OpenVPN-Server as Bird-Router
Hello, I have some issues runinng a few Bird-instances, where two border PC's are connected over a VPN-Connection. The image below shows the setting: clientA 192.168.30.2 (eth) |//|//192.168.30.1 (eth) routerA 192.168.21.5 (eth) |//|//192.168.21.1 (eth) clientB 10.29.0.8 (tun) |//|//10.29.0.1 (tun) Server 10.29.0.1 (tun) |//|//10.29.0.4 (tun) clientC 192.168.21.17 (eth) Now running route -n on ClientC gives following result: route -n (routes with metric 12 are set by bird) Destination Gateway Genmask Flags Metric Ref Use Iface 10.29.0.0 0.0.0.0 255.255.252.0 U 0 0 0 tun0 WWWWW 0.0.0.0 255.255.255.252 U 0 0 0 eth1 XXXXXXX 0.0.0.0 255.255.255.255 UH 1024 0 0 eth1 192.168.21.0 10.29.0.8 255.255.255.240 UG 12 0 0 tun0 192.168.21.16 0.0.0.0 255.255.255.240 U 0 0 0 eth0 192.168.30.0 10.29.0.8 255.255.255.240 UG 12 0 0 tun0 On Server: Ziel Router Genmask Flags Metric Ref Use Iface 192.168.21.16 10.29.0.4 255.255.255.240 UG 17 0 0 tun0 192.168.21.0 10.29.0.8 255.255.255.240 UG 17 0 0 tun0 192.168.30.0 10.29.0.8 255.255.255.240 UG 17 0 0 tun0 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.29.0.0 0.0.0.0 255.255.252.0 U 0 0 0 tun0 ZZZZZZZZ 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 With /birdc show ospf neighbors / I can see on each router everyone else, so the initialization is done correctly but somehow data packages aren't transferred correctly. There are no invalid iptables rules nor any other firewall is set. Regards Dawid
Ensure the MTU is set correctly on the tunX interfaces. Verify with „ping -M do -s xxxx <peer-address>“ that your tunnels can carry the „promised“ amount of bytes as indicated by interface MTU. 😉☝🏻🤓 Clemens PS: xxxx = Interface-MTU -28 -- Von einem Mobiltelefon gesendet. Bitte die Kürze entschuldigen. Sent from a mobile phone. Please excuse brevity.
Am 02.08.2018 um 20:46 schrieb Dawid Kulesza <4002225@ba-glauchau.de>:
Hello, I have some issues runinng a few Bird-instances, where two border PC's are connected over a VPN-Connection. The image below shows the setting:
clientA 192.168.30.2 (eth) | | 192.168.30.1 (eth) routerA 192.168.21.5 (eth) | | 192.168.21.1 (eth) clientB 10.29.0.8 (tun) | | 10.29.0.1 (tun) Server 10.29.0.1 (tun) | | 10.29.0.4 (tun) clientC 192.168.21.17 (eth)
Now running route -n on ClientC gives following result:
route -n (routes with metric 12 are set by bird)
Destination Gateway Genmask Flags Metric Ref Use Iface 10.29.0.0 0.0.0.0 255.255.252.0 U 0 0 0 tun0 WWWWW 0.0.0.0 255.255.255.252 U 0 0 0 eth1 XXXXXXX 0.0.0.0 255.255.255.255 UH 1024 0 0 eth1 192.168.21.0 10.29.0.8 255.255.255.240 UG 12 0 0 tun0 192.168.21.16 0.0.0.0 255.255.255.240 U 0 0 0 eth0 192.168.30.0 10.29.0.8 255.255.255.240 UG 12 0 0 tun0
On Server: Ziel Router Genmask Flags Metric Ref Use Iface 192.168.21.16 10.29.0.4 255.255.255.240 UG 17 0 0 tun0 192.168.21.0 10.29.0.8 255.255.255.240 UG 17 0 0 tun0 192.168.30.0 10.29.0.8 255.255.255.240 UG 17 0 0 tun0 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.29.0.0 0.0.0.0 255.255.252.0 U 0 0 0 tun0 ZZZZZZZZ 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
With
birdc show ospf neighbors
I can see on each router everyone else, so the initialization is done correctly but somehow data packages aren't transferred correctly. There are no invalid iptables rules nor any other firewall is set.
Regards
Dawid
Hello Dawid, On the OpenVPN server you have enabled the setting that different clients can communicate with each other? By default OpenVPN stops seperate clients from seeing each other. Kind regards, Cybertinus On 2018-08-02 20:46, Dawid Kulesza wrote:
Hello,
I have some issues runinng a few Bird-instances, where two border PC's are connected over a VPN-Connection. The image below shows the setting:
clientA 192.168.30.2 (eth) | | 192.168.30.1 (eth) routerA 192.168.21.5 (eth) | | 192.168.21.1 (eth) clientB 10.29.0.8 (tun) | | 10.29.0.1 (tun) Server 10.29.0.1 (tun) | | 10.29.0.4 (tun) clientC 192.168.21.17 (eth)
Now running route -n on ClientC gives following result:
route -n (routes with metric 12 are set by bird) Destination Gateway Genmask Flags Metric Ref Use Iface 10.29.0.0 0.0.0.0 255.255.252.0 U 0 0 0 tun0 WWWWW 0.0.0.0 255.255.255.252 U 0 0 0 eth1 XXXXXXX 0.0.0.0 255.255.255.255 UH 1024 0 0 eth1 192.168.21.0 10.29.0.8 255.255.255.240 UG 12 0 0 tun0 192.168.21.16 0.0.0.0 255.255.255.240 U 0 0 0 eth0 192.168.30.0 10.29.0.8 255.255.255.240 UG 12 0 0 tun0 On Server: Ziel Router Genmask Flags Metric Ref Use Iface 192.168.21.16 10.29.0.4 255.255.255.240 UG 17 0 0 tun0 192.168.21.0 10.29.0.8 255.255.255.240 UG 17 0 0 tun0 192.168.30.0 10.29.0.8 255.255.255.240 UG 17 0 0 tun0 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.29.0.0 0.0.0.0 255.255.252.0 U 0 0 0 tun0 ZZZZZZZZ 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
With
_birdc show ospf neighbors _
I can see on each router everyone else, so the initialization is done correctly but somehow data packages aren't transferred correctly. There are no invalid iptables rules nor any other firewall is set.
Regards
Dawid
participants (3)
-
Clemens Schrimpe -
Cybertinus -
Dawid Kulesza