Re: Cannot connect two ospf-instances over tun-interface

[dawid k]

Hello,

I got the server to work. The issue was, that I didn't disable iptables
correct. Now two client and the server are exchanging own routes.

I connected to one client another one over a router and the router is
connected to the ospf-network as well.

But somehow I cannot contact the new client from the first client or even
from the server. Iptables are surely disabled now.

My current setting


client3
192.168.30.2 (eth)
|
|
192.168.30.1 (eth)
routerA
192.168.21.5 (eth)
|
|
192.168.21.1 (eth)
client2
10.29.0.8 (tun)
|
|
10.29.0.1 (tun)
Server
10.29.0.1 (tun)
|
|
10.29.0.4 (tun)
client1
192.168.21.17 (eth)


I ran following commands on client1

route -n (routes with metric 12 are set by bird)

Destination   Gateway Genmask Flags Metric RefUse
Iface
10.29.0.0  0.0.0.0 255.255.252.0   U 0  00
tun0
W0.0.0.0 255.255.255.252 U 0  00 eth1
XXX0.0.0.0 255.255.255.255 UH1024   00 eth1
192.168.21.010.29.0.8 255.255.255.240 UG12 00 tun0
192.168.21.16  0.0.0.0 255.255.255.240 U 0  00 eth0
192.168.30.010.29.0.8 255.255.255.240 UG12 00 tun0


traceroute  192.168.21.3
traceroute to 192.168.21.3 (192.168.21.3), 30 hops max, 38 byte packets
 1  10.29.0.8 (10.29.0.8)  101.192 ms  111.038 ms  116.587 ms
 2  192.168.21.3 (192.168.21.3)  102.448 ms  72.160 ms  100.151 ms

traceroute  192.168.30.1
traceroute to 192.168.30.1 (192.168.30.1), 30 hops max, 38 byte packets
 1  server(10.29.0.1)  128.053 ms  128.731 ms  117.244 ms
 2  *^C (no response)


and the server:

route -n (routes with metric 17 are set by bird)

ZielRouter  Genmask Flags Metric RefUse
Iface
192.168.21.16   10.29.0.4   255.255.255.240 UG17 00 tun0
192.168.21.010.29.0.8   255.255.255.240 UG17 00 tun0
192.168.30.010.29.0.8   255.255.255.240 UG17 00 tun0
192.168.20.00.0.0.0 255.255.255.0   U 0  00 eth0
10.29.0.0   0.0.0.0 255.255.252.0   U 0  00 tun0
 0.0.0.0 255.255.0.0 U 1002   00 eth0

traceroute  192.168.21.3

traceroute to 192.168.21.3 (192.168.21.3), 30 hops max, 60 byte packets
 1  10.29.0.8 (10.29.0.8)  40.352 ms  96.659 ms  96.643 ms
 2  192.168.21.3 (192.168.21.3)  96.625 ms  96.606 ms  96.586 ms

traceroute  192.168.30.1
no responce

As you can see in route -n, the server has a valid route to 192.168.30.0

Do you have any idea, what I'm missing now? I guess that's the "tricky
party", mentioned by Micheal McConnell.



2018-04-04 13:54 GMT+02:00 dawid k :

>
> 2018-04-04 12:31 GMT+02:00 Ondrej Zajicek :
>
>> On Wed, Apr 04, 2018 at 11:35:03AM +0200, dawid k wrote:
>> > 2018-04-04 10:59 GMT+02:00 Jan Maria Matejka :
>> >
>> > > Hello,
>> > >
>> > > please could you enable 'debug all' for the ospf protocol at server?
>> > > It should tell you whether it receives the packets and what is it
>> doing
>> > > with them.
>> > >
>> >
>> > It is enabled, Here the logs:
>> >
>> >
>> > no received packets, but with tcpdump on server I can see, that all
>> devices
>> > are sending hello messages:
>>
>> Hello
>>
>> That is interesting, It is possible that there is some problem with
>> multicast on OpenVPN, as mentioned by Michael McConnell, but not in the
>> sense
>> of multicast transmit (which works as seen by tcpdump), but multicast
>> delivery
>> to userspace sockets (so BIRD does not get them).
>>
>> One workaround would be to use NBMA interface type in BIRD OSPF. That
>> uses just unicast, so perhaps there would not be this problem. See 'type
>> nbma' OSPF option. Then you have to use 'neighbors' option to specify
>> client IPs on server and at least server IP (marked 'eligible') on clients
>> and set priority to 0 on clients.
>>
>> Thank you for your help, but it is still not working.
>
> I tried the nmba connection between one client and server with following
> settings:
>
> client:
>
> interface "tun0" {
> cost 10;
> type nbma;
> strict nonbroadcast yes; #tried with disabled as
> well
> stub no;
> hello 10;
> transmit delay 5;
> wait 10;
> dead 40;
> priority 0;
> neighbors {
> 10.29.0.1 eligible; #server's IP
> };
>  };
>
> server
> interface "tun0" {
> cost 10;
> type nbma;
> strict nonbroadcast yes;
> stub no;
> hello 10;
>  

Re: Cannot connect two ospf-instances over tun-interface

[dawid k]

2018-04-04 12:31 GMT+02:00 Ondrej Zajicek :

> On Wed, Apr 04, 2018 at 11:35:03AM +0200, dawid k wrote:
> > 2018-04-04 10:59 GMT+02:00 Jan Maria Matejka :
> >
> > > Hello,
> > >
> > > please could you enable 'debug all' for the ospf protocol at server?
> > > It should tell you whether it receives the packets and what is it doing
> > > with them.
> > >
> >
> > It is enabled, Here the logs:
> >
> >
> > no received packets, but with tcpdump on server I can see, that all
> devices
> > are sending hello messages:
>
> Hello
>
> That is interesting, It is possible that there is some problem with
> multicast on OpenVPN, as mentioned by Michael McConnell, but not in the
> sense
> of multicast transmit (which works as seen by tcpdump), but multicast
> delivery
> to userspace sockets (so BIRD does not get them).
>
> One workaround would be to use NBMA interface type in BIRD OSPF. That
> uses just unicast, so perhaps there would not be this problem. See 'type
> nbma' OSPF option. Then you have to use 'neighbors' option to specify
> client IPs on server and at least server IP (marked 'eligible') on clients
> and set priority to 0 on clients.
>
> Thank you for your help, but it is still not working.

