Cannot connect two ospf-instances over tun-interface
dawid k
tookie009smieci at gmail.com
Wed Apr 4 11:35:03 CEST 2018
2018-04-04 10:59 GMT+02:00 Jan Maria Matejka <jan.matejka at nic.cz>:
> Hello,
>
> please could you enable 'debug all' for the ospf protocol at server?
> It should tell you whether it receives the packets and what is it doing
> with them.
>
It is enabled, Here the logs:
2018-04-04 11:22:42 <TRACE> myOSPF3: Initializing
2018-04-04 11:22:42 <TRACE> myOSPF3: Starting
2018-04-04 11:22:42 <TRACE> myOSPF3: Adding area 0.0.0.0
2018-04-04 11:22:42 <TRACE> myOSPF3: Connected to table master
2018-04-04 11:22:42 <TRACE> myOSPF3: State changed to feed
2018-04-04 11:22:42 <TRACE> myOSPF3 < added 1.1.1.1/32 via 192.168.20.94 on
eth0
2018-04-04 11:22:42 <TRACE> myOSPF3: Originating LSA: Type: 4005, Id:
1.1.1.1, Rt: 10.29.0.1, Seq: 80000001
2018-04-04 11:22:42 <INFO> Started
2018-04-04 11:22:42 <TRACE> myOSPF3 < interface lo goes up
2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address 127.0.0.0/8 on
interface lo added
2018-04-04 11:22:42 <TRACE> myOSPF3 < interface eth0 goes up
2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address 192.168.20.0/24 on
interface eth0 added
2018-04-04 11:22:42 <TRACE> myOSPF3 < interface tun0 goes up
2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address 10.29.0.0/22 on
interface tun0 added
2018-04-04 11:22:42 <TRACE> myOSPF3: Adding interface tun0 (10.29.0.0/22)
to area 0.0.0.0
2018-04-04 11:22:42 <TRACE> myOSPF3 < added 1.1.1.1/32 via 192.168.20.94 on
eth0
2018-04-04 11:22:42 <TRACE> myOSPF3: State changed to up
2018-04-04 11:22:42 <ERR> KRT: Received route 1.1.1.1/32 with strange
next-hop 192.168.20.94
2018-04-04 11:22:42 <ERR> KRT: Received route 1.1.1.1/32 with strange
next-hop 192.168.20.94
2018-04-04 11:22:42 <ERR> KRT: Received route 10.29.0.0/20 with strange
next-hop 10.29.0.1
2018-04-04 11:22:42 <WARN> Netlink: File exists
2018-04-04 11:22:42 <TRACE> myOSPF3: Interface tun0 changed state from Down
to Waiting
2018-04-04 11:22:42 <TRACE> myOSPF3: HELLO packet sent via tun0
2018-04-04 11:22:43 <TRACE> myOSPF3: Updating router state for area 0.0.0.0
2018-04-04 11:22:43 <TRACE> myOSPF3: Originating LSA: Type: 2001, Id:
10.29.0.1, Rt: 10.29.0.1, Seq: 80000001
2018-04-04 11:22:43 <TRACE> myOSPF3: Scheduling routing table calculation
2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation
2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for
area 0.0.0.0
2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for
inter-area (area 0.0.0.0)
2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for
ext routes
2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table synchronisation
2018-04-04 11:22:43 <TRACE> myOSPF3 > added [best] 10.29.0.0/22 dev tun0
2018-04-04 11:22:43 <TRACE> myOSPF3 < rejected by protocol 10.29.0.0/22 dev
tun0
2018-04-04 11:22:52 <TRACE> myOSPF3: HELLO packet sent via tun0
2018-04-04 11:22:52 <TRACE> myOSPF3: Wait timer fired on tun0
2018-04-04 11:22:52 <TRACE> myOSPF3: Interface tun0 changed state from
Waiting to DR
2018-04-04 11:22:52 <TRACE> myOSPF3: Updating router state for area 0.0.0.0
no received packets, but with tcpdump on server I can see, that all devices
are sending hello messages:
11:18:26.328789 IP (tos 0xc0, ttl 1, id 15244, offset 0, flags [none],
proto OSPF (89), length 64)
10.29.0.1 (that's the server) > ospf-all.mcast.net: OSPFv2, Hello,
length 44
Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)
Options [External]
Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
Designated Router 10.29.0.1
11:18:31.408140 IP (tos 0xc0, ttl 1, id 62511, offset 0, flags [none],
proto OSPF (89), length 72)
10.29.0.8 > ospf-all.mcast.net: OSPFv2, Hello, length 52
Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0)
Options [External]
Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
Neighbor List:
192.168.21.17
10.29.0.1
11:18:31.741169 IP (tos 0xc0, ttl 1, id 55888, offset 0, flags [none],
proto OSPF (89), length 72)
10.29.0.4 > ospf-all.mcast.net: OSPFv2, Hello, length 52
Router-ID 192.168.21.17, Backbone Area, Authentication Type: none
(0)
Options [External]
Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
Neighbor List:
192.168.21.1
10.29.0.1
The issue is, that the server cannot leave the init state. The clients see
each other.
