Hello all, I am trying to establish OSPF over OpenVPN without any luck. The client side always turns up with no neighbours. I’ve tried pointtopoint and exclusively listing my neighbours all with no luck. I originally was using the tun interface and switched to tap hoping that would help, but still nothing. Below are my configurations, does anyone see anything obvious that I am missing? Thanks so much for your time and thoughts! === show ospf ospf1: RFC1583 compatibility: disabled Stub router: No RT scheduler tick: 1 Number of areas: 1 Number of LSAs in DB: 1 Area: 0.0.0.0 (0) [BACKBONE] Stub: No NSSA: No Transit: No Number of interfaces: 0 Number of neighbors: 0 Number of adjacent neighbors: 0 Server === protocol ospf { import all; export filter { ospf_metric1 = 1000; if source = RTS_STATIC then accept; else reject; }; area 0 { networks { 10.40.32.0/24; 10.10.10.32/27; }; interface "bond1" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; }; interface "tap*" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; }; interface "*" { cost 1000; stub; #type pointopoint; }; }; Client === protocol ospf { import all; export filter { ospf_metric1 = 1000; if source = RTS_STATIC then accept; else reject; }; area 0 { networks { 10.40.32.0/24; 10.10.10.32/27; }; interface "bond1" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; }; interface "tap*" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password "boogers"; }; interface "*" { cost 1000; stub; #type pointopoint; }; }; -- Michael McConnell WINK Streaming; email: michael@winkstreaming.com toll free: 877-GO-4-WINK x 7400 direct: +1 312 281-5434 cell: +506 8706-2389 skype: wink-michael web: http://winkstreaming.com
Are you tried to use nbma for interface tap? 2018-03-21 22:08 GMT+01:00 Michael McConnell <michael@winkstreaming.com>:
Hello all,
I am trying to establish OSPF over OpenVPN without any luck. The client side always turns up with no neighbours. I’ve tried pointtopoint and exclusively listing my neighbours all with no luck.
I originally was using the tun interface and switched to tap hoping that would help, but still nothing.
Below are my configurations, does anyone see anything obvious that I am missing?
Thanks so much for your time and thoughts!
=== show ospf ospf1: RFC1583 compatibility: disabled Stub router: No RT scheduler tick: 1 Number of areas: 1 Number of LSAs in DB: 1 Area: 0.0.0.0 (0) [BACKBONE] Stub: No NSSA: No Transit: No Number of interfaces: 0 Number of neighbors: 0 Number of adjacent neighbors: 0
Server ===
protocol ospf { import all; export filter { ospf_metric1 = 1000; if source = RTS_STATIC then accept; else reject; }; area 0 { networks { 10.40.32.0/24; 10.10.10.32/27; };
interface "bond1" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; };
interface "tap*" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; };
interface "*" { cost 1000; stub; #type pointopoint; };
};
Client === protocol ospf { import all; export filter { ospf_metric1 = 1000; if source = RTS_STATIC then accept; else reject; }; area 0 { networks { 10.40.32.0/24; 10.10.10.32/27; };
interface "bond1" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; }; interface "tap*" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password "boogers"; };
interface "*" { cost 1000; stub; #type pointopoint; }; };
-- Michael McConnell WINK Streaming; email: michael@winkstreaming.com toll free: 877-GO-4-WINK x 7400 direct: +1 312 281-5434 cell: +506 8706-2389 skype: wink-michael web: http://winkstreaming.com
I’ve also tried with pointtopoint and declared my neighors under the tap interface and made it pointtopoint without success; interface "tap*" { type pointopoint; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; neighbors { 10.10.10.34; }; };
On Mar 21, 2018, at 3:08 PM, Michael McConnell <michael@winkstreaming.com> wrote:
Hello all,
I am trying to establish OSPF over OpenVPN without any luck. The client side always turns up with no neighbours. I’ve tried pointtopoint and exclusively listing my neighbours all with no luck.
I originally was using the tun interface and switched to tap hoping that would help, but still nothing.
Below are my configurations, does anyone see anything obvious that I am missing?
Thanks so much for your time and thoughts!
