Cannot connect two ospf-instances over tun-interface
Jan Maria Matejka
jan.matejka at nic.cz
Wed Apr 4 12:11:00 CEST 2018
Hmmm ... will try it on my own network some time this week.
If I don't send any report until Monday (April 9th), please ping me.
M.
On 04/04/2018 11:35 AM, dawid k wrote:
>
>
> 2018-04-04 10:59 GMT+02:00 Jan Maria Matejka <jan.matejka at nic.cz <mailto:jan.matejka at nic.cz>>:
>
> Hello,
>
> please could you enable 'debug all' for the ospf protocol at server?
> It should tell you whether it receives the packets and what is it doing
> with them.
>
>
> It is enabled, Here the logs:
>
>
> 2018-04-04 11:22:42 <TRACE> myOSPF3: Initializing
> 2018-04-04 11:22:42 <TRACE> myOSPF3: Starting
> 2018-04-04 11:22:42 <TRACE> myOSPF3: Adding area 0.0.0.0
> 2018-04-04 11:22:42 <TRACE> myOSPF3: Connected to table master
> 2018-04-04 11:22:42 <TRACE> myOSPF3: State changed to feed
> 2018-04-04 11:22:42 <TRACE> myOSPF3 < added 1.1.1.1/32 <http://1.1.1.1/32> via 192.168.20.94 on eth0
> 2018-04-04 11:22:42 <TRACE> myOSPF3: Originating LSA: Type: 4005, Id: 1.1.1.1, Rt: 10.29.0.1, Seq: 80000001
> 2018-04-04 11:22:42 <INFO> Started
> 2018-04-04 11:22:42 <TRACE> myOSPF3 < interface lo goes up
> 2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address 127.0.0.0/8 <http://127.0.0.0/8> on interface lo added
> 2018-04-04 11:22:42 <TRACE> myOSPF3 < interface eth0 goes up
> 2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address 192.168.20.0/24 <http://192.168.20.0/24> on interface eth0 added
> 2018-04-04 11:22:42 <TRACE> myOSPF3 < interface tun0 goes up
> 2018-04-04 11:22:42 <TRACE> myOSPF3 < primary address 10.29.0.0/22 <http://10.29.0.0/22> on interface tun0 added
> 2018-04-04 11:22:42 <TRACE> myOSPF3: Adding interface tun0 (10.29.0.0/22 <http://10.29.0.0/22>) to area 0.0.0.0
> 2018-04-04 11:22:42 <TRACE> myOSPF3 < added 1.1.1.1/32 <http://1.1.1.1/32> via 192.168.20.94 on eth0
> 2018-04-04 11:22:42 <TRACE> myOSPF3: State changed to up
> 2018-04-04 11:22:42 <ERR> KRT: Received route 1.1.1.1/32 <http://1.1.1.1/32> with strange next-hop 192.168.20.94
> 2018-04-04 11:22:42 <ERR> KRT: Received route 1.1.1.1/32 <http://1.1.1.1/32> with strange next-hop 192.168.20.94
> 2018-04-04 11:22:42 <ERR> KRT: Received route 10.29.0.0/20 <http://10.29.0.0/20> with strange next-hop 10.29.0.1
> 2018-04-04 11:22:42 <WARN> Netlink: File exists
> 2018-04-04 11:22:42 <TRACE> myOSPF3: Interface tun0 changed state from Down to Waiting
> 2018-04-04 11:22:42 <TRACE> myOSPF3: HELLO packet sent via tun0
> 2018-04-04 11:22:43 <TRACE> myOSPF3: Updating router state for area 0.0.0.0
> 2018-04-04 11:22:43 <TRACE> myOSPF3: Originating LSA: Type: 2001, Id: 10.29.0.1, Rt: 10.29.0.1, Seq: 80000001
> 2018-04-04 11:22:43 <TRACE> myOSPF3: Scheduling routing table calculation
> 2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation
> 2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for area 0.0.0.0
> 2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for inter-area (area 0.0.0.0)
> 2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table calculation for ext routes
> 2018-04-04 11:22:43 <TRACE> myOSPF3: Starting routing table synchronisation
> 2018-04-04 11:22:43 <TRACE> myOSPF3 > added [best] 10.29.0.0/22 <http://10.29.0.0/22> dev tun0
> 2018-04-04 11:22:43 <TRACE> myOSPF3 < rejected by protocol 10.29.0.0/22 <http://10.29.0.0/22> dev tun0
> 2018-04-04 11:22:52 <TRACE> myOSPF3: HELLO packet sent via tun0
> 2018-04-04 11:22:52 <TRACE> myOSPF3: Wait timer fired on tun0
> 2018-04-04 11:22:52 <TRACE> myOSPF3: Interface tun0 changed state from Waiting to DR
> 2018-04-04 11:22:52 <TRACE> myOSPF3: Updating router state for area 0.0.0.0
>
>
> no received packets, but with tcpdump on server I can see, that all devices are sending hello messages:
>
>
> 11:18:26.328789 IP (tos 0xc0, ttl 1, id 15244, offset 0, flags [none], proto OSPF (89), length 64)
> 10.29.0.1 (that's the server) > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, length 44
> Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)
> Options [External]
> Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
> Designated Router 10.29.0.1
> 11:18:31.408140 IP (tos 0xc0, ttl 1, id 62511, offset 0, flags [none], proto OSPF (89), length 72)
> 10.29.0.8 > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, length 52
> Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0)
> Options [External]
> Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
> Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
> Neighbor List:
> 192.168.21.17
> 10.29.0.1
> 11:18:31.741169 IP (tos 0xc0, ttl 1, id 55888, offset 0, flags [none], proto OSPF (89), length 72)
> 10.29.0.4 > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, length 52
> Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0)
> Options [External]
> Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
> Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
> Neighbor List:
> 192.168.21.1
> 10.29.0.1
>
>
> The issue is, that the server cannot leave the init state. The clients see each other.
