Ospf Setup



  • Hello,

    Have been trying to get ospf running on my pfsense box,  need to get it to talk to some other routers and ideally propagate a default route to them.

    Anyway started by downloading openospfd package:

    ssh admin@pfsense

    pkg_add ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/net/openospfd-4.0.3.tbz

    (this downloaded and installed ospfd also the libevent-1.4.6 package)

    Created /usr/local/etc/ospfd.conf
    router-id 1.2.3.4
    area 0.0.0.0 {
        interface sk0
    }

    chmod 600 /usr/local/etc/ospfd.conf

    /usr/local/sbin/ospfd -n -v

    …checks and outputs config file

    /usr/local/sbin/ospfd

    ...starts ospfd for real

    /usr/local/sbin/ospfctl show summary

    ..shows ospf is running plus summary info

    /usr/local/sbin/ospfctl show neighbor

    ...shows connected to other routers

    netstat -nr

    ...shows that routes provided by other routers have been added correctly

    Now i am stuck.  Need to set it so ospfd is automatically started on reboot and so that pfsense doesnt wipe it on upgrade.  Can anyone help me?

    Also after that have to get it to propagate the default route correctly, and also possibly so that the routing will work for pptp users that are connecting to the pfsense box.

    Pfsense has been working great for us, if can just get ospf working it will be perfect.  Thanks in advance for any assistance.



  • Well you need a script in /usr/local/etc/rc.d but the package should place it in there by default it just needs to end in '.sh'.

    Otherwise it should start correctly even on upgrades though don't quote me on that.

    For pptp i am not sure what you want to do?



  • @ermal:

    Well you need a script in /usr/local/etc/rc.d but the package should place it in there by default it just needs to end in '.sh'.

    Otherwise it should start correctly even on upgrades though don't quote me on that.

    Thanks for the reply!  Sorry for the delay responding have only been able to work on this after hours.

    The pkg_add openospfd installed a file openospfd in /etc/local/etc/rc.d i renamed this openospf.sh, i had to add a line:
    openospfd_enable="YES"
    to the file to get it to start(i think this should probably be set somewhere else but could not figure out where).

    So now it starts on reboot which is great.  Unfortunately it keeps dying, leaving this message in system.log:
    ospfd: fatal in rde: unknown event

    I was going to try and get  pfsense to propagate a default route to the other routers so that they could find the internet.  I think if i add a "redistribute default" to my config it will do that.  Perhaps also as alternative if the default route wont work, this is mainly for web use as a proxy am trying to figure out if could somehow get WCCP going on the routers to direct to the pfsense box running squid.

    Remote users are coming in over pptp, somehow the other routers will need to know to route to and from the pptp subnet.  So was trying to get ospfd to tell everyone else that this subnet was available.  The pptp users seem to have an interface each ie ng0-ng15, just wasnt sure how to advertise this.  I guess if it gets set up with the pfsense as the default route dont really need to worry about this.



  • can you draw a schematic or something more clear?

    Yuo can get WCCP support on pfSense too just not from the GUI in 1.2.



  • @ermal:

    can you draw a schematic or something more clear?

    Ok trying in ascii art:

    
    pptp user 0  –---- ng0   | ---------|
    pptp user 0  ------ ng1   |  pfsense |sk0 ---/ /---| router 1 |
    ...                       |          |          |
    pptp user 0  ------ ng15  | -------- |            /---| router 2 |
    
    

    There are a bunch of other routers behind router1 and router2 connecting up different networks.  The routers talk via ospf to get a network map.  The pptp users usually have pfsense as their default route, so connect to computers on the network pfsense needs a copy of the network map.  Hence me trying to get openospf going.

    The routers need to know the pptp users are there, so figured there were 2 possibilities.

    1. Have pfsense broadcast on ospf that it was the default route.  This might me cause me problems in some of the other routers which are working over a VPN and already have a default route set.
    2. Have pfsense communicate either a static type route for all the pptp users or some kind of dynamic route only activates when the pptp user came online.

    @ermal:

    Yuo can get WCCP support on pfSense too just not from the GUI in 1.2.

    Ok cool, think will need help getting this figured out, should i take this question to another forum?



  • How long before the ospf process dies?  I've had it running for quite a bit without too much of a problem.  Also, what is it forming adjacencies with? 
    Could you do a debug on the network gear and see what it outputs when the process dies?

    nb



  • I'm finally seeing the behavior you describe with openospfd 4.0_3 and not on the openospfd that comes with openbsd 4.3.  It could, however be that I only had an ACL allowing the all-routers mcast group (224.0.0.5) and not 224.0.0.6 which ospf designated routers use to communicate.  I've allowed the 224.0.0.6 group and will wait to see if the behavior reemerges.  If it does I'm going to try the newest openospfd under FreeBSD and go from there.



