Hi there,
I've been dabbling with getting open NHRP working on Alpine linux
I followed the instructions here :
https://wiki.alpinelinux.org/wiki/Dynamic_Multipoint_VPN_(DMVPN)
I'm firstly getting error messages when its trying to register
On spoke:
Feb 2 23:06:51 SpokeWest daemon.info opennhrp[1909]: OpenNHRP 0.14.1
starting
Feb 2 23:06:51 SpokeWest daemon.info opennhrp[1909]: Interface lo:
configured UP, mtu=0
Feb 2 23:06:51 SpokeWest daemon.info opennhrp[1909]: Interface eth0:
configured UP, mtu=1500
Feb 2 23:06:51 SpokeWest daemon.info opennhrp[1909]: Interface eth1:
configured UP, mtu=1500
Feb 2 23:06:51 SpokeWest daemon.info opennhrp[1909]: Interface gre0:
config change, mtu=1476
Feb 2 23:06:51 SpokeWest daemon.info opennhrp[1909]: Interface gretap0:
config change, mtu=1462
Feb 2 23:06:51 SpokeWest daemon.info opennhrp[1909]: Interface gre1:
configured UP, mtu=1472
Feb 2 23:06:51 SpokeWest daemon.info opennhrp[1909]: Interface gre1: GRE
configuration changed. Purged 1 peers.
Feb 2 23:06:51 SpokeWest daemon.info opennhrp[1909]: Filter code installed
(25 opcodes)
Feb 2 23:06:51 SpokeWest daemon.info racoon: INFO: admin establish-sa 1ff
5.5.5.254[0] 3.3.3.254[0]
Feb 2 23:06:51 SpokeWest daemon.info racoon: INFO: admin establish-sa 202
5.5.5.254[0] 3.3.3.254[0]
*Feb 2 23:06:51 SpokeWest daemon.info <http://daemon.info> opennhrp[1917]:
Sending Registration Request to 172.16.0.0 (my mtu=0)*
*Feb 2 23:06:51 SpokeWest daemon.info <http://daemon.info> opennhrp[1917]:
Received Registration Reply from 172.16.1.1 <http://172.16.1.1>:
administratively prohibited*
On hub:
Feb 2 23:06:36 AlpineHUB daemon.info opennhrp[2023]: OpenNHRP 0.14.1
starting
Feb 2 23:06:36 AlpineHUB daemon.info opennhrp[2023]: Interface lo:
configured UP, mtu=0
Feb 2 23:06:36 AlpineHUB daemon.info opennhrp[2023]: Interface eth0:
configured UP, mtu=1500
Feb 2 23:06:36 AlpineHUB daemon.info opennhrp[2023]: Interface eth1:
config change, mtu=1500
Feb 2 23:06:36 AlpineHUB daemon.info opennhrp[2023]: Interface gre0:
config change, mtu=1476
Feb 2 23:06:36 AlpineHUB daemon.info opennhrp[2023]: Interface gretap0:
config change, mtu=1462
Feb 2 23:06:36 AlpineHUB daemon.info opennhrp[2023]: Interface gre1:
configured UP, mtu=1472
Feb 2 23:06:36 AlpineHUB daemon.info opennhrp[2023]: Interface gre1: GRE
configuration changed. Purged 0 peers.
Feb 2 23:06:36 AlpineHUB daemon.info opennhrp[2023]: Filter code installed
(25 opcodes)
Feb 2 23:06:51 AlpineHUB daemon.info opennhrp[2029]: Received Registration
Request from proto src 172.16.1.10 to 172.16.1.1
Feb 2 23:06:51 AlpineHUB auth.err opennhrp-script: GRE registration of
172.16.1.10 to 5.5.5.254 DENIED
Feb 2 23:06:51 AlpineHUB daemon.err opennhrp[2029]: [172.16.1.10] Peer
registration failed: exitstatus 1
Feb 2 23:06:51 AlpineHUB daemon.info opennhrp[2029]: Sending Registration
Reply from proto src 172.16.1.1 to 172.16.1.10 (0 bindings accepted, 1
rejected)
Feb 2 23:07:39 AlpineHUB daemon.info opennhrp[2029]: Received Registration
Request from proto src 172.16.1.10 to 172.16.1.1
Feb 2 23:07:39 AlpineHUB auth.err opennhrp-script: GRE registration of
172.16.1.10 to 5.5.5.254 DENIED
The hub is 172.16.1.1 gre address and the spoke is 172.16.1.10 ... subnet
is /16
The public "internet" facing address of hub is *3.3.3.254*
the public facing address of spoke is *5.5.5.254*
I'm using some certs that I generated with PFsense which i have used for
openvpn and the tunnel seems to be coming up as far as I can tell with
racoon as I can see what looks like an SA.
When I look at the hub opennhrp-script, it seems to be running through a
check for OU= and AS= embedded within the certificate? If this is the
case, then I'm pretty sure the Certs will not have this info in them as I
just generated bog standard x509 certs with the usual info in them
(location ,department...)? ... Doesn't mention it on the instructions re:
embedding some kind of ID in the cert?
Also if I delete/comment that section, it gets a bit further but then says
failed exitstatus 2
I'm pretty confused it has done this in two setups as I started from
scratch but still not getting anywhere with it :(
Is anyone able to help? I'm probably doing something daft, but I've spent
ages on it now and I'm going round in circles.
Cheers!
JC.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
opennhrp-devel mailing list
opennhrp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
