• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

NHRP without security - NEED HELP!

Scheduled Pinned Locked Moved FRR
2 Posts 1 Posters 549 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • V
    vahid1980
    last edited by Apr 5, 2022, 9:49 AM

    Hello everyone,
    would someone please help me with this:

    I want to use nhrpd from FRR, to connect to a Cisco network.
    I have an IPv4 network and want to use IPv6 with gre tunnels over IPv4.

    the structure is as below:

    Spoke1 ----- Switch ------Spoke2 (jentoo PC with Frr running)
    |
    HUB

    Spoke1 : Cisco router configured with GRE and NHRP

    HUB: Cisco router:
    IP: 10.179.240.169
    IPV6: 2a02:d20:e8:503::1

    Spoke2 : FRR with below config:

    interface gre1
    description DSL-Payload-v6
    ipv6 address 2a02:d20:e8:503::c/128
    ipv6 nhrp holdtime 60
    ipv6 nhrp map 2a02:d20:e8:503::1 10.179.240.169
    ipv6 nhrp map multicast 10.179.240.169
    ipv6 nhrp network-id 99
    ipv6 nhrp nhs 2a02:d20:e8:503::1 nbma 10.179.240.169
    ipv6 nhrp registration no-unique
    ipv6 nhrp shortcut
    no link-detect
    tunnel source enp3s0
    exit

    also the interfaces on OS:

    enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.201.202 netmask 255.255.252.0 broadcast 192.168.203.255
    inet6 fe80::e8f6:102d:1d27:d0ce prefixlen 64 scopeid 0x20<link>
    ether 40:8d:5c:dd:09:cb txqueuelen 1000 (Ethernet)
    RX packets 31262 bytes 23696880 (22.5 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 22327 bytes 3724978 (3.5 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    the tunnel:

    gre1: flags=81<UP,POINTOPOINT,RUNNING> mtu 1472
    inet6 2a02:d20:e8:503::c prefixlen 128 scopeid 0x0<global>
    unspec 64-40-3C-67-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
    RX packets 2949 bytes 566208 (552.9 KiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 2949 bytes 377472 (368.6 KiB)
    TX errors 62 dropped 0 overruns 0 carrier 62 collisions 0

    gre1: gre/ip remote 10.179.240.169 local 100.64.60.103 ttl 64 key 503

    logs:

    2022/04/05 11:14:09 NHRP: [KHACV-6YE92] Send Registration-Request(3) 2a02:d20:e8:503::c -> 2a02:d20:e8:503::1
    2022/04/05 11:14:09 NHRP: [WSA6E-5GM0H] PACKET: Send 100.64.60.103 -> 10.179.240.169

    Wireshark says:
    Linux cooked capture v1
    Next Hop Resolution Protocol (NHRP Registration Reply)

    0000 00 01 86 dd 00 00 00 00 00 ff 00 c0 b0 3f 00 6c
    0010 01 04 04 00 10 10 80 02 00 00 00 01 64 40 3c 67
    0020 2a 02 0d 20 00 e8 05 03 00 00 00 00 00 00 00 0c
    0030 2a 02 0d 20 00 e8 05 03 00 00 00 00 00 00 00 01
    0040 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00
    0050 26 f4 00 3c 00 00 10 00 fe 80 00 00 00 00 00 00
    0060 be e7 12 ff fe 41 53 80 0a b3 f0 a9 80 04 00 00
    0070 80 05 00 00 80 03 00 20 00 00 00 00 26 f4 00 3c
    0080 04 00 10 ff 0a b3 f0 a9 2a 02 0d 20 00 e8 05 03
    0090 00 00 00 00 00 00 00 01 00 09 00 20 00 80 00 00
    00a0 00 00 00 00 04 00 10 00 0a b3 f0 a9 2a 02 0d 20
    00b0 00 e8 05 03 00 00 00 00 00 00 00 01 80 00 00 00

    on the HUB we can see both request and reply.
    and IPv4 networks also works.

    The Problem:
    the spoke1 can ping HUB through the tunnel, but on the Frr we cannot!

    is this structure correct? should it work or we need different configuration?

    Some more info:
    I looked into the code and it fails in function:
    os_recvmsg(uint8_t *buf, size_t *len, int *ifindex, uint8_t *addr,
    size_t *addrlen)

    the addrlen should be 4 and it is 0 instead!!

    the value of sockaddr_ll :

    lladdr.sll_addr[] -> all zero ------------> this leads to addrlen be 0 later
    lladdr.sll_family -> 0x11
    lladdr.sll_protocol -> 0x120
    lladdr.sll_ifindex -> 0x1a
    lladdr.sll_hatype -> 0x30a
    lladdr.sll_pkttype -> 0
    lladdr.sll_halen -> 0
    *addrlen -> 40

    1 Reply Last reply Reply Quote 0
    • V
      vahid1980
      last edited by Apr 7, 2022, 9:48 AM

      My problem solved, the problem was with filters in ip6tables

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received