Hello, please could you enable 'debug all' for the ospf protocol at server? It should tell you whether it receives the packets and what is it doing with them.
OpenVPN in TUN mode does quite strange things with routing. Have you tried routing by static routes first (to see whether it works or not)? Example: Server has 10.29.0.1/30 (peer 10.29.0.2). Client A has 10.29.0.5/30 (peer 10.29.0.6) and 172.30.5.0/24 on other iface. Client B has 10.29.0.9/30 (peer 10.29.0.10) and 172.30.9.0/24 on other iface. Have you managed to add a route on Client A that would route traffic to 172.30.9.0/24? (If yes, please tell me, I also need something like that.) Now I overcome these problems by several GRE (or GRETAP) tunnels over the VPN, these are real PtP links and also routing works over them quite well. M. On 04/04/2018 10:29 AM, dawid k wrote: > Additional info: > > bird show ospf state on server: > > area 0.0.0.0 > > router 10.29.0.1 > distance 0 > stubnet 10.29.0.0/22 <http://10.29.0.0/22> metric 10 > external 1.1.1.1/32 <http://1.1.1.1/32> metric 33 > external 10.29.0.0/22 <http://10.29.0.0/22> metric 33 > > I wonder, why my netowrk is marked as stubnet. I defined in config stub no. I > suppose, that's the problem, but how can I avoid this ? > > bird show ospf state on first client : > > router 192.168.21.17 > distance 20 > network 192.168.21.16/28 <http://192.168.21.16/28> metric 5 > network 10.29.0.0/22 <http://10.29.0.0/22> metric 10 #ethernet > external 192.168.9.17/32 <http://192.168.9.17/32> metric2 > 10000 via 192.168.21.25 #static > > network > ...... > > > > > 2018-04-04 8:59 GMT+02:00 dawid k <tookie009smi...@gmail.com > <mailto:tookie009smi...@gmail.com>>: > > Hi Chris, > > Thank you for your advice, I got a little bit forward. > > I expended my topology with another pc - another vpn client - and I got > these two vpn clients working, but somehow I cannot get the server to work > properly. The server remains always in state Init/Other. > > I can see with tcpdump, that every pc is sending the hello-message, but > the server is missing the neighbor list: > > > 08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none], > proto OSPF (89), length 64) > server > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, Hello, > length 44 > Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0) > Options [External] > Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 > Designated Router 10.29.0.1 > 08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none], > proto OSPF (89), length 72) > 10.29.0.8 > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, > Hello, length 52 > Router-ID 192.168.21.1, Backbone Area, Authentication Type: none > (0) > Options [External] > Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 > Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 > Neighbor List: > 192.168.21.17 > 10.29.0.1 > 08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none], > proto OSPF (89), length 72) > 10.29.0.4 > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, > Hello, length 52 > Router-ID 192.168.21.17, Backbone Area, Authentication Type: none > (0) > Options [External] > Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1 > Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8 > Neighbor List: > 192.168.21.1 > 10.29.0.1 > > Here the output from birdc show ospf neighbors on client: > > Router ID Pri State DTime Interface Router IP > 192.168.21.17 1 Full/DR 00:35 tun0 10.29.0.4 > 10.29.0.1 1 Init/Other 00:38 tun0 10.29.0.1 > > and finally my ospf-setup for every device: > > > protocol ospf myOSPFX { # X depending on device (1,2,3) > debug all; > import filter importAll; > export filter onlyLocalExport; > area 0.0.0.0 { > interface "tun0" { > cost 10; > type bcast; > stub no; > hello 10; > transmit delay 5; > wait 10; > dead 40; > }; > }; > } > > Do you have any idea, what I'm missing? > > > > > > > > > > > > > > > 2018-04-03 16:52 GMT+02:00 Chris Boot <li...@bootc.boo.tc > <mailto:li...@bootc.boo.tc>>: > > [re-sending to the list with the correct From address] > > Hi, > > You should be able to do this with 'topology subnet' on your server > end. > It doesn't work with net30 (the default) or p2p, but I can confirm > that > OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'. > > I think there are issues with IPv6 on tun links with respect to > multicast, so you may struggle to get OSPFv3 working, but I haven't > had > to do that yet. > > HTH, > Chris > > On 03/04/18 15:34, dawid k wrote: > > Therefore I tried running ospf in broadcast mode as well, but then > it > > changed automatically: > > > > <WARN> myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp > > > > I tried the tap-Interface and it's working (or at least the > neighbours > > were detected) but as said, my system has to use tun and I cannot > change > > it. So there is propably no solution for such settings. I will try > bgp > > instead. Thank you for your help. > > > > 2018-04-03 16:18 GMT+02:00 Ondrej Zajicek <santi...@crfreenet.org > <mailto:santi...@crfreenet.org> > > <mailto:santi...@crfreenet.org <mailto:santi...@crfreenet.org>>>: > > > > On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell > wrote: > > > OpenVPN won’t do multicast over TUN, only TAP. > > > > Well, that would be silly from OpenVPN. But tcpdump output from > Dawid K > > shows that multicast packets are propagated throught TUN: > > > > > 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, > flags [none], proto OSPF (89), length 64) > > > server > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, > length 44 > > > Router-ID repo.traffic.local, Backbone Area, > Authentication Type: none (0) > > > Options [External] > > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, > Priority 1 > > > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, > flags [none], proto OSPF (89), length 64) > > > 10.29.0.6 > 224.0.0.5 <http://224.0.0.5>: OSPFv2, Hello, > length 44 > > > Router-ID 192.168.21.17, Backbone Area, > Authentication Type: none (0) > > > Options [External] > > > Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, > Priority 1 > > > > -- > > Elen sila lumenn' omentielvo > > > > Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org > <mailto:santi...@crfreenet.org> > > <mailto:santi...@crfreenet.org <mailto:santi...@crfreenet.org>>) > > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, > > wwwkeys.pgp.net <http://wwwkeys.pgp.net> > <http://wwwkeys.pgp.net>) > > "To err is human -- to blame it on a computer is even more so." > > > > > > > -- > Chris Boot > bo...@boo.tc <mailto:bo...@boo.tc> > > -- > Chris Boot > bo...@boo.tc <mailto:bo...@boo.tc> > > >
