Re: ospfd and L2VPN routes

Sat, 01 Mar 2014 18:25:27 -0800 

On Sat, Mar 01, 2014 at 01:48:06PM +0900, YASUOKA Masahiko wrote:
> > on the other side? Right now it looks like the client is setting a
> > route to 10.0.0.0/8 across the tunnel, that should actually be
> > 10.128.0.0/16, would setting the netmask in npppd-users fix that remote
> > route? Can I set the netmask but still let the client get a dynamic IP?
> 
> My answer was wrong.  Assigning statically or netmask to the client is
> not related the ospf problem, I'm sorry.

No worries, I appreciate the help :). I tried setting the netmask in
npppd-users, that didn't change the /8 route the iPhone client set. From
a little investigation, it doesn't look like there's any way to set the
client netmask for the l2tp vpn route? The client just does whatever it
wants it seems, whether to just assume a class based route (/8 in the
case of my 10.128 address) or some seem to just assume a /24 8-/. You'd
think defining the client netmask would be part of the protocol, but
unless I'm missing something, I guess it's not.

> npppd set a /32 route for a VPN client and delete it when the link
> down.
> 
> > Isn't each instance of pppx for the VPN a /32 route to the remote
> > IP?
> 
> You had 16 /32 routes.  Don't you mean you had 32 VPN clients
> actually, right?

I only had one or two test clients connected at a time. But it looks
like ospfd picks up the route when a VPN client connects, but then
doesn't drop it when it disconnects, so the routes pile up.

After reloading the fib with no vpn clients, there are no /32 routes:

# ospfctl  fib reload                                                   
reload request sent.

# ospfctl show fib | grep 120

I connect a client and a route shows up (but isn't advertised to the other
ospf connected routers):

# ospfctl show fib | grep 120
          4 10.128.120.109/32    10.128.120.1

I disconnect the client, it's still there:

# ospfctl show fib | grep 120
          4 10.128.120.109/32    10.128.120.1

I reconnect the client, it receives a different IP, and there are now
two routes:

# ospfctl show fib | grep 120
          4 10.128.120.109/32    10.128.120.1
          4 10.128.120.155/32    10.128.120.1

Disconnect, still two routes:

# ospfctl show fib | grep 120
          4 10.128.120.109/32    10.128.120.1
          4 10.128.120.155/32    10.128.120.1

Definitely something not quite right with ospfd and npppd l2tp vpns.

Thanks...

Reply via email to