I tried the nmba connection between one client and server with following
settings:

client:

interface "tun0" {
cost 10;
type nbma;
strict nonbroadcast yes; #tried with disabled as
well
stub no;
hello 10;
transmit delay 5;
wait 10;
dead 40;
priority 0;
neighbors {
10.29.0.1 eligible; #server's IP
};
 };

server
interface "tun0" {
cost 10;
type nbma;
strict nonbroadcast yes;
stub no;
hello 10;
transmit delay 5;
wait 10;
dead 40;
neighbors {
10.26.0.4; # client's IP
};
 };

There are no error messages in logs only the info: HELLO packet sent via
tun0.
I started  tcpdump -v -s 0  proto ospf -i tun0 now on both client and
server and there is no traffic at all.
The routes are set properly and ping is working. I tried ptp as well with
similar result. Im using iptables, but for the test I deactivated it.
I have no idea, why tcpdump shows no traffic. I suppose, that there is an
issue with OpenVPN, what Michael McConnel and others mentioned.




> --
> Elen sila lumenn' omentielvo
>
> Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
> OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
> "To err is human -- to blame it on a computer is even more so."
>

Re: Cannot connect two ospf-instances over tun-interface

[Ondrej Zajicek]

On Wed, Apr 04, 2018 at 11:35:03AM +0200, dawid k wrote:
> 2018-04-04 10:59 GMT+02:00 Jan Maria Matejka :
> 
> > Hello,
> >
> > please could you enable 'debug all' for the ospf protocol at server?
> > It should tell you whether it receives the packets and what is it doing
> > with them.
> >
> 
> It is enabled, Here the logs:
> 
> 
> no received packets, but with tcpdump on server I can see, that all devices
> are sending hello messages:

Hello

That is interesting, It is possible that there is some problem with
multicast on OpenVPN, as mentioned by Michael McConnell, but not in the sense
of multicast transmit (which works as seen by tcpdump), but multicast delivery
to userspace sockets (so BIRD does not get them).

One workaround would be to use NBMA interface type in BIRD OSPF. That
uses just unicast, so perhaps there would not be this problem. See 'type
nbma' OSPF option. Then you have to use 'neighbors' option to specify
client IPs on server and at least server IP (marked 'eligible') on clients
and set priority to 0 on clients.

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."

Re: Cannot connect two ospf-instances over tun-interface

[Jan Maria Matejka]

Hmmm ... will try it on my own network some time this week.
If I don't send any report until Monday (April 9th), please ping me.

M.

On 04/04/2018 11:35 AM, dawid k wrote:
> 
> 
> 2018-04-04 10:59 GMT+02:00 Jan Maria Matejka  >:
> 
> Hello,
> 
> please could you enable 'debug all' for the ospf protocol at server?
> It should tell you whether it receives the packets and what is it doing
> with them.
> 
> 
> It is enabled, Here the logs: 
> 
> 
> 2018-04-04 11:22:42  myOSPF3: Initializing
> 2018-04-04 11:22:42  myOSPF3: Starting
> 2018-04-04 11:22:42  myOSPF3: Adding area 0.0.0.0
> 2018-04-04 11:22:42  myOSPF3: Connected to table master
> 2018-04-04 11:22:42  myOSPF3: State changed to feed
> 2018-04-04 11:22:42  myOSPF3 < added 1.1.1.1/32  
> via 192.168.20.94 on eth0
> 2018-04-04 11:22:42  myOSPF3: Originating LSA: Type: 4005, Id: 
> 1.1.1.1, Rt: 10.29.0.1, Seq: 8001
> 2018-04-04 11:22:42  Started
> 2018-04-04 11:22:42  myOSPF3 < interface lo goes up
> 2018-04-04 11:22:42  myOSPF3 < primary address 127.0.0.0/8 
>  on interface lo added
> 2018-04-04 11:22:42  myOSPF3 < interface eth0 goes up
> 2018-04-04 11:22:42  myOSPF3 < primary address 192.168.20.0/24 
>  on interface eth0 added
> 2018-04-04 11:22:42  myOSPF3 < interface tun0 goes up
> 2018-04-04 11:22:42  myOSPF3 < primary address 10.29.0.0/22 
>  on interface tun0 added
> 2018-04-04 11:22:42  myOSPF3: Adding interface tun0 (10.29.0.0/22 
> ) to area 0.0.0.0
> 2018-04-04 11:22:42  myOSPF3 < added 1.1.1.1/32  
> via 192.168.20.94 on eth0
> 2018-04-04 11:22:42  myOSPF3: State changed to up
> 2018-04-04 11:22:42  KRT: Received route 1.1.1.1/32  
> with strange next-hop 192.168.20.94
> 2018-04-04 11:22:42  KRT: Received route 1.1.1.1/32  
> with strange next-hop 192.168.20.94
> 2018-04-04 11:22:42  KRT: Received route 10.29.0.0/20 
>  with strange next-hop 10.29.0.1
> 2018-04-04 11:22:42  Netlink: File exists
> 2018-04-04 11:22:42  myOSPF3: Interface tun0 changed state from Down 
> to Waiting
> 2018-04-04 11:22:42  myOSPF3: HELLO packet sent via tun0
> 2018-04-04 11:22:43  myOSPF3: Updating router state for area 0.0.0.0
> 2018-04-04 11:22:43  myOSPF3: Originating LSA: Type: 2001, Id: 
> 10.29.0.1, Rt: 10.29.0.1, Seq: 8001
> 2018-04-04 11:22:43  myOSPF3: Scheduling routing table calculation
> 2018-04-04 11:22:43  myOSPF3: Starting routing table calculation
> 2018-04-04 11:22:43  myOSPF3: Starting routing table calculation for 
> area 0.0.0.0
> 2018-04-04 11:22:43  myOSPF3: Starting routing table calculation for 
> inter-area (area 0.0.0.0)
> 2018-04-04 11:22:43  myOSPF3: Starting routing table calculation for 
> ext routes
> 2018-04-04 11:22:43  myOSPF3: Starting routing table synchronisation
> 2018-04-04 11:22:43  myOSPF3 > added [best] 10.29.0.0/22 
>  dev tun0
> 2018-04-04 11:22:43  myOSPF3 < rejected by protocol 10.29.0.0/22 
>  dev tun0
> 2018-04-04 11:22:52  myOSPF3: HELLO packet sent via tun0
> 2018-04-04 11:22:52  myOSPF3: Wait timer fired on tun0
> 2018-04-04 11:22:52  myOSPF3: Interface tun0 changed state from 
> Waiting to DR
> 2018-04-04 11:22:52  myOSPF3: Updating router state for area 0.0.0.0
> 
> 
> no received packets, but with tcpdump on server I can see, that all devices 
> are sending hello messages:
> 
> 
> 11:18:26.328789 IP (tos 0xc0, ttl 1, id 15244, offset 0, flags [none], proto 
> OSPF (89), length 64)
>     10.29.0.1 (that's the server) > ospf-all.mcast.net 
> : OSPFv2, Hello, length 44
>         Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)
>         Options [External]
>           Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>           Designated Router 10.29.0.1
> 11:18:31.408140 IP (tos 0xc0, ttl 1, id 62511, offset 0, flags [none], proto 
> OSPF (89), length 72)
>     10.29.0.8 > ospf-all.mcast.net : OSPFv2, 
> Hello, length 52
>         Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0)
>         Options [External]
>           Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>           Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
>           Neighbor List:
>             192.168.21.17
>             10.29.0.1
> 11:18:31.741169 IP (tos 0xc0, ttl 1, id 55888, offset 0, flags [none], proto 
> OSPF (89), length 72)
>     10.29.0.4 > ospf-all.mcast.net : OSPFv2, 
> Hello, length 52
>         Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0)
>         Options [External]
>           Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>           Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
>           Neighbor List:
>     