>
> on client:
> birdc show ospf neighbors
> BIRD 1.6.3 ready.
> myOSPF2:
> Router ID Pri State DTime Interface Router IP
> 192.168.20.54 1 Full/DR 00:36 eth0 192.168.21.22
> 192.168.21.1 1 Full/BDR 00:32 tun0 10.29.0.8
> 10.29.0.1 1 Init/Other 00:37 tun0 10.29.0.1
>
>
>
>
>
>
> OpenVPN in TUN mode does quite strange things with routing. Have you tried
> routing by static routes first (to see whether it works or not)?
>
> Example:
>
> Server has 10.29.0.1/30 <http://10.29.0.1/30> (peer 10.29.0.2).
> Client A has 10.29.0.5/30 <http://10.29.0.5/30> (peer 10.29.0.6) and 172.30.5.0/24 <http://172.30.5.0/24> on other iface.
> Client B has 10.29.0.9/30 <http://10.29.0.9/30> (peer 10.29.0.10) and 172.30.9.0/24 <http://172.30.9.0/24> on other iface.
>
> Have you managed to add a route on Client A that would route traffic
> to 172.30.9.0/24 <http://172.30.9.0/24>? (If yes, please tell me, I also need something like that.)
>
>
> Yes, such settings is working even dynamically. I added a real router between two clients so, that there are now two possible ways (vpn and cable) to each client and both are working after disconnected the second connection.
>
> Now I would like to ping a client from server over another client : server ------ (tun0) ----> client ------- (eth0) ------> client
>
> But on the server bird cannot communicate and add routes form neighbours.
>
>
>
>
> Now I overcome these problems by several GRE (or GRETAP) tunnels over the VPN,
> these are real PtP links and also routing works over them quite well.
>
> M.
>
> On 04/04/2018 10:29 AM, dawid k wrote:
> > Additional info:
> >
> > bird show ospf state on server:
> >
> > area 0.0.0.0
> >
> > router 10.29.0.1
> > distance 0
> > stubnet 10.29.0.0/22 <http://10.29.0.0/22> <http://10.29.0.0/22> metric 10
> > external 1.1.1.1/32 <http://1.1.1.1/32> <http://1.1.1.1/32> metric 33
> > external 10.29.0.0/22 <http://10.29.0.0/22> <http://10.29.0.0/22> metric 33
> >
> > I wonder, why my netowrk is marked as stubnet. I defined in config stub no. I suppose, that's the problem, but how can I avoid this ?
> >
> > bird show ospf state on first client :
> >
> > router 192.168.21.17
> > distance 20
> > network 192.168.21.16/28 <http://192.168.21.16/28> <http://192.168.21.16/28> metric 5
> > network 10.29.0.0/22 <http://10.29.0.0/22> <http://10.29.0.0/22> metric 10 #ethernet
> > external 192.168.9.17/32 <http://192.168.9.17/32> <http://192.168.9.17/32> metric2 10000 via 192.168.21.25 #static
> >
> > network
> > ......
> >
> >
> >
> >
> > 2018-04-04 8:59 GMT+02:00 dawid k <tookie009smieci at gmail.com <mailto:tookie009smieci at gmail.com> <mailto:tookie009smieci at gmail.com <mailto:tookie009smieci at gmail.com>>>:
> >
> > Hi Chris,
> >
> > Thank you for your advice, I got a little bit forward.
> >
> > I expended my topology with another pc - another vpn client - and I got these two vpn clients working, but somehow I cannot get the server to work properly. The server remains always in state Init/Other.
