Hi Chris,
Thank you for your advice, I got a little bit forward.
I expended my topology with another pc - another vpn client - and I got
these two vpn clients working, but somehow I cannot get the server to work
properly. The server remains always in state Init/Other.
I can see with tcpdump, that every pc is sending the hello-message, but the
server is missing the neighbor list:
08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none],
proto OSPF (89), length 64)
server > ospf-all.mcast.net: OSPFv2, Hello, length 44
Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)
Options [External]
Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
Designated Router 10.29.0.1
08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none], proto
OSPF (89), length 72)
10.29.0.8 > ospf-all.mcast.net: OSPFv2, Hello, length 52
Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0)
Options [External]
Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
Neighbor List:
192.168.21.17
10.29.0.1
08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none], proto
OSPF (89), length 72)
10.29.0.4 > ospf-all.mcast.net: OSPFv2, Hello, length 52
Router-ID 192.168.21.17, Backbone Area, Authentication Type: none
(0)
Options [External]
Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
Neighbor List:
192.168.21.1
10.29.0.1
Here the output from birdc show ospf neighbors on client:
Router ID Pri State DTime Interface Router IP
192.168.21.17 1 Full/DR 00:35 tun0 10.29.0.4
10.29.0.1 1 Init/Other 00:38 tun0 10.29.0.1
and finally my ospf-setup for every device:
protocol ospf myOSPFX { # X depending on device (1,2,3)
debug all;
import filter importAll;
export filter onlyLocalExport;
area 0.0.0.0 {
interface "tun0" {
cost 10;
type bcast;
stub no;
hello 10;
transmit delay 5;
wait 10;
dead 40;
};
};
}
Do you have any idea, what I'm missing?
2018-04-03 16:52 GMT+02:00 Chris Boot <li...@bootc.boo.tc>:
> [re-sending to the list with the correct From address]
>
> Hi,
>
> You should be able to do this with 'topology subnet' on your server end.
> It doesn't work with net30 (the default) or p2p, but I can confirm that
> OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'.
>
> I think there are issues with IPv6 on tun links with respect to
> multicast, so you may struggle to get OSPFv3 working, but I haven't had
> to do that yet.
>
> HTH,
> Chris
>
> On 03/04/18 15:34, dawid k wrote:
> > Therefore I tried running ospf in broadcast mode as well, but then it
> > changed automatically:
> >
> > <WARN> myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp
> >
> > I tried the tap-Interface and it's working (or at least the neighbours
> > were detected) but as said, my system has to use tun and I cannot change
> > it. So there is propably no solution for such settings. I will try bgp
> > instead. Thank you for your help.
> >
> > 2018-04-03 16:18 GMT+02:00 Ondrej Zajicek <santi...@crfreenet.org
> > <mailto:santi...@crfreenet.org>>:
> >
> > On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote:
> > > OpenVPN won’t do multicast over TUN, only TAP.
> >
> > Well, that would be silly from OpenVPN. But tcpdump output from
> Dawid K
> > shows that multicast packets are propagated throught TUN:
> >
> > > 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags
> [none], proto OSPF (89), length 64)
> > > server > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, length
> 44
> > > Router-ID repo.traffic.local, Backbone Area,
> Authentication Type: none (0)
> > > Options [External]
> > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
> > > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags
> [none], proto OSPF (89), length 64)
> > > 10.29.0.6 > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello,
> length 44
> > > Router-ID 192.168.21.17, Backbone Area, Authentication
> Type: none (0)
> > > Options [External]
> > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
> >
> > --
> > Elen sila lumenn' omentielvo
> >
> > Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org
> > <mailto:santi...@crfreenet.org>)
> > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3,
> > wwwkeys.pgp.net <http://wwwkeys.pgp.net>)
> > "To err is human -- to blame it on a computer is even more so."
> >
> >
>
>
> --
> Chris Boot
> bo...@boo.tc
>
> --
> Chris Boot
> bo...@boo.tc
>
