On 2009-05-29, Stuart Henderson <[email protected]> wrote: > > OSPF over gre's or gif's (which can then themselves be protected by > ipsec) is probably the fastest option at present on OpenBSD.
Hrmm. And then I try it... Does anyone actually have this working and if so would they mind sharing config? I'm seeing the hellos go out the physical interface rather than the gre. # tcpdump -nivr0 -vv proto ospf 13:00:18.661860 85.158.44.158 > 224.0.0.5: OSPFv2-hello 44: rtrid 85.158.44.149 backbone auth MD5 E mask 255.255.255.255 int 1 pri 1 dead 4 nbrs [tos 0xc0] [ttl 1] (id 53330, len 80) 13:00:19.672022 85.158.44.158 > 224.0.0.5: OSPFv2-hello 44: rtrid 85.158.44.149 backbone auth MD5 E mask 255.255.255.255 int 1 pri 1 dead 4 nbrs [tos 0xc0] [ttl 1] (id 23013, len 80) 13:00:20.682184 85.158.44.158 > 224.0.0.5: OSPFv2-hello 44: rtrid 85.158.44.149 backbone auth MD5 E mask 255.255.255.255 int 1 pri 1 dead 4 nbrs [tos 0xc0] [ttl 1] (id 23179, len 80) 13:00:21.692350 85.158.44.158 > 224.0.0.5: OSPFv2-hello 44: rtrid 85.158.44.149 backbone auth MD5 E mask 255.255.255.255 int 1 pri 1 dead 4 nbrs [tos 0xc0] [ttl 1] (id 60275, len 80) # tcpdump -nigre0 -vv proto ospf <nothing> The gre itself is fine, I can ping over it and the packets show up correctly on gre0, and also correctly on vr0 marked with "(gre encap)". It's correct (per RFC2328 8.1) that AllSPFRouters is used rather than the tunnel endpoint addresses even on point-to-point.
