10.29.0.4 (tun) client1 192.168.21.17 (eth) I ran following commands on client1 route -n (routes with metric 12 are set by bird) Destination Gateway Genmask Flags Metric Ref Use Iface 10.29.0.0 0.0.0.0 255.255.252.0 U 0 0 0 tun0 WWWWW 0.0.0.0 255.255.255.252 U 0 0 0 eth1 XXXXXXX 0.0.0.0 255.255.255.255 UH 1024 0 0 eth1 192.168.21.0 10.29.0.8 255.255.255.240 UG 12 0 0 tun0 192.168.21.16 0.0.0.0 255.255.255.240 U 0 0 0 eth0 192.168.30.0 10.29.0.8 255.255.255.240 UG 12 0 0 tun0 traceroute 192.168.21.3 traceroute to 192.168.21.3 (192.168.21.3), 30 hops max, 38 byte packets 1 10.29.0.8 (10.29.0.8) 101.192 ms 111.038 ms 116.587 ms 2 192.168.21.3 (192.168.21.3) 102.448 ms 72.160 ms 100.151 ms traceroute 192.168.30.1 traceroute to 192.168.30.1 (192.168.30.1), 30 hops max, 38 byte packets 1 server(10.29.0.1) 128.053 ms 128.731 ms 117.244 ms 2 *^C (no response) and the server: route -n (routes with metric 17 are set by bird) Ziel Router Genmask Flags Metric Ref Use Iface 192.168.21.16 10.29.0.4 255.255.255.240 UG 17 0 0 tun0 192.168.21.0 10.29.0.8 255.255.255.240 UG 17 0 0 tun0 192.168.30.0 10.29.0.8 255.255.255.240 UG 17 0 0 tun0 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.29.0.0 0.0.0.0 255.255.252.0 U 0 0 0 tun0 ZZZZZZZZ 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 traceroute 192.168.21.3 traceroute to 192.168.21.3 (192.168.21.3), 30 hops max, 60 byte packets 1 10.29.0.8 (10.29.0.8) 40.352 ms 96.659 ms 96.643 ms 2 192.168.21.3 (192.168.21.3) 96.625 ms 96.606 ms 96.586 ms traceroute 192.168.30.1 no responce As you can see in route -n, the server has a valid route to 192.168.30.0 Do you have any idea, what I'm missing now? I guess that's the "tricky party", mentioned by Micheal McConnell. 2018-04-04 13:54 GMT+02:00 dawid k <tookie009smieci@gmail.com>:
2018-04-04 12:31 GMT+02:00 Ondrej Zajicek <santiago@crfreenet.org>:
On Wed, Apr 04, 2018 at 11:35:03AM +0200, dawid k wrote:
2018-04-04 10:59 GMT+02:00 Jan Maria Matejka <jan.matejka@nic.cz>:
Hello,
please could you enable 'debug all' for the ospf protocol at server? It should tell you whether it receives the packets and what is it doing with them.
It is enabled, Here the logs:
no received packets, but with tcpdump on server I can see, that all devices are sending hello messages:
Hello
That is interesting, It is possible that there is some problem with multicast on OpenVPN, as mentioned by Michael McConnell, but not in the sense of multicast transmit (which works as seen by tcpdump), but multicast delivery to userspace sockets (so BIRD does not get them).
One workaround would be to use NBMA interface type in BIRD OSPF. That uses just unicast, so perhaps there would not be this problem. See 'type nbma' OSPF option. Then you have to use 'neighbors' option to specify client IPs on server and at least server IP (marked 'eligible') on clients and set priority to 0 on clients.
Thank you for your help, but it is still not working.
I tried the nmba connection between one client and server with following settings:
client:
interface "tun0" { cost 10; type nbma; strict nonbroadcast yes; #tried with disabled as well stub no; hello 10; transmit delay 5; wait 10; dead 40; priority 0; neighbors { 10.29.0.1 eligible; #server's IP }; };
server interface "tun0" { cost 10; type nbma; strict nonbroadcast yes; stub no; hello 10; transmit delay 5; wait 10; dead 40; neighbors { 10.26.0.4; # client's IP }; };
There are no error messages in logs only the info: HELLO packet sent via tun0. I started tcpdump -v -s 0 proto ospf -i tun0 now on both client and server and there is no traffic at all. The routes are set properly and ping is working. I tried ptp as well with similar result. Im using iptables, but for the test I deactivated it. I have no idea, why tcpdump shows no traffic. I suppose, that there is an issue with OpenVPN, what Michael McConnel and others mentioned.
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hello Dawid, I fought with this one for some time, I did get it working with OpenVPN but threw it out in favor of Tinc in the end… Here is are the couple gotchas I ran into for OenVPN; 1. Use tap instead of tun 2. Ensure you have an interface (show interfaces) If you do not have interfaces on the “client side” add; protocol device { scan time 10; } The tricky part after getting OSPF online was actually getting anything to route… but that is for later (; Cheers, Mike -- Michael McConnell WINK Streaming; email: michael@winkstreaming.com toll free: 877-GO-4-WINK x 7400 direct: +1 312 281-5434 cell: +506 8706-2389 skype: wink-michael web: http://winkstreaming.com
On Mar 29, 2018, at 7:02 AM, dawid k <tookie009smieci@gmail.com> wrote:
Here my configuration (client):
ifconfig tun0: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.29.0.10 P-t-P:10.29.0.9 Mask:255.255.255.255
bird_ospf.conf (included in bird.conf) :
protocol ospf myOSPF { area 0.0.0.0 { interface "tun0" { cost 10; type ptp; stub no; hello 10; transmit delay 5; wait 10; dead 40; neighbors { 10.29.0.1; }; }; };
tcpdump -v -XX proto ospf -i tun0 (confirmation, that hello messages are sent and received) :
12:59:03.143238 IP (tos 0xc0, ttl 1, id 15765, offset 0, flags [none], proto OSPF (89), length 64) 10.29.0.01 > 224.0.0.5 <http://224.0.0.5/>: OSPFv2, Hello, length 44 ... 12:59:09.157965 IP (tos 0xc0, ttl 1, id 59599, offset 0, flags [none], proto OSPF (89), length 64) 10.29.0.10 > 224.0.0.5 <http://224.0.0.5/>: OSPFv2, Hello, length 44
The server is using similar configuration. It differs only by IP(10.29.0.1) and router-ID.
2018-03-29 13:37 GMT+02:00 dawid k <tookie009smieci@gmail.com <mailto:tookie009smieci@gmail.com>>: I'm trying to set up pretty simply configuration consisting of two linux machines connected over tun-interface created by OpenVPN.
The VPN-connection is working fine - I can send data over this interface. Now I installed bird and configured ospf on both devices. I can see that both bird instances are sending hello packets on tun-interface however no one of them is getting the message.
I can see with tcpdump, that every device is getting the hello-message. However they are not forwarded to bird or bird just ignores them.
I tried my setup over cabel with eth0-interface and everything is working fine. Right now every machine is advertising just one example static network. I will focus on correct advertising later after I connect those two instances.
The tun0 interface is working in type ptp and the netmask is 255.255.255.255. Do you have any idea what's wrong?
Thanks for every input, tookie009
participants (5)
-
Chris Boot -
dawid k -
Jan Maria Matejka -
Michael McConnell -
Ondrej Zajicek