Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OSPF : Manually inject a route

    Scheduled Pinned Locked Moved Routing and Multi WAN
    8 Posts 3 Posters 4.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jbfuzier
      last edited by

      Hi,

      I am having some trouble advertising an openvpn subnet through OSPF.

      In the "Interface Settings" tab, I add my openvpn interface so that the subnet gets advertised but instead of my whole /24 subnet, only the /32 ip of the server gets advertised :

      
    Link connected to: Stub Network
     (Link ID) Net: 10.10.13.2
     (Link Data) Network Mask: 255.255.255.255
      Number of TOS metrics: 0
       TOS 0 Metric: 10

      As a fix, I tried to inject my 10.10.13.0/24 route manually in "Global Settings", "Subnet to route" but the result is the same (even after removing the openvpn interface from the "Interface Settings" tab)

      Then, I tried to inject a dummy route in "Global Settings", "Subnet to route" as a result the route is not even advertised.
      It seems like Quagga is only advertising routes if it can find an interface with the exact same subnet configured, because if I add a subnet for which I have an interface it gets advertised.

      It does not make sense to me, I should be able to advertise any subnet I want, right ?

      Some examples :

      
router ospf
  ospf router-id 10.10.10.1
  area 0.0.0.0 stub
...
  network 10.10.13.0/24 area 0.0.0.0
; > 10.10.13.2/32 gets advetised not the /24


      
router ospf
  ospf router-id 10.10.10.1
  area 0.0.0.0 stub
...
  network 192.168.1.0/24 area 0.0.0.0
  network 192.168.2.0/24 area 0.0.0.0
; > lets assume I have an interface with 192.168.1.0/24, the subnet gets advertised, but I have no interface on 192.168.2.0/24 so this is not advertised
      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        If the interface is a /32 you might need to tell it to summarize anything in the /24 into the /24.

        I believe you have to have the routes being summarized in a different OSPF area.  Then you should be able to tell it to summarize the routes into a /24 for insertion into area 0.

        This help? :

        http://www.nongnu.org/quagga/docs/docs-multi/OSPF-area.html

        Installing Quagga OSPF has been on my list of things to do.  Sorry.  No first hand experience.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • J
          jbfuzier
          last edited by

          I am in a very basic single area OSPF structure.

          Regarding the openvpn related issue I found a post from jimp describing sometinq quite similar (https://forum.pfsense.org/index.php?topic=52236.msg279764#msg279764).

          He suggested a workaround by using manual subnet but in my case the subnet I add manually does not get distributed at all. The manual subnet not beeing redistributed is the main issue I am facing (using this as a workaround is fine for me).

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            distributing subnets works fine for me …. i do it all the time.

            do you get full neighbour link? (```
            10.0.0.1          1 Full/DROther      39.030s 192.168.222.2  ovpns5:192.168.0.1    0    0    0

            
could you post a censored output of quagga-status & raw config ? I'm by no means an expert, but i can compare with my setups
            1 Reply Last reply Reply Quote 0
            • J
              jbfuzier
              last edited by

              Yes I get a full relation between both neighbors

              From one of my router (192.168.92.1) :

              
 Neighbor ID Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
192.168.38.202    1 Full/DR           33.572s 172.16.16.9     ovpnc4:172.16.16.10      0     0     0
10.10.10.1        1 Full/DR           34.891s 172.16.16.1     ovpnc5:172.16.16.2       0     0     0


              
       OSPF Router with ID (192.168.92.1)

                Router Link States (Area 0.0.0.0 [Stub])

Link ID         ADV Router      Age  Seq#       CkSum  Link count
10.10.10.1      10.10.10.1       476 0x80000060 0xb634 6
192.168.38.202  192.168.38.202   187 0x80000062 0x6faa 3
192.168.92.1    192.168.92.1     186 0x80000064 0x166c 4

                Net Link States (Area 0.0.0.0 [Stub])