Re: Cannot connect two ospf-instances over tun-interface

[dawid k]

2018-04-04 10:59 GMT+02:00 Jan Maria Matejka :

> Hello,
>
> please could you enable 'debug all' for the ospf protocol at server?
> It should tell you whether it receives the packets and what is it doing
> with them.
>

It is enabled, Here the logs:


2018-04-04 11:22:42  myOSPF3: Initializing
2018-04-04 11:22:42  myOSPF3: Starting
2018-04-04 11:22:42  myOSPF3: Adding area 0.0.0.0
2018-04-04 11:22:42  myOSPF3: Connected to table master
2018-04-04 11:22:42  myOSPF3: State changed to feed
2018-04-04 11:22:42  myOSPF3 < added 1.1.1.1/32 via 192.168.20.94 on
eth0
2018-04-04 11:22:42  myOSPF3: Originating LSA: Type: 4005, Id:
1.1.1.1, Rt: 10.29.0.1, Seq: 8001
2018-04-04 11:22:42  Started
2018-04-04 11:22:42  myOSPF3 < interface lo goes up
2018-04-04 11:22:42  myOSPF3 < primary address 127.0.0.0/8 on
interface lo added
2018-04-04 11:22:42  myOSPF3 < interface eth0 goes up
2018-04-04 11:22:42  myOSPF3 < primary address 192.168.20.0/24 on
interface eth0 added
2018-04-04 11:22:42  myOSPF3 < interface tun0 goes up
2018-04-04 11:22:42  myOSPF3 < primary address 10.29.0.0/22 on
interface tun0 added
2018-04-04 11:22:42  myOSPF3: Adding interface tun0 (10.29.0.0/22)
to area 0.0.0.0
2018-04-04 11:22:42  myOSPF3 < added 1.1.1.1/32 via 192.168.20.94 on
eth0
2018-04-04 11:22:42  myOSPF3: State changed to up
2018-04-04 11:22:42  KRT: Received route 1.1.1.1/32 with strange
next-hop 192.168.20.94
2018-04-04 11:22:42  KRT: Received route 1.1.1.1/32 with strange
next-hop 192.168.20.94
2018-04-04 11:22:42  KRT: Received route 10.29.0.0/20 with strange
next-hop 10.29.0.1
2018-04-04 11:22:42  Netlink: File exists
2018-04-04 11:22:42  myOSPF3: Interface tun0 changed state from Down
to Waiting
2018-04-04 11:22:42  myOSPF3: HELLO packet sent via tun0
2018-04-04 11:22:43  myOSPF3: Updating router state for area 0.0.0.0
2018-04-04 11:22:43  myOSPF3: Originating LSA: Type: 2001, Id:
10.29.0.1, Rt: 10.29.0.1, Seq: 8001
2018-04-04 11:22:43  myOSPF3: Scheduling routing table calculation
2018-04-04 11:22:43  myOSPF3: Starting routing table calculation
2018-04-04 11:22:43  myOSPF3: Starting routing table calculation for
area 0.0.0.0
2018-04-04 11:22:43  myOSPF3: Starting routing table calculation for
inter-area (area 0.0.0.0)
2018-04-04 11:22:43  myOSPF3: Starting routing table calculation for
ext routes
2018-04-04 11:22:43  myOSPF3: Starting routing table synchronisation
2018-04-04 11:22:43  myOSPF3 > added [best] 10.29.0.0/22 dev tun0
2018-04-04 11:22:43  myOSPF3 < rejected by protocol 10.29.0.0/22 dev
tun0
2018-04-04 11:22:52  myOSPF3: HELLO packet sent via tun0
2018-04-04 11:22:52  myOSPF3: Wait timer fired on tun0
2018-04-04 11:22:52  myOSPF3: Interface tun0 changed state from
Waiting to DR
2018-04-04 11:22:52  myOSPF3: Updating router state for area 0.0.0.0


no received packets, but with tcpdump on server I can see, that all devices
are sending hello messages:


11:18:26.328789 IP (tos 0xc0, ttl 1, id 15244, offset 0, flags [none],
proto OSPF (89), length 64)
10.29.0.1 (that's the server) > ospf-all.mcast.net: OSPFv2, Hello,
length 44
Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)
Options [External]
  Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
  Designated Router 10.29.0.1
11:18:31.408140 IP (tos 0xc0, ttl 1, id 62511, offset 0, flags [none],
proto OSPF (89), length 72)
10.29.0.8 > ospf-all.mcast.net: OSPFv2, Hello, length 52
Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0)
Options [External]
  Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
  Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
  Neighbor List:
192.168.21.17
10.29.0.1
11:18:31.741169 IP (tos 0xc0, ttl 1, id 55888, offset 0, flags [none],
proto OSPF (89), length 72)
10.29.0.4 > ospf-all.mcast.net: OSPFv2, Hello, length 52
Router-ID 192.168.21.17, Backbone Area, Authentication Type: none
(0)
Options [External]
  Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
  Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
  Neighbor List:
192.168.21.1
10.29.0.1


The issue is, that the server cannot leave the init state. The clients see
each other.

on client:
birdc show ospf neighbors
BIRD 1.6.3 ready.
myOSPF2:
Router ID   Pri  State  DTime   Interface  Router IP
192.168.20.54 1 Full/DR 00:36   eth0   192.168.21.22
192.168.21.1  1 Full/BDR00:32   tun0   10.29.0.8
10.29.0.1 1 Init/Other  00:37   tun0   10.29.0.1





>
> OpenVPN in TUN mode does quite strange things with routing. Have you tried
> routing by static routes first (to see whether it works or not)?
>
> Example:
>
> Server has 10.29.0.1/30 (peer 10.29.0.2).
> Client A has 10.29.0.5/30 (peer 10.29.0.6) and 172.30.5.0/24 on other
> 

Re: Cannot connect two ospf-instances over tun-interface

[Jan Maria Matejka]

Hello,

please could you enable 'debug all' for the ospf protocol at server?
It should tell you whether it receives the packets and what is it doing
with them.