=== show ospf ospf1: RFC1583 compatibility: disabled Stub router: No RT scheduler tick: 1 Number of areas: 1 Number of LSAs in DB: 1 Area: 0.0.0.0 (0) [BACKBONE] Stub: No NSSA: No Transit: No Number of interfaces: 0 Number of neighbors: 0 Number of adjacent neighbors: 0
Server ===
protocol ospf { import all; export filter { ospf_metric1 = 1000; if source = RTS_STATIC then accept; else reject; }; area 0 { networks { 10.40.32.0/24; 10.10.10.32/27; };
interface "bond1" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; };
interface "tap*" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; };
interface "*" { cost 1000; stub; #type pointopoint; };
};
Client === protocol ospf { import all; export filter { ospf_metric1 = 1000; if source = RTS_STATIC then accept; else reject; }; area 0 { networks { 10.40.32.0/24; 10.10.10.32/27; };
interface "bond1" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; }; interface "tap*" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password "boogers"; };
interface "*" { cost 1000; stub; #type pointopoint; }; };
-- Michael McConnell WINK Streaming; email: michael@winkstreaming.com toll free: 877-GO-4-WINK x 7400 direct: +1 312 281-5434 cell: +506 8706-2389 skype: wink-michael web: http://winkstreaming.com
Hello, Based on the output you provided, it appears BIRD/OSPF is not seeing your interfaces? In BIRD CLI, if you compare "show interfaces" with "show ospf interfaces" do you see any difference? I am using a very basic config (only defining cost) for each OpenVPN tun interface I am using, and its working over here. bird.conf: protocol ospf SlothNet { rfc1583compat yes; area 0.0.0.0 { networks { 172.22.150.64/26; 172.23.158.64/26; }; stub no; interface "tun-node43" { cost 20; }; interface "tun-node69" { cost 180; }; interface "tun-node96" { cost 70; }; interface "tun-node28" { cost 130; }; interface "eth1" { cost 10; }; interface "lo" { stub; }; }; } bird output: bird> show ospf SlothNet: RFC1583 compatibility: enabled Stub router: No RT scheduler tick: 1 Number of areas: 1 Number of LSAs in DB: 4 Area: 0.0.0.0 (0) [BACKBONE] Stub: No NSSA: No Transit: No Number of interfaces: 8 Number of neighbors: 3 Number of adjacent neighbors: 3 Area networks: 172.22.150.64/26 Advertise 172.23.158.64/26 Advertise /Charles van Niman On Wed, Mar 21, 2018 at 4:32 PM, Michael McConnell < michael@winkstreaming.com> wrote:
I’ve also tried with pointtopoint and declared my neighors under the tap interface and made it pointtopoint without success;
interface "tap*" { type pointopoint; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; neighbors { 10.10.10.34; };
};
On Mar 21, 2018, at 3:08 PM, Michael McConnell <michael@winkstreaming.com> wrote:
Hello all,
I am trying to establish OSPF over OpenVPN without any luck. The client side always turns up with no neighbours. I’ve tried pointtopoint and exclusively listing my neighbours all with no luck.
I originally was using the tun interface and switched to tap hoping that would help, but still nothing.
Below are my configurations, does anyone see anything obvious that I am missing?
Thanks so much for your time and thoughts!
=== show ospf ospf1: RFC1583 compatibility: disabled Stub router: No RT scheduler tick: 1 Number of areas: 1 Number of LSAs in DB: 1 Area: 0.0.0.0 (0) [BACKBONE] Stub: No NSSA: No Transit: No Number of interfaces: 0 Number of neighbors: 0 Number of adjacent neighbors: 0
Server ===
protocol ospf { import all; export filter { ospf_metric1 = 1000; if source = RTS_STATIC then accept; else reject; }; area 0 { networks { 10.40.32.0/24; 10.10.10.32/27; };
interface "bond1" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; };
interface "tap*" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; };
interface "*" { cost 1000; stub; #type pointopoint; };
};
Client === protocol ospf { import all; export filter { ospf_metric1 = 1000; if source = RTS_STATIC then accept; else reject; }; area 0 { networks { 10.40.32.0/24; 10.10.10.32/27; };
interface "bond1" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; }; interface "tap*" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password "boogers"; };
interface "*" { cost 1000; stub; #type pointopoint; }; };
-- Michael McConnell WINK Streaming; email: michael@winkstreaming.com <michael@winkstreaming.com> toll free: 877-GO-4-WINK x 7400 direct: +1 312 281-5434 <(312)%20281-5434> cell: +506 8706-2389 <+506%208706%202389> skype: wink-michael web: http://winkstreaming.com
Thank you very much, it looks like that is the issue on the client side of the VPN connection. "show interfaces” returns nothing, which seems odd… Now to figure out why that is the case… Thanks again, Mike -- Michael McConnell WINK Streaming; email: michael@winkstreaming.com toll free: 877-GO-4-WINK x 7400 direct: +1 312 281-5434 cell: +506 8706-2389 skype: wink-michael web: http://winkstreaming.com
On Mar 21, 2018, at 5:15 PM, Charles van Niman <charles@phukish.com> wrote:
Hello,
Based on the output you provided, it appears BIRD/OSPF is not seeing your interfaces? In BIRD CLI, if you compare "show interfaces" with "show ospf interfaces" do you see any difference? I am using a very basic config (only defining cost) for each OpenVPN tun interface I am using, and its working over here.