Link ID         ADV Router      Age  Seq#       CkSum
172.16.16.1     10.10.10.1        96 0x8000002f 0xe37a
172.16.16.5     10.10.10.1      1277 0x8000002f 0x04c2
172.16.16.9     192.168.38.202   357 0x80000030 0x835b


                    OSPF Router with ID (192.168.92.1)

                Router Link States (Area 0.0.0.0 [Stub])

  LS age: 476
  Options: 0x0  : *|-|-|-|-|-|-|*
  LS Flags: 0x6  
  Flags: 0x0
  LS Type: router-LSA
  Link State ID: 10.10.10.1
  Advertising Router: 10.10.10.1
  LS Seq Number: 80000060
  Checksum: 0xb634
  Length: 96
   Number of Links: 6

    Link connected to: Stub Network
     (Link ID) Net: 10.10.13.2
     (Link Data) Network Mask: 255.255.255.255
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: Stub Network
     (Link ID) Net: 10.10.12.130
     (Link Data) Network Mask: 255.255.255.255
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 172.16.16.1
     (Link Data) Router Interface address: 172.16.16.1
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 172.16.16.5
     (Link Data) Router Interface address: 172.16.16.5
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: Stub Network
     (Link ID) Net: 10.10.10.0
     (Link Data) Network Mask: 255.255.255.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: Stub Network
     (Link ID) Net: 10.10.11.0
     (Link Data) Network Mask: 255.255.255.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10

  LS age: 187
  Options: 0x0  : *|-|-|-|-|-|-|*
  LS Flags: 0x6  
  Flags: 0x0
  LS Type: router-LSA
  Link State ID: 192.168.38.202
  Advertising Router: 192.168.38.202
  LS Seq Number: 80000062
  Checksum: 0x6faa
  Length: 60
   Number of Links: 3

    Link connected to: Stub Network
     (Link ID) Net: 192.168.38.0
     (Link Data) Network Mask: 255.255.255.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 172.16.16.5
     (Link Data) Router Interface address: 172.16.16.6
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 172.16.16.9
     (Link Data) Router Interface address: 172.16.16.9
      Number of TOS metrics: 0
       TOS 0 Metric: 19

  LS age: 186
  Options: 0x0  : *|-|-|-|-|-|-|*
  LS Flags: 0x3  
  Flags: 0x0
  LS Type: router-LSA
  Link State ID: 192.168.92.1
  Advertising Router: 192.168.92.1
  LS Seq Number: 80000064
  Checksum: 0x166c
  Length: 72
   Number of Links: 4

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 172.16.16.9
     (Link Data) Router Interface address: 172.16.16.10
      Number of TOS metrics: 0
       TOS 0 Metric: 19

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 172.16.16.1
     (Link Data) Router Interface address: 172.16.16.2
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: Stub Network
     (Link ID) Net: 192.168.92.0
     (Link Data) Network Mask: 255.255.255.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: Stub Network
     (Link ID) Net: 192.168.10.0
     (Link Data) Network Mask: 255.255.255.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10


              ============ OSPF network routing table ============
N    10.10.10.0/24         [20] area: 0.0.0.0
                           via 172.16.16.1, ovpnc5
N    10.10.11.0/24         [20] area: 0.0.0.0
                           via 172.16.16.1, ovpnc5
N    10.10.12.130/32       [20] area: 0.0.0.0
                           via 172.16.16.1, ovpnc5
N    10.10.13.2/32         [20] area: 0.0.0.0
                           via 172.16.16.1, ovpnc5
N    172.16.16.0/30        [10] area: 0.0.0.0
                           directly attached to ovpnc5
N    172.16.16.4/30        [20] area: 0.0.0.0
                           via 172.16.16.1, ovpnc5
N    172.16.16.8/30        [19] area: 0.0.0.0
                           directly attached to ovpnc4
N    192.168.10.0/24       [10] area: 0.0.0.0
                           directly attached to vtnet1
N    192.168.38.0/24       [29] area: 0.0.0.0
                           via 172.16.16.9, ovpnc4
N    192.168.92.0/24       [10] area: 0.0.0.0
                           directly attached to vtnet0

