Quagga not connecting to other routers



  • I have two pfsense boxes, connected via openvpn.

    A: OpenVpn Server, Lan 192.168.10.0/24 (multi wan)
    VPN

    • running on LAN, with NAT forwarding
    • tunnel 172.21.12.0/22
    • local network 192.168.10.0/24
    • remote network 172.20.2.0/24
      Client Specific Override (for B)
    • iroute 172.20.2.0 255.255.255.0
      B: OpenVpn Client, Lan 172.20.2.0/24

    From both A and B I can work on the lan of the other.

    At both sides:

    • fire wall rules on openvpn: allow all

    Running Quagga on both ends:

    • Router: id set to lan ip of that side
    • Area: 192.168.10.0
      Interface: only the vpn used on that site for the other site

    On both ends:
    Number of fully adjacent neighbors in this area: 0

    What am I missing?



  • Additional info:
    on site A I captured the following fragment:
        172.21.12.6 > 224.0.0.5: OSPFv2, Hello, length 44
    Router-ID 192.168.2.32, Area 192.168.10.0, Authentication Type: none (0)
    Options [External]
      Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1

    Router-ID 192.168.2.32 is coming from site B



  • did you set a master password ?



  • Yep, masterpassword is set at both sites to the same value



  • could you provide us with some screenshot of all your quagga configuration tabs  ?
    if you've assigned interfaces to your openvpn tunnel, make sure you set type to 'none' & restart the tunnels

    other then that i'm not sure what could be the problem, i have multiple sites with dynamic routing using quagga without issues.



  • The Quagga screens from the server side.

    Client is almost identical, except:

    • router id: has a different router id
    • no addtional routes (yet)
    • different interface (the openvpn client is choosen there)




  • 2nd tab






  • only differences i see with my configurations are the following:

    -my area is not an ip address (don't know what the limitations are). Try setting the area to 0.0.0.1
    -i've filled in the metric @ interface config
    -i've a description filled in @ interface config
    -my openvpn server/clients are assigned as physical interface (interfaces–>assign). But ive been told by jimp or cmb that this is no longer a requirement when using quagga, so it shouldn't matter

    i hope one of these solves your problems, altho i somewhat doubt they will.



  • Here the current routes (first is the client, second is the server).

    Tried the description and other area, no luck so far.






  • there are only a few basic requirements for quagga to work:

    -tunnel endpoints must be able to reach each other
    -firewall rules must allow ospf traffic

    it has allways worked for me. probably some small thing we're missing to get your setup working



  • Thanks for helping me think this through.
    Seems I got all the point covered, but there must be a missing link (pun intended).

    Quagga status Server

    Area ID: 0.0.0.1
      Shortcutting mode: Default, S-bit consensus: ok
      Number of interfaces in this area: Total: 2, Active: 2
      Number of fully adjacent neighbors in this area: 0
      Area has no authentication
      Number of full virtual adjacencies going through this area: 0
          OSPF Router with ID (192.168.10.254)

    Router Link States (Area 0.0.0.1)

    Link ID        ADV Router      Age  Seq#      CkSum  Link count
    192.168.10.254  192.168.10.254    2 0x80000002 0x3cc9 2

    Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
          I - ISIS, B - BGP, > - selected route, * - FIB route