OpenVPN in TUN mode does quite strange things with routing. Have you tried
routing by static routes first (to see whether it works or not)?

Example:

Server has 10.29.0.1/30 (peer 10.29.0.2).
Client A has 10.29.0.5/30 (peer 10.29.0.6) and 172.30.5.0/24 on other iface.
Client B has 10.29.0.9/30 (peer 10.29.0.10) and 172.30.9.0/24 on other iface.

Have you managed to add a route on Client A that would route traffic
to 172.30.9.0/24? (If yes, please tell me, I also need something like that.)

Now I overcome these problems by several GRE (or GRETAP) tunnels over the VPN,
these are real PtP links and also routing works over them quite well.

M.

On 04/04/2018 10:29 AM, dawid k wrote:
> Additional info:
> 
> bird show ospf state on server:
> 
> area 0.0.0.0
> 
>         router 10.29.0.1
>                 distance 0
>                 stubnet 10.29.0.0/22  metric 10   
>                 external 1.1.1.1/32  metric 33
>                 external 10.29.0.0/22  metric 33
> 
> I wonder, why my netowrk is marked as stubnet. I defined in config stub no. I 
> suppose, that's the problem, but how can I avoid this ?
> 
> bird show ospf state on first client :
> 
>      router 192.168.21.17
>                 distance 20
>                 network 192.168.21.16/28  metric 5
>                 network 10.29.0.0/22  metric 10 #ethernet
>                 external 192.168.9.17/32  metric2 
> 1 via 192.168.21.25 #static
> 
>     network 
>           ..
> 
> 
> 
> 
> 2018-04-04 8:59 GMT+02:00 dawid k  >:
> 
> Hi Chris,
> 
> Thank you for your advice, I got a little bit forward.
> 
> I expended my topology with another pc - another vpn client - and I got 
> these two vpn clients working, but somehow I cannot get the server to work 
> properly. The server remains always in state  Init/Other.
> 
> I can see with tcpdump, that every pc is sending the hello-message, but 
> the server is missing the neighbor list:
> 
> 
> 08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none], 
> proto OSPF (89), length 64)
> server > ospf-all.mcast.net : OSPFv2, Hello, 
> length 44
>         Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)
>         Options [External]
>           Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>           Designated Router 10.29.0.1
> 08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none], 
> proto OSPF (89), length 72)
>     10.29.0.8 > ospf-all.mcast.net : OSPFv2, 
> Hello, length 52
>         Router-ID 192.168.21.1, Backbone Area, Authentication Type: none 
> (0)
>         Options [External]
>           Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>           Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
>           Neighbor List:
>             192.168.21.17
>             10.29.0.1
> 08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none], 
> proto OSPF (89), length 72)
>     10.29.0.4 > ospf-all.mcast.net : OSPFv2, 
> Hello, length 52
>         Router-ID 192.168.21.17, Backbone Area, Authentication Type: none 
> (0)
>         Options [External]
>           Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>           Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
>           Neighbor List:
>             192.168.21.1
>             10.29.0.1
> 
> Here the output from  birdc show ospf neighbors on client:
> 
> Router ID       Pri          State      DTime   Interface  Router IP
> 192.168.21.17     1     Full/DR         00:35   tun0       10.29.0.4
> 10.29.0.1         1     Init/Other      00:38   tun0       10.29.0.1
> 
> and finally my ospf-setup for every device:
> 
> 
> protocol ospf myOSPFX { # X depending on device (1,2,3)
>         debug all;
>         import filter importAll;
>         export filter onlyLocalExport;
>         area 0.0.0.0 {
>                 interface "tun0" {
>                         cost 10;
>                         type  bcast;
>                         stub no;
>                         hello 10;
>                         transmit delay 5;
>                         wait 10;
>                         dead 40;
>                  };
>        };
> }
> 
> Do you have any idea, what I'm missing? 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 2018-04-03 16:52 GMT+02:00 Chris Boot  

Re: Cannot connect two ospf-instances over tun-interface

[dawid k]

Additional info:

bird show ospf state on server:

area 0.0.0.0

router 10.29.0.1
distance 0
stubnet 10.29.0.0/22 metric 10
external 1.1.1.1/32 metric 33
external 10.29.0.0/22 metric 33

I wonder, why my netowrk is marked as stubnet. I defined in config stub no.
I suppose, that's the problem, but how can I avoid this ?

bird show ospf state on first client :

 router 192.168.21.17
distance 20
network 192.168.21.16/28 metric 5
network 10.29.0.0/22 metric 10 #ethernet
external 192.168.9.17/32 metric2 1 via 192.168.21.25
#static

network
  ..




2018-04-04 8:59 GMT+02:00 dawid k :

> Hi Chris,
>
> Thank you for your advice, I got a little bit forward.
>
> I expended my topology with another pc - another vpn client - and I got
> these two vpn clients working, but somehow I cannot get the server to work
> properly. The server remains always in state  Init/Other.
>
> I can see with tcpdump, that every pc is sending the hello-message, but
> the server is missing the neighbor list:
>
>
> 08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none],
> proto OSPF (89), length 64)
> server > ospf-all.mcast.net: OSPFv2, Hello, length 44
> Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)
> Options [External]
>   Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>   Designated Router 10.29.0.1
> 08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none],
> proto OSPF (89), length 72)
> 10.29.0.8 > ospf-all.mcast.net: OSPFv2, Hello, length 52
> Router-ID 192.168.21.1, Backbone Area, Authentication Type: none
> (0)
> Options [External]
>   Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>   Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
>   Neighbor List:
> 192.168.21.17
> 10.29.0.1
> 08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none],
> proto OSPF (89), length 72)
> 10.29.0.4 > ospf-all.mcast.net: OSPFv2, Hello, length 52
> Router-ID 192.168.21.17, Backbone Area, Authentication Type: none
> (0)
> Options [External]
>   Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>   Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
>   Neighbor List:
> 192.168.21.1
> 10.29.0.1
>
> Here the output from  birdc show ospf neighbors on client:
>
> Router ID   Pri  State  DTime   Interface  Router IP
> 192.168.21.17 1 Full/DR 00:35   tun0   10.29.0.4
> 10.29.0.1 1 Init/Other  00:38   tun0   10.29.0.1
>
> and finally my ospf-setup for every device:
>
>
> protocol ospf myOSPFX { # X depending on device (1,2,3)
> debug all;
> import filter importAll;
> export filter onlyLocalExport;
> area 0.0.0.0 {
> interface "tun0" {
> cost 10;
> type  bcast;
> stub no;
> hello 10;
> transmit delay 5;
> wait 10;
> dead 40;
>  };
>};
> }
>
> Do you have any idea, what I'm missing?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> 2018-04-03 16:52 GMT+02:00 Chris Boot :
>
>> [re-sending to the list with the correct From address]
>>
>> Hi,
>>
>> You should be able to do this with 'topology subnet' on your server end.
>> It doesn't work with net30 (the default) or p2p, but I can confirm that
>> OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'.
>>
>> I think there are issues with IPv6 on tun links with respect to
>> multicast, so you may struggle to get OSPFv3 working, but I haven't had
>> to do that yet.
>>
>> HTH,
>> Chris
>>
>> On 03/04/18 15:34, dawid k wrote:
>> > Therefore I tried running ospf in broadcast mode as well, but then it
>> > changed automatically:
>> >
>> >  myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp
>> >
>> > I tried the tap-Interface and it's working (or at least the neighbours
>> > were detected) but as said, my system has to use tun and I cannot change
>> > it. So there is propably no solution for such settings. I will try bgp
>> > instead. Thank you for your help.
>> >
>> > 2018-04-03 16:18 GMT+02:00 Ondrej Zajicek > > >:
>> >
>> > On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote:
>> > > OpenVPN won’t do multicast over TUN, only TAP.
>> >
>> > Well, that would be silly from OpenVPN. But tcpdump output from
>> Dawid K
>> > shows that multicast packets are propagated throught TUN:
>> >
>> > > 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, 

