I have added the iptables rule and still there is no Phase 3 connection.
iptables -A FORWARD -i gre1 -o gre1 \
-m hashlimit --hashlimit-upto 4/minute --hashlimit-burst 1 \
--hashlimit-mode srcip,dstip --hashlimit-srcmask 16 --hashlimit-dstmask 16 \
--hashlimit-name loglimit-0 -j NFLOG --nflog-group 1 --nflog-range 128
--
Peter Barton
--------- Original Message --------- Subject: Re: [opennhrp-devel] Quagga-NHRP
From: "Timo Teras" <timo.te...@iki.fi>
Date: 5/27/16 12:17 am
To: pbar...@netprotec.com
Cc: opennhrp-devel@lists.sourceforge.net
On Thu, 26 May 2016 20:14:49 -0700
pbar...@netprotec.com wrote:
> I emailed this to the quagga-users list but I was not sure where you
> would want it so I copied it here as well.
>
> I have working through the Dynamic Multipoint VPN (DMVPN) Phase 3
> with Quagga NHRPd and I have successfully configured a Hub and 2
> Spokes. I am able to nail up two IPSEC encrypted GRE tunnels between
> Spoke1 -> Hub and Spoke2 -> Hub. BGP is sharing all routes between
> all 3 points. However, when I attempt to connect between
> Spoke1-Spoke2 Phase 3 never occurs and no direct tunnel is even
> attempted to connect.
Did you configure the iptables rule on hub required for the redirect
notifications?
See:
http://git.alpinelinux.org/cgit/user/tteras/quagga/tree/nhrpd/README.nhrpd?h=nhrp#n85
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
opennhrp-devel mailing list
opennhrp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
