OpenVPN and ospfd



  • Hi to all,
    first of all, thanks to developers for great product that we can use :)

    I want to ask about problem with openvpn. I want to make two VPN tunnels which will be redundant and run ospfd over it.
    Everything seems to work OK until I change some parameter of openvpn and it needs to reconnect.

    We use 2.3.4-RELEASE-p1 (amd64)

    Seems like some kernel related bug which makes it unable to set IP address on tun interface again.

    From system log:

    
    Sep 4 09:53:46	openvpn	34474	Exiting due to fatal error
    Sep 4 09:53:46	openvpn	34474	FreeBSD ifconfig failed: external program exited with error status: 1
    Sep 4 09:53:46	openvpn	34474	/sbin/ifconfig ovpnc3 172.17.255.10 172.17.255.9 mtu 1400 netmask 255.255.255.255 up
    
    

    runing ifconfig manualy:

    
    /sbin/ifconfig ovpnc3 172.17.255.10 172.17.255.9 mtu 1400 netmask 255.255.255.255 up
    ifconfig: ioctl (SIOCAIFADDR): Address already in use
    
    

    But this IP is not used elsewhere on system.

    Seems that it is some stale route:

    
    route get 172.17.255.9
       route to: 172.17.255.9
    destination: 172.17.255.9
            fib: 0
      interface: ovpnc3
          flags: <up,host,done,pinned>recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
           0         0         0         0      1400         1         0</up,host,done,pinned> 
    

    But it is not possible to delete:

    
     route del 172.17.255.9
    route: writing to routing socket: Address already in use
    del host 172.17.255.9 fib 0: gateway uses the same route
    
    

    Only one way how to make it working again is reboot.

    Thank you for any suggestions.


  • Rebel Alliance Developer Netgate

    You have to add the interface addresses with /32 to the main page of OSPF settings, and mark them as do not redistribute and accept filter.

    I've made that quite a bit better in frr but it's not out for 2.3.4 users just yet. Soon, though.


Log in to reply