    K>* 0.0.0.0/0 via 194.xxx.xxx.xxx, re0
    C>* 127.0.0.0/8 is directly connected, lo0
    K>* 172.20.2.0/24 via 172.21.12.2, ovpns4
    K>* 172.21.4.0/22 via 172.21.4.2, ovpns2
    C>* 172.21.4.2/32 is directly connected, ovpns2
    C>* 172.21.8.2/32 is directly connected, ovpns3
    K>* 172.21.12.0/22 via 172.21.12.2, ovpns4
    O  172.21.12.2/32 [110/10] is directly connected, ovpns4, 00:00:02
    C>* 172.21.12.2/32 is directly connected, ovpns4
    C>* 192.168.8.0/23 is directly connected, em1
    O  192.168.10.0/24 [110/10] is directly connected, em1, 00:00:02
    C>* 192.168.10.0/24 is directly connected, em1
    C>* 192.168.11.0/24 is directly connected, em1
    C>* 192.168.12.0/22 is directly connected, em2
    C>* 192.168.178.0/24 is directly connected, em3
    C>* 194.xxx.xxx.xxx/29 is directly connected, re0
    C>* 194.xxx.xxx.xxx/32 is directly connected, re0
    K>* 194.xxx.xxx.xxx/32 via 192.168.178.1, em3
    K>* 194.xxx.xxx.xxx/32 via 194.xxx.xxx.xxx, re0
    K>* 194.xxx.xxx.xxx/32 via 194.xxx.xxx.xxx, re0
    K>* 208.67.220.220/32 via 192.168.178.1, em3
    K>* 208.67.222.222/32 via xxx.xxx.xxx, re0

    (em3 and re0 are both wan)

    em1 is up (= lan 1)
      ifindex 2, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,promisc,simplex,multicast>Internet Address 192.168.10.254/24, Broadcast 192.168.10.255, Area 0.0.0.1
      MTU mismatch detection:enabled
      Router ID 192.168.10.254, Network Type BROADCAST, Cost: 10
      Transmit Delay is 1 sec, State Waiting, Priority 1
      No designated router on this network
      No backup designated router on this network
      Multicast group memberships: OSPFAllRouters
      Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
        Hello due in 7.921s
      Neighbor Count is 0, Adjacent neighbor count is 0
    ovpns4 is up (=openvpn server)
      ifindex 14, MTU 1500 bytes, BW 0 Kbit <up,pointopoint,running,multicast>Internet Address 172.21.12.1/32, Peer 172.21.12.2, Area 0.0.0.1
      MTU mismatch detection:enabled
      Router ID 192.168.10.254, Network Type POINTOPOINT, Cost: 10
      Transmit Delay is 1 sec, State Point-To-Point, Priority 1
      No designated router on this network
      No backup designated router on this network
      Multicast group memberships: OSPFAllRouters
      Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
        Hello due in 7.921s
      Neighbor Count is 0, Adjacent neighbor count is 0

    Quagga on client

    ovpns4 is up
      ifindex 14, MTU 1500 bytes, BW 0 Kbit <up,pointopoint,running,multicast>Internet Address 172.21.12.1/32, Peer 172.21.12.2, Area 0.0.0.1
      MTU mismatch detection:enabled
      Router ID 192.168.10.254, Network Type POINTOPOINT, Cost: 10
      Transmit Delay is 1 sec, State Point-To-Point, Priority 1
      No designated router on this network
      No backup designated router on this network
      Multicast group memberships: OSPFAllRouters
      Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
        Hello due in 7.921s
      Neighbor Count is 0, Adjacent neighbor count is 0
          OSPF Router with ID (172.20.2.254)

    Router Link States (Area 0.0.0.1)

    Link ID        ADV Router      Age  Seq#      CkSum  Link count
    172.20.2.254    172.20.2.254    421 0x80000004 0xe62c 2

    Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
          I - ISIS, B - BGP, > - selected route, * - FIB route

    K>* 0.0.0.0/0 via 192.168.2.254, em0
    K>* 8.8.8.8/32 via 192.168.2.254, em0
    C>* 127.0.0.0/8 is directly connected, lo0
    O  172.20.2.0/24 [110/10] is directly connected, em1, 00:07:41
    C>* 172.20.2.0/24 is directly connected, em1
    K>* 172.21.12.1/32 via 172.21.12.5, ovpnc4
    O  172.21.12.5/32 [110/10] is directly connected, ovpnc4, 00:07:41
    C>* 172.21.12.5/32 is directly connected, ovpnc4
    C>* 192.168.2.0/24 is directly connected, em0
    K>* 192.168.10.0/24 via 172.21.12.5, ovpnc4
    K>* 208.67.222.222/32 via 192.168.2.254, em0