Re: Cannot connect two ospf-instances over tun-interface

[dawid k]

Hi Chris,

Thank you for your advice, I got a little bit forward.

I expended my topology with another pc - another vpn client - and I got
these two vpn clients working, but somehow I cannot get the server to work
properly. The server remains always in state  Init/Other.

I can see with tcpdump, that every pc is sending the hello-message, but the
server is missing the neighbor list:


08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none],
proto OSPF (89), length 64)
server > ospf-all.mcast.net: OSPFv2, Hello, length 44
Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)
Options [External]
  Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
  Designated Router 10.29.0.1
08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none], proto
OSPF (89), length 72)
10.29.0.8 > ospf-all.mcast.net: OSPFv2, Hello, length 52
Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0)
Options [External]
  Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
  Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
  Neighbor List:
192.168.21.17
10.29.0.1
08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none], proto
OSPF (89), length 72)
10.29.0.4 > ospf-all.mcast.net: OSPFv2, Hello, length 52
Router-ID 192.168.21.17, Backbone Area, Authentication Type: none
(0)
Options [External]
  Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
  Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
  Neighbor List:
192.168.21.1
10.29.0.1

Here the output from  birdc show ospf neighbors on client:

Router ID   Pri  State  DTime   Interface  Router IP
192.168.21.17 1 Full/DR 00:35   tun0   10.29.0.4
10.29.0.1 1 Init/Other  00:38   tun0   10.29.0.1

and finally my ospf-setup for every device:


protocol ospf myOSPFX { # X depending on device (1,2,3)
debug all;
import filter importAll;
export filter onlyLocalExport;
area 0.0.0.0 {
interface "tun0" {
cost 10;
type  bcast;
stub no;
hello 10;
transmit delay 5;
wait 10;
dead 40;
 };
   };
}

Do you have any idea, what I'm missing?














2018-04-03 16:52 GMT+02:00 Chris Boot :

> [re-sending to the list with the correct From address]
>
> Hi,
>
> You should be able to do this with 'topology subnet' on your server end.
> It doesn't work with net30 (the default) or p2p, but I can confirm that
> OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'.
>
> I think there are issues with IPv6 on tun links with respect to
> multicast, so you may struggle to get OSPFv3 working, but I haven't had
> to do that yet.
>
> HTH,
> Chris
>
> On 03/04/18 15:34, dawid k wrote:
> > Therefore I tried running ospf in broadcast mode as well, but then it
> > changed automatically:
> >
> >  myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp
> >
> > I tried the tap-Interface and it's working (or at least the neighbours
> > were detected) but as said, my system has to use tun and I cannot change
> > it. So there is propably no solution for such settings. I will try bgp
> > instead. Thank you for your help.
> >
> > 2018-04-03 16:18 GMT+02:00 Ondrej Zajicek  > >:
> >
> > On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote:
> > > OpenVPN won’t do multicast over TUN, only TAP.
> >
> > Well, that would be silly from OpenVPN. But tcpdump output from
> Dawid K
> > shows that multicast packets are propagated throught TUN:
> >
> > > 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags
> [none], proto OSPF (89), length 64)
> > > server > 224.0.0.5 : OSPFv2, Hello, length
> 44
> > > Router-ID repo.traffic.local, Backbone Area,
> Authentication Type: none (0)
> > > Options [External]
> > >   Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
> > > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags
> [none], proto OSPF (89), length 64)
> > > 10.29.0.6 > 224.0.0.5 : OSPFv2, Hello,
> length 44
> > > Router-ID 192.168.21.17, Backbone Area, Authentication
> Type: none (0)
> > > Options [External]
> > >   Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
> >
> > --
> > Elen sila lumenn' omentielvo
> >
> > Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org
> > )
> > OpenPGP encrypted e-mails preferred (KeyID 

Cannot connect two ospf-instances over tun-interface

[Chris Boot]

[re-sending to the list with the correct From address]

Hi,

You should be able to do this with 'topology subnet' on your server end.
It doesn't work with net30 (the default) or p2p, but I can confirm that
OSPFv2 for IPv4 works in broadcast mode with 'topology subnet'.

I think there are issues with IPv6 on tun links with respect to
multicast, so you may struggle to get OSPFv3 working, but I haven't had
to do that yet.