============ OSPF router routing table =============

============ OSPF external routing table ===========

              Config of 192.168.92.1 :

              interface ovpnc4
  ip ospf cost 19
interface vtnet0
interface ovpnc5
  ip ospf cost 10

router ospf
  ospf router-id 192.168.92.1
  area 0.0.0.0 stub
  redistribute static
  passive-interface vtnet0
  network 172.16.16.8/30 area 0.0.0.0
  network 192.168.92.0/24 area 0.0.0.0
  network 172.16.16.0/30 area 0.0.0.0
  network 192.168.10.0/24 area 0.0.0.0
  network 192.168.93.0/24 area 0.0.0.0

              Both 192.168.10.0/24 and 192.168.93.0/24 are configured to be manually announced. But only 192.168.10.0/24 is actually announced.

              The only difference between those two subnets is that I have an interface configured with the subnet 192.168.10.0/24 (vtnet1) on my 192.168.92.1 router whereas I have not got any interface on the subnet 192.168.93.0/24 that I am trying to announce.

              1 Reply Last reply Reply Quote 0
              • H
                heper
                last edited by

                Disclaimer: use at your own risk …
                in that scenario i think you'd need to either:

                a) 'redistribute kernel routes' (if you have it as a static route configured in pfsense)  … do note that this will also redistribute your default route / monitor ip's / ... / ... ( you could restrict them by adding them to 'disable acceptance')

                b) use zebra to fabricate a route for you by entering a route in 'raw config'-->zebra.conf--> for example: ip route 192.168.93.0/24 em8    <–- then you have to enable 'redistribute static'

                I quickly tried option b  between home <–> work and it seemed to distribute fine

                1 Reply Last reply Reply Quote 0
                • J
                  jbfuzier
                  last edited by

                  Thanks, I tried your solution b (I am trying to inject 192.168.39.0/24 and 192.168.40.0/24)

                  My zebra.conf :

                  
ip route 192.168.39.0/24 em0
ip route 192.168.40.0/24 em1

                  I can see the static route in "Quagga Zebra Routes" but neither in Quagga OSPF Routes nor in the advertised LSA… :(
                  Which version of pfsense/quagga are you using ?

                  Thanks

                  --

                  
interface ovpns2
  ip ospf cost 19
interface em0
interface ovpnc3
  ip ospf cost 10
router ospf
  ospf router-id 192.168.38.202
  area 0.0.0.0 stub
  redistribute static
  passive-interface em0
  network 172.16.16.8/30 area 0.0.0.0
  network 192.168.38.0/24 area 0.0.0.0
  network 172.16.16.4/30 area 0.0.0.0
  network 192.168.39.0/24 area 0.0.0.0


                  
Quagga Zebra Routes

Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, A - Babel,
       > - selected route, * - FIB route

K>* 0.0.0.0/0 via 192.168.38.1, em0
C>* 127.0.0.0/8 is directly connected, lo0
O   172.16.16.4/30 [110/10] is directly connected, ovpnc3, 00:00:06
C>* 172.16.16.4/30 is directly connected, ovpnc3
O   172.16.16.8/30 [110/19] is directly connected, ovpns2, 00:00:06
C>* 172.16.16.8/30 is directly connected, ovpns2
O   192.168.38.0/24 [110/10] is directly connected, em0, 00:00:06
C>* 192.168.38.0/24 is directly connected, em0
S>  192.168.39.0/24 [1/0] is directly connected, em0
S   192.168.40.0/24 [1/0] is directly connected, em1 inactive


