Cannot connect two ospf-instances over tun-interface

dawid k tookie009smieci at gmail.com
Wed Apr 4 10:29:40 CEST 2018


Additional info:

bird show ospf state on server:

area 0.0.0.0

        router 10.29.0.1
                distance 0
                stubnet 10.29.0.0/22 metric 10
                external 1.1.1.1/32 metric 33
                external 10.29.0.0/22 metric 33

I wonder, why my netowrk is marked as stubnet. I defined in config stub no.
I suppose, that's the problem, but how can I avoid this ?

bird show ospf state on first client :

     router 192.168.21.17
                distance 20
                network 192.168.21.16/28 metric 5
                network 10.29.0.0/22 metric 10 #ethernet
                external 192.168.9.17/32 metric2 10000 via 192.168.21.25
#static

    network
          ......




2018-04-04 8:59 GMT+02:00 dawid k <tookie009smieci at gmail.com>:

> Hi Chris,
>
> Thank you for your advice, I got a little bit forward.
>
> I expended my topology with another pc - another vpn client - and I got
> these two vpn clients working, but somehow I cannot get the server to work
> properly. The server remains always in state  Init/Other.
>
> I can see with tcpdump, that every pc is sending the hello-message, but
> the server is missing the neighbor list:
>
>
> 08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none],
> proto OSPF (89), length 64)
> server > ospf-all.mcast.net: OSPFv2, Hello, length 44
>         Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)
>         Options [External]
>           Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>           Designated Router 10.29.0.1
> 08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none],
> proto OSPF (89), length 72)
>     10.29.0.8 > ospf-all.mcast.net: OSPFv2, Hello, length 52
>         Router-ID 192.168.21.1, Backbone Area, Authentication Type: none
> (0)
>         Options [External]
>           Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>           Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
>           Neighbor List:
>             192.168.21.17
>             10.29.0.1
> 08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none],
> proto OSPF (89), length 72)
>     10.29.0.4 > ospf-all.mcast.net: OSPFv2, Hello, length 52
>         Router-ID 192.168.21.17, Backbone Area, Authentication Type: none
> (0)
>         Options [External]
>           Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>           Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
>           Neighbor List:
>             192.168.21.1
>             10.29.0.1
>
> Here the output from  birdc show ospf neighbors on client:
>
> Router ID       Pri          State      DTime   Interface  Router IP
> 192.168.21.17     1     Full/DR         00:35   tun0       10.29.0.4
> 10.29.0.1         1     Init/Other      00:38   tun0       10.29.0.1
>
> and finally my ospf-setup for every device:
>
>
> protocol ospf myOSPFX { # X depending on device (1,2,3)
>         debug all;
>         import filter importAll;
>         export filter onlyLocalExport;
>         area 0.0.0.0 {
>                 interface "tun0" {
>                         cost 10;
>                         type  bcast;
>                         stub no;
>                         hello 10;
>                         transmit delay 5;
>                         wait 10;
>                         dead 40;
>                  };
>        };
> }
>
> Do you have any idea, what I'm missing?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> 2018-04-03 16:52 GMT+02:00 Chris Boot <lists at bootc.boo.tc>:
>
>> [re-sending to the list with the correct From address]
>>
>> Hi,
>>
>> You should be able to do this with 'topology subnet' on your server end.
>> It doesn't work with net30 (the default) or p2p, but I can confirm that
>> OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'.
>>
>> I think there are issues with IPv6 on tun links with respect to
>> multicast, so you may struggle to get OSPFv3 working, but I haven't had
>> to do that yet.
>>
>> HTH,
>> Chris
>>
>> On 03/04/18 15:34, dawid k wrote:
>> > Therefore I tried running ospf in broadcast mode as well, but then it
>> > changed automatically:
>> >
>> > <WARN> myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp
>> >
>> > I tried the tap-Interface and it's working (or at least the neighbours
>> > were detected) but as said, my system has to use tun and I cannot change
>> > it. So there is propably no solution for such settings. I will try bgp
>> > instead. Thank you for your help.
>> >
>> > 2018-04-03 16:18 GMT+02:00 Ondrej Zajicek <santiago at crfreenet.org
>> > <mailto:santiago at crfreenet.org>>:
>> >
>> >     On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote:
>> >     > OpenVPN won’t do multicast over TUN, only TAP.
>> >
>> >     Well, that would be silly from OpenVPN. But tcpdump output from
>> Dawid K
>> >     shows that multicast packets are propagated throught TUN:
>> >
>> >     > 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags
>> [none], proto OSPF (89), length 64)
>> >     >     server > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length
>> 44
>> >     >         Router-ID repo.traffic.local, Backbone Area,
>> Authentication Type: none (0)
>> >     >         Options [External]
>> >     >           Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority
>> 1
>> >     > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags
>> [none], proto OSPF (89), length 64)
>> >     >     10.29.0.6 > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello,
>> length 44
>> >     >         Router-ID 192.168.21.17, Backbone Area, Authentication
>> Type: none (0)
>> >     >         Options [External]
>> >     >           Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority
>> 1
>> >
>> >     --
>> >     Elen sila lumenn' omentielvo
>> >
>> >     Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org
>> >     <mailto:santiago at crfreenet.org>)
>> >     OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3,
>> >     wwwkeys.pgp.net <http://wwwkeys.pgp.net>)
>> >     "To err is human -- to blame it on a computer is even more so."
>> >
>> >
>>
>>
>> --
>> Chris Boot
>> bootc at boo.tc
>>
>> --
>> Chris Boot
>> bootc at boo.tc
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20180404/b247cd0f/attachment.html>


More information about the Bird-users mailing list