  • Hello Again

    Have resurrected my old thread to try again with the newest pfsense 1.2.3RC1.  Followed roughly the same procedure as before:

    ssh admin@pfsense

    pkg_add ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.1-release/net/openospfd-4.0_3.tbz

    (According to uname, pfsense is based on freebsd 7.1, so downloaded package from there, as before also installed libevent-1.4.7)

    Created simple config file /usr/local/etc/ospfd.conf

    cat /usr/local/etc/ospfd.conf

    router-id: 1.2.3.4
    area 0.0.0.0 {
        interface sk0
    }
    (above should just listen on interface sk0 and add routes provided by the other routers)

    chmod 600 /usr/local/etc/ospfd.conf

    /usr/local/sbin/ospfd -n -v

    (check config)

    /usr/local/sbin/ospfd

    (start ospfd)

    This worked great for almost an hour, according to 'ospfctl show neighbor' is forming full adjacencies with the 2 other routers(cisco 1841 and a mikrotik wireless router) then in the system log:
    ospfd[XXXX] fatal in ospfe: unknown event
    ospfd[XXXX] fatal in rde: pipe closed
    ospfd[XXXX] fatal in parent: pipe closed

    Have created a watchdog script to run every 5mins to check on ospfd, not sure if that is the right thing to do given above circumstances.

    Not sure were to go now, can enable debugging in ospfd, maybe somewhere else as well?  Looked in filter.log seemed to be doing stuff on mcast 224.0.0.5 which was passed, could not see anything blocked or passed for mcast 224.0.0.6 though.



  • Ok got it working….there is a bug in either libevent or ospfd where it receives an unexpected event(maybe some kind of timeout or interrupt) and the process aborts.

    Tried updateing ospfd(version 4.2) from the freebsd 7.2 distribution, but this showed similar results, where the process would abort after a certain time(varied between right on start up to a couple of hours at most).

    Anyway the version of openospfd from freebsd 8 works fine!  Not sure if the patch was to openospfd or libevent as both have been updated.

    Anyway to setup openospfd from scratch on pfsense:
    ssh admin@pfsense

    pkg_add ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-current/net/openospfd-4.3.tbz

    (this also installed libevent-1.4.10)

    Created simple config file /usr/local/etc/ospfd.conf

    cat /usr/local/etc/ospfd.conf

    router-id: 1.2.3.4
    area 0.0.0.0 {
        interface sk0
    }
    (above should just listen on interface sk0 and add routes provided by the other routers)

    chmod 600 /usr/local/etc/ospfd.conf

    /usr/local/sbin/ospfd -n -v

    (check config)

    /usr/local/sbin/ospfd

    (start ospfd)

    mv /usr/local/etc/rc.d/openospfd /usr/local/etc/rc.d/openospfd.sh

    vi /usr/local/etc/rc.d/openospfd.sh <-- add line openospfd_enable="YES"

    And everything seems to work ok.... :)

    Here is the man page for ospfd.conf: http://www.rootr.net/man/man/ospfd.conf/5



  • This worked for me. Thanks!



  • Hey guys, a friend wrote this script to restart the ospf daemons on our routers. We find that it randomly loses link with the quagga router that is at the hub of our network.

    Anyway, we saved it to somewhere like "/root/ospfd_watchdog", and run it with Cron like this:

    */2   	 *   	 *   	 *   	 *   	 root   	 /usr/local/bin/php -q /root/ospfd_watchdog
    

    And the script:

    
    $proccount = trim(`pgrep ospfd |wc -l`);
    if ($proccount < 3) {
                    `killall ospfd`;
                    `/usr/local/sbin/ospfd`;
                    `logger Not enough ospfd processes, restarted ospfd`;
    }
    $neighborcount = trim(`/usr/local/sbin/ospfctl show neighbor |grep 172.16 |grep -v DOWN |wc -l`);
    if ($neighborcount==0) { 
                    `killall ospfd`; 
                    `/usr/local/sbin/ospfd`;
                    `logger Neighbor check did not find 172.16, restarted ospfd`;
    }
    
    ?>
    
    

    I couldn't get it to run under the PHPService, if someone figures out how, please reply to the thread.



  • When using the freebsd 8 openospfd 4.3, I found it necessary to symlink a library file to get it to run under 1.2.3-RC3 9/21/09 build.

    ln -s /lib/libmd.so.4 /lib/libmd.so.5

    And that was the final trick to get openospfd 4.3 to run smoothly without issue.

    The 4.2 version did indeed cause the "ospfe: unknown error" issue. 4.3 solved it but needed the symlink for the lib file to complete the solution.

    Now the real fun part begins.

    Quagga's OSPFD uses Cisco like "network" statements to match prefixes/inverse masks to determine which interfaces to include in OSPF areas.

    OpenOSPFd uses a specific interface name declaration in the area statement of ospfd.conf.

    So, if say an open vpn "tun" interface now "appears", it would seem I would have to add "tun" to the area statement in ospfd.conf file manually, where quagga's ospfd would include it on the fly as long as it matches a "network" statement with a matching area for that network.

    Ordinarily, I would use Quagga's OSPF instead since Im partial to Cisco, but, I couldnt get Quagga's OSPFD to update the pfsense kernel routing table. After fussing with it for 2 hours, combing google to no avail, I fell back and figured out openospfd.

    Anyone else have this issue?


Log in to reply