Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OSPF not sending Hello

    FRR
    1
    3
    309
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michmoor last edited by michmoor

      Greetings,
      I have an OPNsense to PFsense IPsec tunnel running in VTI Routed mode.
      I have configured OSPF accordingly on the OPNsense side but the PFsense side seems to be at fault.
      Following the configuration guidelines in the documentation provided by netgate I should be seeing the adjs come up but they don't.
      The reason I believe it to be the fault on the Pfsense side is because of the following:

      1. Packet capture on the OPnsense side, specifically on the IPsec Interface shows OSPF hellos being sent out the ipsec interface.
      2. On the pfsense, checking the phase 2 side of the tunnel, I see packet counts increasing every few seconds. There are no outgoing packets. Traffic is being sent across the tunnel that much is true.

      Oddly, when I do a packet capture on the pfsense side on the ipsec interface nothing is shown. No hellos or even received packets from the remote side over the tunnel. FRR configuration is correct with the VTI interface added under ospf and not passive.

      frr defaults traditional
      hostname GA-FW1
      password xxxxxxxxx
      log syslog
      service integrated-vtysh-config
      !
      interface ipsec1
      description "ospfd: VTI-790CCV"
      ip ospf network broadcast
      ip ospf cost 10
      ip ospf mtu-ignore
      interface igb1
      description "ospfd: LanNet"
      ip ospf mtu-ignore
      ip ospf area 0.0.0.0
      interface igb3
      description "ospfd: DMZ"
      ip ospf mtu-ignore
      ip ospf area 0.0.0.0
      !
      router bgp 65001
      bgp log-neighbor-changes
      no bgp network import-check
      !
      router ospf
      ospf router-id 10.6.106.1
      log-adjacency-changes detail
      passive-interface igb1
      passive-interface igb3
      area 0.0.0.0 shortcut default

      Firewall: NetGate 6100/7100U, Palo Alto
      Routing: Juniper MX204 , Arista 7050X3
      Switching: Juniper EX/QFX. Arista 7050SX
      Wireless: Unifi, Aruba IAP

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor @michmoor last edited by

        @michmoor update. I decided to reboot the pfsense. Start clean. I shouldn't have to do this on a production machine but here we are.
        Running another packet capture under the interface "IPsec" I do in fact see ospf hellos being received from the remote side which confirms the OPNsense is operating correctly and I can now focus on the pfsense being the issue (this is a first).

        18:31:28.198705 (authentic,confidential): SPI 0xcedeff1d: IP 10.6.106.2 > 224.0.0.5: OSPFv2, Hello, length 44
        18:31:38.199122 (authentic,confidential): SPI 0xcdb0b415: IP 10.6.106.2 > 224.0.0.5: OSPFv2, Hello, length 44

        Firewall: NetGate 6100/7100U, Palo Alto
        Routing: Juniper MX204 , Arista 7050X3
        Switching: Juniper EX/QFX. Arista 7050SX
        Wireless: Unifi, Aruba IAP

        M 1 Reply Last reply Reply Quote 0
        • M
          michmoor @michmoor last edited by

          @michmoor just tried with BGP and this too is failing to establish. There might just be a missing configuration on the pfsense I'm not seeing but this should all work. This isn't a multicast or unicast problem.

          Firewall: NetGate 6100/7100U, Palo Alto
          Routing: Juniper MX204 , Arista 7050X3
          Switching: Juniper EX/QFX. Arista 7050SX
          Wireless: Unifi, Aruba IAP

          1 Reply Last reply Reply Quote 0
          • First post
            Last post