• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Static routes vs. OSPF - OSPF not routing to internet

Scheduled Pinned Locked Moved Routing and Multi WAN
2 Posts 1 Posters 709 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • 5
    5mall5nail5
    last edited by Jun 11, 2018, 7:49 PM

    Hi all,

    I am working a setup in my lab using VMware NSX and pfSense and OSPF. I have the routes propagating around within the NSX environment and up to pfSense. I can access the NSX environment (10.250.250.0/24, 10.251.251.0/24, and 10.252.252.0/24) from my main network (192.168.50.0/24) with OSPF enabled, however 10.252.252.0/24 VMs cannot get out to the internet. Traceroute shows the hops, but it's like there's no route back, etc.:

    alt text

    Results in:

    TestTraceRoute:~$ traceroute 8.8.8.8

    traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets

    1 10.252.252.1 (10.251.251.1) 0.237 ms 0.142 ms 1002.258 ms

    2 10.250.250.1 (10.250.250.1) 0.166 ms 0.191 ms 0.185 ms

    3 192.168.250.1 (192.168.250.1) 0.616 ms 0.618 ms 0.598 ms

    4 * * *

    5 * * *

    6 * * *

    7 * * *

    8 * * *...

    Some people have mentioned that there may need to be a source NAT or something. I admit routing is not my forte. If I create static routes on the pfSense firewall for the NSX networks, then everything works as expected:

    alt text

    alt text

    So, in short, is there something that is getting created on pfSense when doing static routes that is not there when using OSPF? I am using Quagga, and the routes for the 10.250.250.0/24, 10.251.251.0/24, and 10.252.252.0/24 networks did make their way to the pfSense and I could reach them from internet networks but they could not reach out to the internet. No ACLs are in place anywhere in the path so that I can get communication working first (any:any rules everywhere and firewalls disabled where possible). So changing JUST static routes fixes the issue... but I want OSPF to handle this obviously.

    Thanks for the help!

    1 Reply Last reply Reply Quote 0
    • 5
      5mall5nail5
      last edited by Jun 11, 2018, 11:13 PM

      Wanted to provide an update to my own thread - after doing research it seems that OSPF will not create an automatic source/outbound NAT. So, it would seem that the "fix" would be to create automatic outbound NAT AND manual (hybrid mode), but this kind of defeats the whole point of OSPF. I could do a summary NAT, but then still, the benefit of OSPF would not be fully realized. Hrm.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received