HTH,
Chris

On 03/04/18 15:34, dawid k wrote:
> Therefore I tried running ospf in broadcast mode as well, but then it
> changed automatically: 
> 
>  myOSPF3: Cannot use interface tun0 as broadcast, forcing ptp
> 
> I tried the tap-Interface and it's working (or at least the neighbours
> were detected) but as said, my system has to use tun and I cannot change
> it. So there is propably no solution for such settings. I will try bgp
> instead. Thank you for your help.
> 
> 2018-04-03 16:18 GMT+02:00 Ondrej Zajicek  >:
> 
> On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote:
> > OpenVPN won’t do multicast over TUN, only TAP.
> 
> Well, that would be silly from OpenVPN. But tcpdump output from Dawid K
> shows that multicast packets are propagated throught TUN:
> 
> > 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], 
> proto OSPF (89), length 64)
> >     server > 224.0.0.5 : OSPFv2, Hello, length 44
> >         Router-ID repo.traffic.local, Backbone Area, Authentication 
> Type: none (0)
> >         Options [External]
> >           Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
> > 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], 
> proto OSPF (89), length 64)
> >     10.29.0.6 > 224.0.0.5 : OSPFv2, Hello, length 44
> >         Router-ID 192.168.21.17, Backbone Area, Authentication Type: 
> none (0)
> >         Options [External]
> >           Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
> 
> --
> Elen sila lumenn' omentielvo
> 
> Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org
> )
> OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3,
> wwwkeys.pgp.net )
> "To err is human -- to blame it on a computer is even more so."
> 
> 


-- 
Chris Boot
bo...@boo.tc

-- 
Chris Boot
bo...@boo.tc

Re: Cannot connect two ospf-instances over tun-interface

[Ondrej Zajicek]

On Tue, Apr 03, 2018 at 08:05:41AM -0600, Michael McConnell wrote:
> OpenVPN won’t do multicast over TUN, only TAP. 

Well, that would be silly from OpenVPN. But tcpdump output from Dawid K
shows that multicast packets are propagated throught TUN:

> 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto 
> OSPF (89), length 64)
> server > 224.0.0.5: OSPFv2, Hello, length 44
> Router-ID repo.traffic.local, Backbone Area, Authentication Type: 
> none (0)
> Options [External]
>   Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
> 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto 
> OSPF (89), length 64)
> 10.29.0.6 > 224.0.0.5: OSPFv2, Hello, length 44
> Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0)
> Options [External]
>   Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."

Re: Cannot connect two ospf-instances over tun-interface

[Michael McConnell]

OpenVPN won’t do multicast over TUN, only TAP. 

--
Michael McConnell
WINK Streaming;
email: mich...@winkstreaming.com
toll free: 877-GO-4-WINK x 7400
direct: +1 312 281-5434
cell: +506 8706-2389
skype: wink-michael
web: http://winkstreaming.com

> On Apr 3, 2018, at 1:23 AM, dawid k  wrote:
> 
> ip addr list:
> server: 
>  
> eth0, lo and 
> 5: tun0:  mtu 1500 qdisc pfifo_fast 
> state UNKNOWN qlen 100
> link/[65534]
> inet 10.29.0.1 peer 10.29.0.2/32  scope global tun0
> 
> client: 
> 
> 977: tun0:  mtu 1500 qdisc 
> pfifo_fast qlen 100
> link/[65534]
> inet 10.29.0.6 peer 10.29.0.5/32  scope global tun0
>valid_lft forever preferred_lft forever
> 
> Following commands resulted in similar output on client and server with 
> different IP-Addresses.
> 
> birdc show interfaces:
> 
> tun0 up (index=5)
> PtP Multicast AdminUp LinkUp MTU=1500
> 10.29.0.1/32  (Primary, opposite 10.29.0.2, 
> scope site)
> 
> birdc show ospf interface:
> 
> BIRD 1.6.3 ready.
> myOSPF3:
> Interface tun0 (peer 10.29.0.2)
> Type: ptp
> Area: 0.0.0.0 (0)
> State: PtP
> Priority: 1
> Cost: 10
> Hello timer: 10
> Wait timer: 10
> Dead timer: 40
> Retransmit timer: 5
> 
> 
> birdc show ospf neighbors: no neighbours. 
> 
> tcpdump -v -s 0  proto ospf -i tun0
> 
> 06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none], proto 
> OSPF (89), length 64)
> server > ospf-all.mcast.net : OSPFv2, Hello, 
> length 44
> Router-ID repo.traffic.local, Backbone Area, Authentication Type: 
> none (0)
> Options [External]
>   Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
> 06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none], proto 
> OSPF (89), length 64)
> 10.29.0.6 > ospf-all.mcast.net : OSPFv2, 
> Hello, length 44
> Router-ID 192.168.21.17, Backbone Area, Authentication Type: none (0)
> Options [External]
>   Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
> 
> Where server is the name of my server. 
> 
> In logs I can see only  multiple  myOSPF3: HELLO packet sent via tun0 
> - messages and once after start initial logs like adding area and originating 
> lsa for routes from static-protocol. 
> 
> 
> 
> Now i'm trying to establish ptp-connection for ospf, but in future the server 
> should run in ptmp mode. I suppose, that there is somethnig wrong with the 
> IP-Address of peer, since the server has IP-Address 10.29.0.1 and the client 
> 10.29.0.10. But I declared these IP-Adresses as neighbour in config file. 
> Maybe there is an issue, that the IP-Addresses are in /32-network? But 
> unfortunately I cannot change anything in openvpn settings. Do you have any 
> idea, what I'm doing wrong? 
> 
> 
> 
> 
> 
> 
> 2018-03-30 0:25 GMT+02:00 Ondrej Zajicek  >:
> On Thu, Mar 29, 2018 at 03:02:52PM +0200, dawid k wrote:
> > Here my configuration (client):
> >
> > ifconfig tun0:
> > tun0  Link encap:UNSPEC  HWaddr
> > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> >   inet addr:10.29.0.10  P-t-P:10.29.0.9  Mask:255.255.255.255
> >
> > bird_ospf.conf (included in bird.conf) :
> >
> > protocol ospf myOSPF {
> > area 0.0.0.0 {
> > interface "tun0" {
> > cost 10;
> > type ptp;
> > stub no; hello 10; transmit delay 5; wait 10; dead
> > 40;
> > neighbors {
> > 10.29.0.1;
> > }; }; };
> 
> Hi
> 
> What do you get from:
> 
> ip addr list
> birdc show interfaces
> birdc show ospf interface
> birdc show ospf neighbors
> tcpdump -v -s 0  proto ospf -i tun0
> 
> 
> Do you have anything interesting in logs?
> 
> --
> Elen sila lumenn' omentielvo
> 
> Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org 
> )
> OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net 
> )
> "To err is human -- to blame it on a computer is even more so."
> 
> 
> 2018-03-30 0:25 GMT+02:00 Ondrej Zajicek  >:
> On Thu, Mar 29, 2018 at 03:02:52PM +0200, dawid k wrote:
> > Here my configuration (client):
> >
> > ifconfig tun0:
> > tun0  Link encap:UNSPEC  HWaddr
> > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> >   inet addr:10.29.0.10  P-t-P:10.29.0.9  Mask:255.255.255.255
> >
> > bird_ospf.conf (included in bird.conf) :
> >
> > protocol ospf myOSPF {
> > area 0.0.0.0 {
> > interface "tun0" {
> > cost 10;
> >

