Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OSFP distributing routes just using Access Lists, not bothering with interfaces (expect the VTi ones...)

    Scheduled Pinned Locked Moved FRR
    3 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • nzkiwi68N
      nzkiwi68
      last edited by

      Am I doing this right? It works great, but I'm not using route maps at all.
      I hope it's a valid way of doing things. It's making for a very straight forward and simpler FRR OSFP config.

      It's working perfectly, only distributing kernel routes that I specify in the KERNELallowALC access list and only distributing connected networks listed in the CONNECTallowACL list, plus my OpenVPN network is distributed using an FRR static route.

      I'd like anyone knowledgeable to comment if what I'm doing it valid or invalid.

      If it's valid (it is working great) then it's a good guide for anyone else who might find it useful....

      Thanks.

      Services > FRR > OSPF > OSPF Settings
      OSFP Route Distribution.PNG

      OSFP Access Lists.PNG
      OSFP Kernel ACL.PNG
      OSFP Connect ACL.PNG

      These are just the WAN1 and WAN2 VTi interfaces, WAN1 preferred
      OSFP interfaces.PNG
      OSFP Global settings.PNG

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Looks OK to me. Depending on the number of networks you have, and how they are arranged, it might be easier setting up multiple areas and summary routes. Though if what you have is working wel for you, then it's fine.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • nzkiwi68N
          nzkiwi68
          last edited by

          Thanks, I'm happy that it's quite a simple setup, one set of ACL's to manage for the routes distributed.

          It's working great.

          Thank you and the whole pfSense team!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.