    em0 = wan

    em1 is up
      ifindex 2, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 172.20.2.254/24, Broadcast 172.20.2.255, Area 0.0.0.1
      MTU mismatch detection:enabled
      Router ID 172.20.2.254, Network Type BROADCAST, Cost: 10
      Transmit Delay is 1 sec, State DR, Priority 1
      Designated Router (ID) 172.20.2.254, Interface Address 172.20.2.254
      No backup designated router on this network
      Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
      Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
        Hello due in 9.275s
      Neighbor Count is 0, Adjacent neighbor count is 0

    ovpnc4 is up
      ifindex 8, MTU 1500 bytes, BW 0 Kbit <up,pointopoint,running,multicast>Internet Address 172.21.12.6/32, Peer 172.21.12.5, Area 0.0.0.1
      MTU mismatch detection:enabled
      Router ID 172.20.2.254, Network Type POINTOPOINT, Cost: 10
      Transmit Delay is 1 sec, State Point-To-Point, Priority 1
      No designated router on this network
      No backup designated router on this network
      Multicast group memberships: OSPFAllRouters
      Timer intervals configured, Hello 10s, Dead 2s, Wait 2s, Retransmit 5
        Hello due in 9.275s
      Neighbor Count is 0, Adjacent neighbor count is 0

    Firewall

    On openvpn tab:

    ID Proto Source Port Destination Port Gateway Queue Schedule Description

              • none   allow all</up,pointopoint,running,multicast></up,broadcast,running,simplex,multicast></up,pointopoint,running,multicast></up,pointopoint,running,multicast></up,broadcast,running,promisc,simplex,multicast>


  • assigning vpn server / client to interfaces did not work.

    on server side I can see in pftop:
    ospf  I 172.21.12.6:0        224.0.0.5:0 
    ospf  O 172.21.12.1:0        224.0.0.5:0

    on the client side I can see in pftop
    ospf  O 172.21.12.6:0        224.0.0.5:0 
    ospf  I 172.21.12.1:0        224.0.0.5:0

    Doing a trace on 172.21.12.6 on both sides gets me on both sides
        172.21.12.6 > 224.0.0.5: OSPFv2, Hello, length 44
    Router-ID 172.20.2.254, Area 0.0.0.1, Authentication Type: none (0)
    Options [External]
      Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1

    And a trace on 172.2.12.1 gets me on both sides:
        172.21.12.1 > 224.0.0.5: OSPFv2, Hello, length 44
    Router-ID 192.168.10.254, Area 0.0.0.1, Authentication Type: none (0)
    Options [External]
      Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1

    So data is coming through on both ends, but somehow Quagga doesn't respond



  • i've been wondering ….

    how have you been adding routes for you openvpn connection ?

    also i just noticed```
    172.21.12.6 > 224.0.0.5: OSPFv2, Hello, length 44

    
    

    192.168.222.1 > 224.0.0.5: OSPFv2, Hello, length 48
    Router-ID 10.10.10.1, Area 0.0.0.1, Authentication Type: none (0)
    Options [External]
     Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.255, Priority 1
     Neighbor List:
       10.0.0.1



  • My vpn server settings:

    • peer-to-peer ssl/tls
    • udp
    • tun
    • interface LAN (portforwarded from two WAN)
    • Tunnel: 172.21.12.0/22
    • Local network: 192.168.10.0/24 *
    • Remote network: 172.20.2.0/24 *
    • nothing with advanced

    Client specific override:

    • iroute 172.20.2.0 255.255.255.0; *

    Open vpn client:

    • tunnel network: left empty
    • remote network: left empty
    • nothing with advanced
    • Needed to work on both lans (prior to quagga)

    No additional routes entered anywhere else



  • could you do me a favor and fill in the tunnel network on the client side ?

    restart ovpn & quagga afterwards to be sure



  • I've setup a additional testbox to have two boxes that could be easily reset without disrupting the normal users.
    I've now got it working on these test machines by adding tunnel and remote on the vpn client configuration.


Locked