                  Quagga OSPF Routes

============ OSPF network routing table ============
N    10.10.10.0/24         [20] area: 0.0.0.0
                           via 172.16.16.5, ovpnc3
N    10.10.11.0/24         [20] area: 0.0.0.0
                           via 172.16.16.5, ovpnc3
N    10.10.12.130/32       [20] area: 0.0.0.0
                           via 172.16.16.5, ovpnc3
N    10.10.13.2/32         [20] area: 0.0.0.0
                           via 172.16.16.5, ovpnc3
N    172.16.16.0/30        [20] area: 0.0.0.0
                           via 172.16.16.5, ovpnc3
N    172.16.16.4/30        [10] area: 0.0.0.0
                           directly attached to ovpnc3
N    172.16.16.8/30        [19] area: 0.0.0.0
                           directly attached to ovpns2
N    192.168.10.0/24       [29] area: 0.0.0.0
                           via 172.16.16.10, ovpns2
N    192.168.38.0/24       [10] area: 0.0.0.0
                           directly attached to em0
N    192.168.92.0/24       [29] area: 0.0.0.0
                           via 172.16.16.10, ovpns2

============ OSPF router routing table =============

============ OSPF external routing table ===========


                    LS age: 276
  Options: 0x0  : *|-|-|-|-|-|-|*
  LS Flags: 0x3  
  Flags: 0x0
  LS Type: router-LSA
  Link State ID: 192.168.38.202 
  Advertising Router: 192.168.38.202
  LS Seq Number: 80000193
  Checksum: 0x2cba
  Length: 60
   Number of Links: 3

    Link connected to: Stub Network
     (Link ID) Net: 192.168.38.0
     (Link Data) Network Mask: 255.255.255.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 172.16.16.5
     (Link Data) Router Interface address: 172.16.16.6
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 172.16.16.10
     (Link Data) Router Interface address: 172.16.16.9
      Number of TOS metrics: 0
       TOS 0 Metric: 19
                  1 Reply Last reply Reply Quote 0
                  • H
                    heper
                    last edited by

                    pfsense 2.2 one end <–> 2.1.4 other end of openvpn tunnel.
                    quagga: Installed: 0.99.22.3.1_2 v0.6.2 <-- not all that much has changed in functionality lately (i think).

                    what i did notice was some weirdness on the quagga 'status' page on the pfsense that was injecting the routes ( Quagga Zebra Routes = empty) ... but the receiving end added the route automagically, and everything keeps working ;)

                    injector quagga config:

                    
Quagga ospfd.conf

# This file was created by the pfSense package manager.  Do not edit!

password xxxxx
log syslog
interface ovpnc1
  ip ospf cost 100

router ospf
  ospf router-id 10.0.0.1
  redistribute static
  network 192.168.222.0/30 area 0.0.0.1
  network 192.168.226.0/24 area 0.0.0.1
  network 10.0.0.0/24 area 0.0.0.1

                    Quagga zebra.conf

                    
ip route 192.168.213.0/24 lo0

                    Quagga OSPF Database on inject side

                    
       OSPF Router with ID (10.0.0.1)

                Router Link States (Area 0.0.0.1)

Link ID         ADV Router      Age  Seq#       CkSum  Link count
10.0.0.1        10.0.0.1           3 0x800013d7 0xd3cf 3
10.10.10.1      10.10.10.1        98 0x8000be71 0x1f18 11
10.20.10.1      10.20.10.1       776 0x80007af9 0x447c 10
10.30.10.1      10.30.10.1      1246 0x8000049f 0xd60d 5

                AS External Link States

Link ID         ADV Router      Age  Seq#       CkSum  Route
192.168.213.0   10.0.0.1           3 0x80000002 0x670c E2 192.168.213.0/24 [0x0]

                    Quagga OSPF Database on receiving end

                    
       OSPF Router with ID (10.10.10.1)

                Router Link States (Area 0.0.0.1)

Link ID         ADV Router      Age  Seq#       CkSum  Link count
10.0.0.1        10.0.0.1         233 0x800013d8 0xd1d0 3
10.10.10.1      10.10.10.1       268 0x8000be72 0xdbed 12
10.20.10.1      10.20.10.1      1041 0x80007af9 0x447c 10
10.30.10.1      10.30.10.1      1511 0x8000049f 0xd60d 5

                AS External Link States

Link ID         ADV Router      Age  Seq#       CkSum  Route
192.168.213.0   10.0.0.1         268 0x80000002 0x670c E2 192.168.213.0/24 [0x0]
                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.