Hi Gert,
On 29/04/20 13:11, Gert Doering wrote:
Hi,
On Wed, Apr 29, 2020 at 12:45:26PM +0200, Gert Doering wrote:
On Wed, Apr 29, 2020 at 12:25:02PM +0200, Jan Just Keijser wrote:
in other words, OSPF is not UDP or TCP based and hence will not easily
work over routed tunnels - which makes sense, as OSPF is a rout*ING
*protocol, not a rout*ED* protocol.
Naaah.
To word this a bit more explitly :-)
OpenVPN in p2p mode will transport everything that is running on top
of IPv4 or IPv6. So, no "UDP or TCP based" (otherwise "ping" wouldn't
work). It will transport OSPF / OSPFv3 packets just fine.
It might or might not transport non-IP stuff, like IPX or ISO (which
would be needed for IS-IS routing). Theoretically it should, but I
would assume some checks for v4/v6 and subsequent packet explosion.
Now, p2mp mode. In p2mp mode, the server needs to understand what to
do with the packet (server-internal routing table, "iroute" stuff).
OSPF does multicast, which is somewhat half-implemented into OpenVPN -
namely, multicast packets get treated as broadcasted. Which is what
is needed here: make sure OSPF packets get to all tun clients
(drawback: also to those that are not running OSPF, so don't mix).
This should also work "just fine", because the server's routing is
also not based on "UDP or TCP based", just on IPv4/IPv6 target address
inside the tunnel.
Next, OSPF exchanges IPv4/IPv6 routing info, and this is programmed into
the kernel routing table left and right. *This* is where OSPF breaks
in p2mp mode, because this kernel routing info is not propagating into
the OpenVPN server iroute table.
thanks for correcting me, as always ;)
it does make me wonder what the posts were about of people using
openvpn+tun+pfsense/quagga - some even more than 10 yrs ago!
cheers,
JJK
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
