OSPF6 over IPv6 VTI Tunnel Interfaces



  • Has anyone managed to get dynamic OSPF6 IPv6 routing running over VTI tunnel interfaces? I have a pair of test firewalls running. IPv4 on the WAN, IPv4 and IPv6 on the LAN. IPsec tunnel with VTI interfaces working correctly. Static IPv6 routes work without issue but OSPF6 routing for IPv6 fails to create a neighbour relationship. IPv4 comes straight up without issue. It seems the issue is the VTIv6 gateway is forever in a pending status. Note, this is using RFC4193 address space. Using the FRR routing package. Looks like it could be a potential bug.



  • @Davidkmessenger

    Hi David,

    some months ago i run into a similar problem. It looks like, that all the tunnels (openvpn, ipsec) doesnt provide the Link Local adresses of IPv6. OSPF needs them to work. I think, assigning the RFC4193 Address to the tunnels doesnt help in this case.

    See my findings:
    https://forum.netgate.com/topic/131073/frr-multiple-issues-and-problems

    If anyone can help in this case or has some more knowledge, feel free to post here …



  • @pete35 said in OSPF6 over IPv6 VTI Tunnel Interfaces:

    some months ago i run into a similar problem. It looks like, that all the tunnels (openvpn, ipsec) doesnt provide the Link Local adresses of IPv6. OSPF needs them to work. I think, assigning the RFC4193 Address to the tunnels doesnt help in this case.

    Fire up Wireshark or Packet Capture and see what's actually happening. IIRC, OSPF announces itself via mulitcast. There should also be Neighbour Advertisements advising of the address in general. Do you see those? Also, the tunnels don't provide the link local addresses, the end devices do. However, link local addresses will not be routed. Are there any routers in between? It must be a direct connection between OSPF routers, which could include a tunnel.