on client:
birdc show ospf neighbors
BIRD 1.6.3 ready.
myOSPF2:
Router ID Pri State DTime Interface Router IP
192.168.20.54 1 Full/DR 00:36 eth0 192.168.21.22
192.168.21.1 1 Full/BDR 00:32 tun0 10.29.0.8
10.29.0.1 1 Init/Other 00:37 tun0 10.29.0.1
>
> OpenVPN in TUN mode does quite strange things with routing. Have you tried
> routing by static routes first (to see whether it works or not)?
>
> Example:
>
> Server has 10.29.0.1/30 (peer 10.29.0.2).
> Client A has 10.29.0.5/30 (peer 10.29.0.6) and 172.30.5.0/24 on other
> iface.
> Client B has 10.29.0.9/30 (peer 10.29.0.10) and 172.30.9.0/24 on other
> iface.
>
> Have you managed to add a route on Client A that would route traffic
> to 172.30.9.0/24? (If yes, please tell me, I also need something like
> that.)
>
>
Yes, such settings is working even dynamically. I added a real router
between two clients so, that there are now two possible ways (vpn and
cable) to each client and both are working after disconnected the second
connection.
Now I would like to ping a client from server over another client :
server ------ (tun0) ----> client ------- (eth0) ------> client
But on the server bird cannot communicate and add routes form neighbours.
> Now I overcome these problems by several GRE (or GRETAP) tunnels over the
> VPN,
> these are real PtP links and also routing works over them quite well.
>
> M.
>
> On 04/04/2018 10:29 AM, dawid k wrote:
> > Additional info:
> >
> > bird show ospf state on server:
> >
> > area 0.0.0.0
> >
> > router 10.29.0.1
> > distance 0
> > stubnet 10.29.0.0/22 <http://10.29.0.0/22> metric 10
> > external 1.1.1.1/32 <http://1.1.1.1/32> metric 33
> > external 10.29.0.0/22 <http://10.29.0.0/22> metric 33
> >
> > I wonder, why my netowrk is marked as stubnet. I defined in config stub
> no. I suppose, that's the problem, but how can I avoid this ?
> >
> > bird show ospf state on first client :
> >
> > router 192.168.21.17
> > distance 20
> > network 192.168.21.16/28 <http://192.168.21.16/28>
> metric 5
> > network 10.29.0.0/22 <http://10.29.0.0/22> metric 10
> #ethernet
> > external 192.168.9.17/32 <http://192.168.9.17/32>
> metric2 10000 via 192.168.21.25 #static
> >
> > network
> > ......
> >
> >
> >
> >
> > 2018-04-04 8:59 GMT+02:00 dawid k <tookie009smieci at gmail.com <mailto:
> tookie009smieci at gmail.com>>:
> >
> > Hi Chris,
> >
> > Thank you for your advice, I got a little bit forward.
> >
> > I expended my topology with another pc - another vpn client - and I
> got these two vpn clients working, but somehow I cannot get the server to
> work properly. The server remains always in state Init/Other.
