OpenVPN + quagga OSPF Need some help
-
OR you messed up something while tinkering and zebra with opsf now running with other password, or they just are dead.
If you can - rebuild ospf configuration from scratch, with package remove/reinstall. -
Config looks fine for me.
-
Well, it found a neighbor, so it works.
BUT if you still unable to get diag info - you better rebuild it, to be able to see what's going on.
You got same problem on second router? -
I have ospfd/zebra running on pfs from ~2.1.3 to 2.3.1, all show diag without problems.
Jun 21 16:22:00 ospfd 1267 nsm_change_state(192.168.1.1, Loading -> Full): scheduling new router-LSA origination
Jun 21 16:22:01 ospfd 1267 SPF Processing Time(usecs): External Routes: 6
Jun 21 16:22:14 ospfd 1267 nsm_change_state(192.168.1.1, Full -> Init): scheduling new router-LSA origination
Jun 21 16:22:14 ospfd 1267 SPF: Scheduled in 0 msec
Jun 21 16:22:15 ospfd 1267 SPF Processing Time(usecs): External Routes: 10
Jun 21 16:22:23 ospfd 1267 Packet[DD]: Neighbor 192.168.1.1: Initial DBD from Slave, ignoring.
Jun 21 16:22:23 ospfd 1267 Packet[DD]: Neighbor 192.168.1.1 Negotiation done (Master).
Jun 21 16:22:23 ospfd 1267 nsm_change_state(192.168.1.1, Exchange -> Full): scheduling new router-LSA originationYep, it works. If you defined local/remote networks in OpenVPN configuration - you can remove them now and have routes pushed from ospfd.
But still - without status info available you are swimming blindfolded. You can still get this info from shell but wouldn't call that comfortable.
-
Oddly, all my settings where still remembered
They are stored in config.xml of pfSense.
Do you see status info after rebuild? If yes, in "Quagga OSPF Neighbors" you should see Router ID of other router.
And most important for you is "Quagga Zebra Routes", there should be routes (prepended by O>) to your LAN on other router.
OpenVPN links are directly connected, so their networks would show up anyway. -
…
Rebuild both pfSenses from scratch?
Or learn how to get info from shell. -
Not quite.
Tunnel network is necessary for tunnel to function, so you should not remove it.
But remote and local networks could be removed (and better be, because they will override OSPF routing).
Key point to understand - after both of your OSPF routers paired - they should have information WHICH networks to announce.
In your case you provided this info through config:
interface igb0
network 192.168.1.0/24 area 0.0.0.0 -
- Show your Zebra routes and system routing table
- Check firewall rules on OpenVPN tab - better have ANY to ANY until you got it working.
- If you have 2 openvpn connections between 2 routers - you will have troubles. Adjust cost for tunnels, so then they are both live - one would be preffered.
-
Please, draw a network scheme (with interface names and ip/subnets).
-
Well, it is clear now.
You write:The other night I was able to disconnect the main WAN (Charter) in the main office and was able to ping over to the remote office.
However, I was not able to ping from the remote office back to the main office.But if you look at routing table at branch, you will see
K>* 192.168.1.0/24 via 192.168.88.1, ovpnc1
So remote office still thinks what it should send packets to main office through OpenVPN tunnel which terminates at Charter.
Also, K> says what this route did not came from OSPF (though O 192.168.1.0/24 [110/20] via 192.168.88.1, ovpnc1, 14:29:15 tells OSPF thinks same).If you haven't statically assign route in 192.168.88.0 tunnel, than you can try to enable "Don't pull routes" on VPN configuration.
I have exactly same situation sometimes, but I didn't found the perfect solution, nor cause. Default configuration for OpenVPN contains ping-restart directive, which should reset OpenVPN tunnel in case of lost connection (and drop assigned routes in process), but this doesn't happen.
Can you create a thread in VPN board, citing your last two posts and this one? Maybe someone could help both us…
-
Can anyone suggest where I get help with this problem? I really need this to get fixed. Different forum?