Redistribute Connected Networks except WAN
-
Hello everyone,
I recently set up OSPF between a pfSense and a WatchGuard firewall. The pfSense should redistribute all connected networks except the wan. I have an IPSec VTI VPN set up between the two devices.
So I configured the Virtual Tunnel Interface as the point-to-point interface for OSPF.
So second interface I configured in the OSPF Interface settings is the wan Interface with the following option set:
"Interface is Passive Prevent transmission and reception of OSPF packets on this interface. The specified interface will be announced as a stub network."However I still find the WAN subnet of the pfSense on my WatchGuard firewall routes (Gateway is the VTI on the pfSense so it gets routed through the VPN tunnel).
Is there any way to prevent that from happening?
-
A few ways you could try:
Not sure about this option here:
There is an option in pfSense when configuring the OSPF interface called "Prevent routes for this interface subnet or IP address from being distributed by OSPF" (Suggested for Multi-WAN environments). - I've never used it but sounds like it could apply.You can filter OSPF routes -
Under Services > FRR Global/Zebra > Route HandlingCheck
"Do Not Accept", leave "Null Route" blank, enter WAN IP w/subnet and choose the interface.Finally last option is creating a Distribute list:
https://networklessons.com/ospf/ospf-distribute-list-filtering -
USE the Route Map to customize
-
Thanks for the answers!
I created a access list and denied the external address. This is working well so far.
Seems like that there are multiple ways with the same result. -
@n1k friend, I started a little study on top of the FFR, I confess that I am not able to understand the access lists, my environment has VLAN and when configuring the neighbors they receive all the network. Could you give me an example of how you set it up?
Thanks.