Quagga OSPF help for a beginner
-
Hello,
actually i'm trying to build a test-setup with 2 sites connected via 2 OpenVPN Peer to Peer connections and implement the routing via quagga OSPF for the DUAL-WAN-Failover possibility
for your info: i'm a complete beginner in ospf and would hope that someone could help me out for my first test-scenariosite "pfs-wien" has 2 WANs and 1 subnet, site "pfs-rat" has 1 WAN und 2 subnets
see attachmnent visio.pngthe two openvpn connections are working perfect, no automatic routes are entered so this shouldn't get to a problem
as you can see i have filled out the ospf section like in the pictures global.png and interface.png
unfortunately i haven't found any guide for a newb like me how i should start, so i just did like i thought it could be righton the ospf status page and the firewall logs i can see that both ospf sites see and talk with each other and i get the right routing information in the ospf zone and the routing-table of the system (see attachment routing.png)
but if i start a tracert to the other site it ends in going out through the wan interface, only if i trace the openvpn-tunnel adapter of the other site the routing works, but not with another client or even the lan-interface of the other siteadditionaly i get on the site pfs-rat (openvpn client) after about 15 to 20 minutes the following error code in the system log
ospfd[53865]: *** sendmsg in ospf_write failed to 224.0.0.5, id 0, off 0, len 64, interface vr0, mtu 1500: No buffer space available
after a reboot of the alix 2d13 box the message disappears again for the next 15-20 minutes
please help me, i tried to get it done the last 2 days by myself but at the moment i'm really lost
thanks in advance!
-
1st … do you got normal traffic through OpenVPN tunnel like ping/connections between firewalls ? This is my problem when trying to bridge two networks ^^
Then you must open traffic on OpenVPN Interfaces for OSPF hosts, too... not only your needed networks but also the 2 broadcast IPs for OSPF 224.0.0.5 and 224.0.0.6 (and all your source firewall IPs for secuity even if doubled defined).
Bests
Reiner
-
Hello,
if i do the routing without ospf and only via placing the route in openvpn the connection/routing works perfect, i tried it also with this suggestion (http://forum.pfsense.org/index.php/topic,32429.msg167573.html#msg167573) but in the next step i will have 2 WANs on every site so this won't work anymore, thats the reason why i would love to do it with ospf
in the attachment firewall.png you can see my firewall rules from one site, the other one is the same vice-versa
supplementary i log every blocked packet to see if i forgot something but there is nothing leftand as you can see in the tracert.png, if i tracert the openvpn address from the other site the routing works, only if i try to access the lan-address the routing goes crazy and trys it over the wan
and thats something i can't unterstand cause in the routing table the route to 192.168.176.64/27 is registeredthanks
-
Hi,
seems that this it the problem from this thread as I and perhaps also you go in…
http://forum.pfsense.org/index.php/topic,60231.0.html
=> http://redmine.pfsense.org/issues/2712I also found my OpenVPN Network not over my defined interface:
BRIDGE_OPENVPN (opt32) -> ovpns5 -> 172.16.4.1but on my local network (in our case it's a WLAN bridge ^^)
[2.0.3-RELEASE][root@fw1.jws1.local]/root(1): route -n get 172.16.4.2
route to: 172.16.4.2
destination: 172.16.4.0
mask: 255.255.255.0
interface: lagg1_vlan6
flags: <up,done>recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1500 1 0Because OSPF already knew the route (and perhaps I also get OSPF crashes when restarting the OpenVPN tunnel):
============ OSPF network routing table ============
N 172.16.4.0/24 [20] area: 192.168.6.0
via 192.168.6.12, lagg1_vlan6
N 192.168.6.0/25 [10] area: 192.168.6.0
directly attached to lagg1_vlan6mmh, there is also a patch for testing offered:
http://forum.pfsense.org/index.php/topic,60231.msg331739.html#msg331739but better to test it with no live machines … the patch perhaps did not work as expected and my patch test said "no reversable"</up,done>
-
so… patched look good but have a little bug but would be working if fix is done ;) => other thread
-
sorry for my late response, but i have figured out where my problem was
on the site with the 2 wans i made a gateway-group and set this on the default-lan to everywhere rule as gateway, as soon as i changed it back to the default gateway preference all worksand the no buffer space available error appeared because on this interface was nothing plugged in
at the moment at least a switch was connected it disappeared -
@rengiared:
sorry for my late response, but i have figured out where my problem was
on the site with the 2 wans i made a gateway-group and set this on the default-lan to everywhere rule as gateway, as soon as i changed it back to the default gateway preference all worksthen you can fix it easy
we setup a "private" alias with all internal networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16) and set on each LAN a first "external" route:
allow any any to !private any over gateway group (with traffic limiter)