bird.conf:
protocol ospf SlothNet { rfc1583compat yes; area 0.0.0.0 { networks { 172.22.150.64/26 <http://172.22.150.64/26>; 172.23.158.64/26 <http://172.23.158.64/26>; }; stub no; interface "tun-node43" { cost 20; }; interface "tun-node69" { cost 180; }; interface "tun-node96" { cost 70; }; interface "tun-node28" { cost 130; }; interface "eth1" { cost 10; }; interface "lo" { stub; }; }; }
bird output:
bird> show ospf SlothNet: RFC1583 compatibility: enabled Stub router: No RT scheduler tick: 1 Number of areas: 1 Number of LSAs in DB: 4 Area: 0.0.0.0 (0) [BACKBONE] Stub: No NSSA: No Transit: No Number of interfaces: 8 Number of neighbors: 3 Number of adjacent neighbors: 3 Area networks: 172.22.150.64/26 <http://172.22.150.64/26> Advertise 172.23.158.64/26 <http://172.23.158.64/26> Advertise
/Charles van Niman
On Wed, Mar 21, 2018 at 4:32 PM, Michael McConnell <michael@winkstreaming.com <mailto:michael@winkstreaming.com>> wrote: I’ve also tried with pointtopoint and declared my neighors under the tap interface and made it pointtopoint without success;
interface "tap*" { type pointopoint; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; neighbors { 10.10.10.34; };
};
On Mar 21, 2018, at 3:08 PM, Michael McConnell <michael@winkstreaming.com <mailto:michael@winkstreaming.com>> wrote:
Hello all,
I am trying to establish OSPF over OpenVPN without any luck. The client side always turns up with no neighbours. I’ve tried pointtopoint and exclusively listing my neighbours all with no luck.
I originally was using the tun interface and switched to tap hoping that would help, but still nothing.
Below are my configurations, does anyone see anything obvious that I am missing?
Thanks so much for your time and thoughts!
=== show ospf ospf1: RFC1583 compatibility: disabled Stub router: No RT scheduler tick: 1 Number of areas: 1 Number of LSAs in DB: 1 Area: 0.0.0.0 (0) [BACKBONE] Stub: No NSSA: No Transit: No Number of interfaces: 0 Number of neighbors: 0 Number of adjacent neighbors: 0
Server ===
protocol ospf { import all; export filter { ospf_metric1 = 1000; if source = RTS_STATIC then accept; else reject; }; area 0 { networks { 10.40.32.0/24 <http://10.40.32.0/24>; 10.10.10.32/27 <http://10.10.10.32/27>; };
interface "bond1" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; };
interface "tap*" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; };
interface "*" { cost 1000; stub; #type pointopoint; };
};
Client === protocol ospf { import all; export filter { ospf_metric1 = 1000; if source = RTS_STATIC then accept; else reject; }; area 0 { networks { 10.40.32.0/24 <http://10.40.32.0/24>; 10.10.10.32/27 <http://10.10.10.32/27>; };
interface "bond1" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password “boogers"; }; interface "tap*" { type broadcast; cost 5; hello 5; wait 10; dead 25; authentication cryptographic; password "boogers"; };
interface "*" { cost 1000; stub; #type pointopoint; }; };
-- Michael McConnell WINK Streaming; email: michael@winkstreaming.com <mailto:michael@winkstreaming.com> toll free: 877-GO-4-WINK x 7400 direct: +1 312 281-5434 <tel:(312)%20281-5434> cell: +506 8706-2389 <tel:+506%208706%202389> skype: wink-michael web: http://winkstreaming.com <http://winkstreaming.com/>
On Wed, Mar 21, 2018 at 05:38:33PM -0600, Michael McConnell wrote:
Thank you very much, it looks like that is the issue on the client side of the VPN connection. "show interfaces” returns nothing, which seems odd…
Do you have protocol 'device' in BIRD config? BTW, you do not need 'networks' in OSPF config if you have just one OSPF area. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
I do. I tried varations of the device field without luck. Out of frustration and switch the setup to use BGP which does work, but ideally I will switch back to OSPF... On jue, 2018-03-22 at 12:18 +0100, Ondrej Zajicek wrote:
On Wed, Mar 21, 2018 at 05:38:33PM -0600, Michael McConnell wrote:
Thank you very much, it looks like that is the issue on the client side of the VPN connection. "show interfaces” returns nothing, which seems odd…
Do you have protocol 'device' in BIRD config?
BTW, you do not need 'networks' in OSPF config if you have just one OSPF area.
On 03/22/2018 08:59 PM, Michael McConnell wrote:
I do. I tried varations of the device field without luck. Out of frustration and switch the setup to use BGP which does work, but ideally I will switch back to OSPF...
Have you tried capturing the packets by tcpdump to see whether you get OSPF Hello's from the other site and whether you send them? This should help disambiguating between network issue and BIRD config issue. The next step may be switching on the debug options in BIRD config for OSPF protocol to see what is happening there. M.
participants (5)
-
Charles van Niman -
Jan Maria Matejka -
Michael McConnell -
Ondrej Zajicek -
Piotrek S.