Openvpn site-to-site
-
Hello,
I setup openvpn site-to-site with preshared keys. The tunnel works. (both side is pfsense)
I would like to run ospf over this tunnel. Can someone help me how can I do this?
I installed Quagga and configured on the interfaces on both firewalls but two ospf process
cannot see each other.Any idea?
Thanks,
klajosh
-
did you assign an opt-interface to openvpn? i've personally never attempted to work with ospf without an interface assigned
they need to be in the same area also …
other then that they should communicate if you have the proper allow rules here and there
-
No need to assign with quagga, that was only a requirement of openospfd
Make sure your firewall rules allow the ospf traffic to flow, you need at least a rule to pass the ospf protocol if you aren't already passing 'any'
Make sure both sides are using the same area id, but different router ids
Check the logs and status to see if any problems are reported.Once the status shows they have a "full" status, then just remove the contents of the "remote network" boxes in the vpn config on either side, and ospf should take over from there.
-
Thanks both of your answer. The trick was to allow traffic in the firewall section. In quagga I added only
the openvpn interfaces. But in firewall rules I refer for opt interfaces and there I saw denied traffic and this
is what I allowed. So it works fine now. Thanks. I am about to extend this config to other links.