> >
> > I can see with tcpdump, that every pc is sending the hello-message,
> but the server is missing the neighbor list:
> >
> >
> > 08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags
> [none], proto OSPF (89), length 64)
> > server > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2,
> Hello, length 44
> > Router-ID 10.29.0.1, Backbone Area, Authentication Type:
> none (0)
> > Options [External]
> > Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0,
> Priority 1
> > Designated Router 10.29.0.1
> > 08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags
> [none], proto OSPF (89), length 72)
> > 10.29.0.8 > ospf-all.mcast.net <http://ospf-all.mcast.net>:
> OSPFv2, Hello, length 52
> > Router-ID 192.168.21.1, Backbone Area, Authentication Type:
> none (0)
> > Options [External]
> > Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0,
> Priority 1
> > Designated Router 10.29.0.4, Backup Designated Router
> 10.29.0.8
> > Neighbor List:
> > 192.168.21.17
> > 10.29.0.1
> > 08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags
> [none], proto OSPF (89), length 72)
> > 10.29.0.4 > ospf-all.mcast.net <http://ospf-all.mcast.net>:
> OSPFv2, Hello, length 52
> > Router-ID 192.168.21.17, Backbone Area, Authentication Type:
> none (0)
> > Options [External]
> > Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0,
> Priority 1
> > Designated Router 10.29.0.4, Backup Designated Router
> 10.29.0.8
> > Neighbor List:
> > 192.168.21.1
> > 10.29.0.1
> >
> > Here the output from birdc show ospf neighbors on client:
> >
> > Router ID Pri State DTime Interface Router IP
> > 192.168.21.17 1 Full/DR 00:35 tun0 10.29.0.4
> > 10.29.0.1 1 Init/Other 00:38 tun0 10.29.0.1
> >
> > and finally my ospf-setup for every device:
> >
> >
> > protocol ospf myOSPFX { # X depending on device (1,2,3)
> > debug all;
> > import filter importAll;
> > export filter onlyLocalExport;
> > area 0.0.0.0 {
> > interface "tun0" {
> > cost 10;
> > type bcast;
> > stub no;
> > hello 10;
> > transmit delay 5;
> > wait 10;
> > dead 40;
> > };
> > };
> > }
> >
> > Do you have any idea, what I'm missing?
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > 2018-04-03 16:52 GMT+02:00 Chris Boot <lists at bootc.boo.tc <mailto:
> lists at bootc.boo.tc>>:
> >
> > [re-sending to the list with the correct From address]
> >
> > Hi,
> >
> > You should be able to do this with 'topology subnet' on your
> server end.
> > It doesn't work with net30 (the default) or p2p, but I can
> confirm that
> > OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'.
> >
> > I think there are issues with IPv6 on tun links with respect to
> > multicast, so you may struggle to get OSPFv3 working, but I
> haven't had
> > to do that yet.
> >
> > HTH,
> > Chris
> >
> > On 03/04/18 15:34, dawid k wrote:
> > > Therefore I tried running ospf in broadcast mode as well, but
> then it
> > > changed automatically:
> > >
> > > <WARN> myOSPF3: Cannot use interface tun0 as broadcast,
> forcing ptp
> > >
> > > I tried the tap-Interface and it's working (or at least the
> neighbours
> > > were detected) but as said, my system has to use tun and I
> cannot change
> > > it. So there is propably no solution for such settings. I will
> try bgp
> > > instead. Thank you for your help.
> > >
> > > 2018-04-03 16:18 GMT+02:00 Ondrej Zajicek <
> santiago at crfreenet.org <mailto:santiago at crfreenet.org>
> > > <mailto:santiago at crfreenet.org <mailto:santiago at crfreenet.org
> >>>:
> > >
> > > On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael
> McConnell wrote:
> > > > OpenVPN won’t do multicast over TUN, only TAP.
> > >
> > > Well, that would be silly from OpenVPN. But tcpdump output
> from Dawid K
> > > shows that multicast packets are propagated throught TUN:
> > >
> > > > 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0,
> flags [none], proto OSPF (89), length 64)
> > > > server > 224.0.0.5 <http://224.0.0.5>: OSPFv2,
> Hello, length 44
> > > > Router-ID repo.traffic.local, Backbone Area,
> Authentication Type: none (0)
> > > > Options [External]
> > > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0,
> Priority 1
> > > > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0,
> flags [none], proto OSPF (89), length 64)
> > > > 10.29.0.6 > 224.0.0.5 <http://224.0.0.5>: OSPFv2,
> Hello, length 44
> > > > Router-ID 192.168.21.17, Backbone Area,
> Authentication Type: none (0)
> > > > Options [External]
> > > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0,
> Priority 1
> > >
> > > --
> > > Elen sila lumenn' omentielvo
> > >
> > > Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org
> <mailto:santiago at crfreenet.org>
> > > <mailto:santiago at crfreenet.org <mailto:
> santiago at crfreenet.org>>)
> > > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3,
> > > wwwkeys.pgp.net <http://wwwkeys.pgp.net> <
> http://wwwkeys.pgp.net>)
> > > "To err is human -- to blame it on a computer is even more
> so."
> > >
> > >
> >
> >
> > --
> > Chris Boot
> > bootc at boo.tc <mailto:bootc at boo.tc>
> >
> > --
> > Chris Boot
> > bootc at boo.tc <mailto:bootc at boo.tc>
> >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20180404/c0061b52/attachment.html>
More information about the Bird-users
mailing list