After figuring out my issue and DMVPN working as expected in my lab, I decided
to increase the complexity to real world situations by putting one spoke behind
a firewall and relying on NAT. This still worked perfectly and ipsec tunnels
connected with no issue. However, when I placed the second spoke behind a
firewall with NAT I have not been able to complete the ipsec tunnel connection.
Before I start providing configurations and logs I was wondering if there was a
simple answer to this, I have searched strongswan forums and opennhrp and have
found nothing to tell me that this should or should not work.
Thanks,
--
Peter Barton
--------- Original Message --------- Subject: Re: [opennhrp-devel] Quagga-NHRP
From: pbar...@netprotec.com
Date: 5/28/16 9:38 am
To: "Timo Teras" <timo.te...@iki.fi>
Cc: opennhrp-devel@lists.sourceforge.net
I figured my problem, I assumed that since "ip forwarding" was set inside
"vtysh" that it was also set for sysctl. I set net.ipv4.ip_forward=1 and
everything started working!
Thanks for the great product!.
--
Peter Barton
--------- Original Message --------- Subject: Re: [opennhrp-devel] Quagga-NHRP
From: "Timo Teras" <timo.te...@iki.fi>
Date: 5/27/16 12:17 am
To: pbar...@netprotec.com
Cc: opennhrp-devel@lists.sourceforge.net
On Thu, 26 May 2016 20:14:49 -0700
pbar...@netprotec.com wrote:
> I emailed this to the quagga-users list but I was not sure where you
> would want it so I copied it here as well.
>
> I have working through the Dynamic Multipoint VPN (DMVPN) Phase 3
> with Quagga NHRPd and I have successfully configured a Hub and 2
> Spokes. I am able to nail up two IPSEC encrypted GRE tunnels between
> Spoke1 -> Hub and Spoke2 -> Hub. BGP is sharing all routes between
> all 3 points. However, when I attempt to connect between
> Spoke1-Spoke2 Phase 3 never occurs and no direct tunnel is even
> attempted to connect.
Did you configure the iptables rule on hub required for the redirect
notifications?
See:
http://git.alpinelinux.org/cgit/user/tteras/quagga/tree/nhrpd/README.nhrpd?h=nhrp#n85
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.
https://ad.doubleclick.net/ddm/clk/305295220;132659582;e_______________________________________________
opennhrp-devel mailing list opennhrp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
opennhrp-devel mailing list
opennhrp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