Re: Cannot connect two ospf-instances over tun-interface

[Ondrej Zajicek]

On Tue, Apr 03, 2018 at 09:23:34AM +0200, dawid k wrote:
> ip addr list:
> server:
> 
> eth0, lo and
> 5: tun0:  mtu 1500 qdisc
> pfifo_fast state UNKNOWN qlen 100
> link/[65534]
> inet 10.29.0.1 peer 10.29.0.2/32 scope global tun0
> 
> client:
> 
> 977: tun0:  mtu 1500 qdisc
> pfifo_fast qlen 100
> link/[65534]
> inet 10.29.0.6 peer 10.29.0.5/32 scope global tun0
>valid_lft forever preferred_lft forever

> Now i'm trying to establish ptp-connection for ospf, but in future the
> server should run in ptmp mode. I suppose, that there is somethnig wrong
> with the IP-Address of peer, since the server has IP-Address 10.29.0.1 and
> the client 10.29.0.10. But I declared these IP-Adresses as neighbour in
> config file. Maybe there is an issue, that the IP-Addresses are in
> /32-network?

Yes, that is the issue. BIRD OSPFv2 works really on per-ip-range basis
instead of per-iface. So if you have 10.29.0.2/32 range on tun0, then
incoming packets outside of 10.29.0.2/32 are ignored. You could use /32
network, but it must be matching (10.29.0.2 peer 10.29.0.1/32 on the
client).

Option 'neighbors' in config file works only with NBMA or PtMP iface
types, is ignored otherwise.

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."

Re: Cannot connect two ospf-instances over tun-interface

[dawid k]

ip addr list:
server:

eth0, lo and
5: tun0:  mtu 1500 qdisc
pfifo_fast state UNKNOWN qlen 100
link/[65534]
inet 10.29.0.1 peer 10.29.0.2/32 scope global tun0

client:

977: tun0:  mtu 1500 qdisc
pfifo_fast qlen 100
link/[65534]
inet 10.29.0.6 peer 10.29.0.5/32 scope global tun0
   valid_lft forever preferred_lft forever

Following commands resulted in similar output on client and server with
different IP-Addresses.

birdc show interfaces:

tun0 up (index=5)
PtP Multicast AdminUp LinkUp MTU=1500
10.29.0.1/32 (Primary, opposite 10.29.0.2, scope site)

birdc show ospf interface:

BIRD 1.6.3 ready.
myOSPF3:
Interface tun0 (peer 10.29.0.2)
Type: ptp
Area: 0.0.0.0 (0)
State: PtP
Priority: 1
Cost: 10
Hello timer: 10
Wait timer: 10
Dead timer: 40
Retransmit timer: 5


birdc show ospf neighbors: no neighbours.

tcpdump -v -s 0  proto ospf -i tun0

06:59:00.439738 IP (tos 0xc0, ttl 1, id 15270, offset 0, flags [none],
proto OSPF (89), length 64)
server > ospf-all.mcast.net: OSPFv2, Hello, length 44
Router-ID repo.traffic.local, Backbone Area, Authentication Type:
none (0)
Options [External]
  Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1
06:59:02.449363 IP (tos 0xc0, ttl 1, id 18875, offset 0, flags [none],
proto OSPF (89), length 64)
10.29.0.6 > ospf-all.mcast.net: OSPFv2, Hello, length 44
Router-ID 192.168.21.17, Backbone Area, Authentication Type: none
(0)
Options [External]
  Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1

Where server is the name of my server.

In logs I can see only  multiple  myOSPF3: HELLO packet sent via
tun0 - messages and once after start initial logs like adding area and
originating lsa for routes from static-protocol.



Now i'm trying to establish ptp-connection for ospf, but in future the
server should run in ptmp mode. I suppose, that there is somethnig wrong
with the IP-Address of peer, since the server has IP-Address 10.29.0.1 and
the client 10.29.0.10. But I declared these IP-Adresses as neighbour in
config file. Maybe there is an issue, that the IP-Addresses are in
/32-network? But unfortunately I cannot change anything in openvpn
settings. Do you have any idea, what I'm doing wrong?






2018-03-30 0:25 GMT+02:00 Ondrej Zajicek :

> On Thu, Mar 29, 2018 at 03:02:52PM +0200, dawid k wrote:
> > Here my configuration (client):
> >
> > ifconfig tun0:
> > tun0  Link encap:UNSPEC  HWaddr
> > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> >   inet addr:10.29.0.10  P-t-P:10.29.0.9  Mask:255.255.255.255
> >
> > bird_ospf.conf (included in bird.conf) :
> >
> > protocol ospf myOSPF {
> > area 0.0.0.0 {
> > interface "tun0" {
> > cost 10;
> > type ptp;
> > stub no; hello 10; transmit delay 5; wait 10;
> dead
> > 40;
> > neighbors {
> > 10.29.0.1;
> > }; }; };
>
> Hi
>
> What do you get from:
>
> ip addr list
> birdc show interfaces
> birdc show ospf interface
> birdc show ospf neighbors
> tcpdump -v -s 0  proto ospf -i tun0
>
>
> Do you have anything interesting in logs?
>
> --
> Elen sila lumenn' omentielvo
>
> Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
> OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
> "To err is human -- to blame it on a computer is even more so."
>


2018-03-30 0:25 GMT+02:00 Ondrej Zajicek :

> On Thu, Mar 29, 2018 at 03:02:52PM +0200, dawid k wrote:
> > Here my configuration (client):
> >
> > ifconfig tun0:
> > tun0  Link encap:UNSPEC  HWaddr
> > 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> >   inet addr:10.29.0.10  P-t-P:10.29.0.9  Mask:255.255.255.255
> >
> > bird_ospf.conf (included in bird.conf) :
> >
> > protocol ospf myOSPF {
> > area 0.0.0.0 {
> > interface "tun0" {
> > cost 10;
> > type ptp;
> > stub no; hello 10; transmit delay 5; wait 10;
> dead
> > 40;
> > neighbors {
> > 10.29.0.1;
> > }; }; };
>
> Hi
>
> What do you get from:
>
> ip addr list
> birdc show interfaces
> birdc show ospf interface
> birdc show ospf neighbors
> tcpdump -v -s 0  proto ospf -i tun0
>
>
> Do you have anything interesting in logs?
>
> --
> Elen sila lumenn' omentielvo
>
> Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
> OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
> "To err is human -- to blame it on a computer is even more so."
>

Re: Cannot connect two ospf-instances over tun-interface

[Michael McConnell]

Hello Dawid,

I fought with this one for some time, I did get it working with OpenVPN but 
threw it out in favor of Tinc in the end…
Here is are the couple gotchas I ran into for OenVPN;

