Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OSPF not sending Hello

    FRR
    1
    3
    945
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michmoor LAYER 8 Rebel Alliance
      last edited by michmoor

      Greetings,
      I have an OPNsense to PFsense IPsec tunnel running in VTI Routed mode.
      I have configured OSPF accordingly on the OPNsense side but the PFsense side seems to be at fault.
      Following the configuration guidelines in the documentation provided by netgate I should be seeing the adjs come up but they don't.
      The reason I believe it to be the fault on the Pfsense side is because of the following:

      1. Packet capture on the OPnsense side, specifically on the IPsec Interface shows OSPF hellos being sent out the ipsec interface.
      2. On the pfsense, checking the phase 2 side of the tunnel, I see packet counts increasing every few seconds. There are no outgoing packets. Traffic is being sent across the tunnel that much is true.

      Oddly, when I do a packet capture on the pfsense side on the ipsec interface nothing is shown. No hellos or even received packets from the remote side over the tunnel. FRR configuration is correct with the VTI interface added under ospf and not passive.

      frr defaults traditional
      hostname GA-FW1
      password xxxxxxxxx
      log syslog
      service integrated-vtysh-config
      !
      interface ipsec1
      description "ospfd: VTI-790CCV"
      ip ospf network broadcast
      ip ospf cost 10
      ip ospf mtu-ignore
      interface igb1
      description "ospfd: LanNet"
      ip ospf mtu-ignore
      ip ospf area 0.0.0.0
      interface igb3
      description "ospfd: DMZ"
      ip ospf mtu-ignore
      ip ospf area 0.0.0.0
      !
      router bgp 65001
      bgp log-neighbor-changes
      no bgp network import-check
      !
      router ospf
      ospf router-id 10.6.106.1
      log-adjacency-changes detail
      passive-interface igb1
      passive-interface igb3
      area 0.0.0.0 shortcut default

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @michmoor
        last edited by

        @michmoor update. I decided to reboot the pfsense. Start clean. I shouldn't have to do this on a production machine but here we are.
        Running another packet capture under the interface "IPsec" I do in fact see ospf hellos being received from the remote side which confirms the OPNsense is operating correctly and I can now focus on the pfsense being the issue (this is a first).

        18:31:28.198705 (authentic,confidential): SPI 0xcedeff1d: IP 10.6.106.2 > 224.0.0.5: OSPFv2, Hello, length 44
        18:31:38.199122 (authentic,confidential): SPI 0xcdb0b415: IP 10.6.106.2 > 224.0.0.5: OSPFv2, Hello, length 44

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        M 1 Reply Last reply Reply Quote 0
        • M
          michmoor LAYER 8 Rebel Alliance @michmoor
          last edited by

          @michmoor just tried with BGP and this too is failing to establish. There might just be a missing configuration on the pfsense I'm not seeing but this should all work. This isn't a multicast or unicast problem.

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.