OSFP distributing routes just using Access Lists, not bothering with interfaces (expect the VTi ones...)

  • Am I doing this right? It works great, but I'm not using route maps at all.
    I hope it's a valid way of doing things. It's making for a very straight forward and simpler FRR OSFP config.

    It's working perfectly, only distributing kernel routes that I specify in the KERNELallowALC access list and only distributing connected networks listed in the CONNECTallowACL list, plus my OpenVPN network is distributed using an FRR static route.

    I'd like anyone knowledgeable to comment if what I'm doing it valid or invalid.

    If it's valid (it is working great) then it's a good guide for anyone else who might find it useful....


    Services > FRR > OSPF > OSPF Settings
    OSFP Route Distribution.PNG

    OSFP Access Lists.PNG
    OSFP Kernel ACL.PNG
    OSFP Connect ACL.PNG

    These are just the WAN1 and WAN2 VTi interfaces, WAN1 preferred
    OSFP interfaces.PNG
    OSFP Global settings.PNG

  • Rebel Alliance Developer Netgate

    Looks OK to me. Depending on the number of networks you have, and how they are arranged, it might be easier setting up multiple areas and summary routes. Though if what you have is working wel for you, then it's fine.

  • Thanks, I'm happy that it's quite a simple setup, one set of ACL's to manage for the routes distributed.

    It's working great.

    Thank you and the whole pfSense team!

Log in to reply