1. Use tap instead of tun
2. Ensure you have an interface (show interfaces)

If you do not have interfaces on the “client side” add;

protocol device {
scan time 10;
}

The tricky part after getting OSPF online was actually getting anything to 
route… but that is for later (;

Cheers,
Mike

--
Michael McConnell
WINK Streaming;
email: mich...@winkstreaming.com
toll free: 877-GO-4-WINK x 7400
direct: +1 312 281-5434
cell: +506 8706-2389
skype: wink-michael
web: http://winkstreaming.com

> On Mar 29, 2018, at 7:02 AM, dawid k  wrote:
> 
> Here my configuration (client):
> 
> ifconfig tun0:
> tun0  Link encap:UNSPEC  HWaddr 
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>   inet addr:10.29.0.10  P-t-P:10.29.0.9  Mask:255.255.255.255
> 
> bird_ospf.conf (included in bird.conf) :
> 
> protocol ospf myOSPF {
> area 0.0.0.0 {
> interface "tun0" {
> cost 10;
> type ptp;
> stub no; hello 10; transmit delay 5; wait 10; dead 40;
> neighbors {
> 10.29.0.1;
> }; }; };
> 
> tcpdump -v -XX  proto ospf -i tun0 (confirmation, that hello messages are 
> sent and received) :
> 
> 
> 12:59:03.143238 IP (tos 0xc0, ttl 1, id 15765, offset 0, flags [none], proto 
> OSPF (89), length 64)
>  10.29.0.01 > 224.0.0.5 : OSPFv2, Hello, length 44
> ...
> 12:59:09.157965 IP (tos 0xc0, ttl 1, id 59599, offset 0, flags [none], proto 
> OSPF (89), length 64)
> 10.29.0.10 > 224.0.0.5 : OSPFv2, Hello, length 44
> 
> 
> The server is using similar configuration. It differs only by IP(10.29.0.1) 
> and router-ID. 
> 
> 
> 
> 2018-03-29 13:37 GMT+02:00 dawid k  >:
> I'm trying to set up pretty simply configuration consisting of two linux 
> machines connected over tun-interface created by OpenVPN. 
> 
> The VPN-connection is working fine - I can send data over this interface. Now 
> I installed bird and configured ospf on both devices. I can see that both 
> bird instances are sending hello packets on tun-interface however no one of 
> them is getting the message. 
> 
> I can see with tcpdump, that every device is getting the hello-message. 
> However they are not forwarded to bird or bird just ignores them.
> 
> I tried my setup over cabel with eth0-interface and everything is working 
> fine. Right now every machine is advertising just one example static network. 
> I will focus on correct advertising later after I connect those two 
> instances. 
> 
> The tun0 interface is working in type ptp and the netmask is 255.255.255.255. 
> Do you have any idea what's wrong? 
> 
> Thanks for every input, tookie009
> 

Re: Cannot connect two ospf-instances over tun-interface

[Ondrej Zajicek]

On Thu, Mar 29, 2018 at 03:02:52PM +0200, dawid k wrote:
> Here my configuration (client):
> 
> ifconfig tun0:
> tun0  Link encap:UNSPEC  HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>   inet addr:10.29.0.10  P-t-P:10.29.0.9  Mask:255.255.255.255
> 
> bird_ospf.conf (included in bird.conf) :
> 
> protocol ospf myOSPF {
> area 0.0.0.0 {
> interface "tun0" {
> cost 10;
> type ptp;
> stub no; hello 10; transmit delay 5; wait 10; dead
> 40;
> neighbors {
> 10.29.0.1;
> }; }; };

Hi

What do you get from:

ip addr list
birdc show interfaces
birdc show ospf interface
birdc show ospf neighbors
tcpdump -v -s 0  proto ospf -i tun0


Do you have anything interesting in logs?

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."

Re: Cannot connect two ospf-instances over tun-interface

[dawid k]

Here my configuration (client):

ifconfig tun0:
tun0  Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
  inet addr:10.29.0.10  P-t-P:10.29.0.9  Mask:255.255.255.255

bird_ospf.conf (included in bird.conf) :

protocol ospf myOSPF {
area 0.0.0.0 {
interface "tun0" {
cost 10;
type ptp;
stub no; hello 10; transmit delay 5; wait 10; dead
40;
neighbors {
10.29.0.1;
}; }; };

tcpdump -v -XX  proto ospf -i tun0 (confirmation, that hello messages are
sent and received) :


12:59:03.143238 IP (tos 0xc0, ttl 1, id 15765, offset 0, flags [none],
proto OSPF (89), length 64)
 10.29.0.01 > 224.0.0.5: OSPFv2, Hello, length 44
...
12:59:09.157965 IP (tos 0xc0, ttl 1, id 59599, offset 0, flags [none],
proto OSPF (89), length 64)
10.29.0.10 > 224.0.0.5: OSPFv2, Hello, length 44


The server is using similar configuration. It differs only by IP(10.29.0.1)
and router-ID.



2018-03-29 13:37 GMT+02:00 dawid k :

> I'm trying to set up pretty simply configuration consisting of two linux
> machines connected over tun-interface created by OpenVPN.
>
> The VPN-connection is working fine - I can send data over this interface.
> Now I installed bird and configured ospf on both devices. I can see that
> both bird instances are sending hello packets on tun-interface however no
> one of them is getting the message.
>
> I can see with tcpdump, that every device is getting the hello-message.
> However they are not forwarded to bird or bird just ignores them.
>
> I tried my setup over cabel with eth0-interface and everything is working
> fine. Right now every machine is advertising just one example static
> network. I will focus on correct advertising later after I connect those
> two instances.
>
> The tun0 interface is working in type ptp and the netmask is
> 255.255.255.255. Do you have any idea what's wrong?
>
> Thanks for every input, tookie009
>

Cannot connect two ospf-instances over tun-interface

[dawid k]

I'm trying to set up pretty simply configuration consisting of two linux
machines connected over tun-interface created by OpenVPN.

The VPN-connection is working fine - I can send data over this interface.
Now I installed bird and configured ospf on both devices. I can see that
both bird instances are sending hello packets on tun-interface however no
one of them is getting the message.

I can see with tcpdump, that every device is getting the hello-message.
However they are not forwarded to bird or bird just ignores them.

I tried my setup over cabel with eth0-interface and everything is working
fine. Right now every machine is advertising just one example static
network. I will focus on correct advertising later after I connect those
two instances.

The tun0 interface is working in type ptp and the netmask is
255.255.255.255. Do you have any idea what's wrong?

Thanks for every input, tookie009