> >
> > I can see with tcpdump, that every pc is sending the hello-message, but the server is missing the neighbor list:
> >
> >
> > 08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none], proto OSPF (89), length 64)
> > server > ospf-all.mcast.net <http://ospf-all.mcast.net> <http://ospf-all.mcast.net>: OSPFv2, Hello, length 44
> > Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)
> > Options [External]
> > Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
> > Designated Router 10.29.0.1
> > 08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none], proto OSPF (89), length 72)
> > 10.29.0.8 > ospf-all.mcast.net <http://ospf-all.mcast.net> <http://ospf-all.mcast.net>: OSPFv2, Hello, length 52
> > Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0)
> > Options [External]
> > Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
> > Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
> > Neighbor List:
> > 192.168.21.17
> > 10.29.0.1
> > 08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none], proto OSPF (89), length 72)
> > 10.29.0.4 > ospf-all.mcast.net <http://ospf-all.mcast.net> <http://ospf-all.mcast.net>: OSPFv2, Hello, length 52
> > Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0)
> > Options [External]
> > Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
> > Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
> > Neighbor List:
> > 192.168.21.1
> > 10.29.0.1
> >
> > Here the output from birdc show ospf neighbors on client:
> >
> > Router ID Pri State DTime Interface Router IP
> > 192.168.21.17 1 Full/DR 00:35 tun0 10.29.0.4
> > 10.29.0.1 1 Init/Other 00:38 tun0 10.29.0.1
> >
> > and finally my ospf-setup for every device:
> >
> >
> > protocol ospf myOSPFX { # X depending on device (1,2,3)
> > debug all;
> > import filter importAll;
> > export filter onlyLocalExport;
> > area 0.0.0.0 {
> > interface "tun0" {
> > cost 10;
> > type bcast;
> > stub no;
> > hello 10;
> > transmit delay 5;
> > wait 10;
> > dead 40;
> > };
> > };
> > }
> >
> > Do you have any idea, what I'm missing?
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > 2018-04-03 16:52 GMT+02:00 Chris Boot <lists at bootc.boo.tc <mailto:lists at bootc.boo.tc> <mailto:lists at bootc.boo.tc <mailto:lists at bootc.boo.tc>>>:
> >
> > [re-sending to the list with the correct From address]
> >
> > Hi,
> >
> > You should be able to do this with 'topology subnet' on your server end.
> > It doesn't work with net30 (the default) or p2p, but I can confirm that
> > OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'.
> >
> > I think there are issues with IPv6 on tun links with respect to
> > multicast, so you may struggle to get OSPFv3 working, but I haven't had
> > to do that yet.
> >
> > HTH,
> > Chris
> >
> > On 03/04/18 15:34, dawid k wrote:
> > > Therefore I tried running ospf in broadcast mode as well, but then it
> > > changed automatically:
> > >
> > > <WARN> myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp
> > >
> > > I tried the tap-Interface and it's working (or at least the neighbours
> > > were detected) but as said, my system has to use tun and I cannot change
> > > it. So there is propably no solution for such settings. I will try bgp
> > > instead. Thank you for your help.
> > >
> > > 2018-04-03 16:18 GMT+02:00 Ondrej Zajicek <santiago at crfreenet.org <mailto:santiago at crfreenet.org> <mailto:santiago at crfreenet.org <mailto:santiago at crfreenet.org>>
> > > <mailto:santiago at crfreenet.org <mailto:santiago at crfreenet.org> <mailto:santiago at crfreenet.org <mailto:santiago at crfreenet.org>>>>:
> > >
> > > On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote:
> > > > OpenVPN won’t do multicast over TUN, only TAP.
> > >
> > > Well, that would be silly from OpenVPN. But tcpdump output from Dawid K
> > > shows that multicast packets are propagated throught TUN:
> > >
> > > > 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto OSPF (89), length 64)
> > > > server > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44
> > > > Router-ID repo.traffic.local, Backbone Area, Authentication Type: none (0)
> > > > Options [External]
> > > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
> > > > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto OSPF (89), length 64)
> > > > 10.29.0.6 > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length 44
> > > > Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0)
> > > > Options [External]
> > > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
> > >
> > > --
> > > Elen sila lumenn' omentielvo
> > >
> > > Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org <mailto:santiago at crfreenet.org> <mailto:santiago at crfreenet.org <mailto:santiago at crfreenet.org>>
> > > <mailto:santiago at crfreenet.org <mailto:santiago at crfreenet.org> <mailto:santiago at crfreenet.org <mailto:santiago at crfreenet.org>>>)
> > > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3,
> > > wwwkeys.pgp.net <http://wwwkeys.pgp.net> <http://wwwkeys.pgp.net> <http://wwwkeys.pgp.net>)
> > > "To err is human -- to blame it on a computer is even more so."
> > >
> > >
> >
> >
> > --
> > Chris Boot
> > bootc at boo.tc <mailto:bootc at boo.tc> <mailto:bootc at boo.tc <mailto:bootc at boo.tc>>
> >
> > --
> > Chris Boot
> > bootc at boo.tc <mailto:bootc at boo.tc> <mailto:bootc at boo.tc <mailto:bootc at boo.tc>>
> >
> >
> >
>
>
More information about the Bird-users
mailing list