Quagga OSPF help for a beginner



  • Hello,

    actually i'm trying to build a test-setup with 2 sites connected via 2 OpenVPN Peer to Peer connections and implement the routing via quagga OSPF for the DUAL-WAN-Failover possibility
    for your info: i'm a complete beginner in ospf and would hope that someone could help me out for my first test-scenario

    site "pfs-wien" has 2 WANs and 1 subnet, site "pfs-rat" has 1 WAN und 2 subnets
    see attachmnent visio.png

    the two openvpn connections are working perfect, no automatic routes are entered so this shouldn't get to a problem

    as you can see i have filled out the ospf section like in the pictures global.png and interface.png
    unfortunately i haven't found any guide for a newb like me how i should start, so i just did like i thought it could be right

    on the ospf status page and the firewall logs i can see that both ospf sites see and talk with each other and i get the right routing information in the ospf zone and the routing-table of the system (see attachment routing.png)
    but if i start a tracert to the other site it ends in going out through the wan interface, only if i trace the openvpn-tunnel adapter of the other site the routing works, but not with another client or even the lan-interface of the other site

    additionaly i get on the site pfs-rat (openvpn client) after about 15 to 20 minutes the following error code in the system log

    ospfd[53865]: *** sendmsg in ospf_write failed to 224.0.0.5, id 0, off 0, len 64, interface vr0, mtu 1500: No buffer space available

    after a reboot of the alix 2d13 box the message disappears again for the next 15-20 minutes

    please help me, i tried to get it done the last 2 days by myself but at the moment i'm really lost
    thanks in advance!










  • 1st … do you got normal traffic through OpenVPN tunnel like ping/connections between firewalls ? This is my problem when trying to bridge two networks ^^

    Then you must open traffic on OpenVPN Interfaces for OSPF hosts, too... not only your needed networks but also the 2 broadcast IPs for OSPF 224.0.0.5 and 224.0.0.6 (and all your source firewall IPs for secuity even if doubled defined).

    Bests

    Reiner



  • Hello,

    if i do the routing without ospf and only via placing the route in openvpn the connection/routing works perfect, i tried it also with this suggestion (http://forum.pfsense.org/index.php/topic,32429.msg167573.html#msg167573) but in the next step i will have 2 WANs on every site so this won't work anymore, thats the reason why i would love to do it with ospf

    in the attachment firewall.png you can see my firewall rules from one site, the other one is the same vice-versa
    supplementary i log every blocked packet to see if i forgot something but there is nothing left

    and as you can see in the tracert.png, if i tracert the openvpn address from the other site the routing works, only if i try to access the lan-address the routing goes crazy and trys it over the wan
    and thats something i can't unterstand cause in the routing table the route to 192.168.176.64/27 is registered

    thanks






  • Hi,

    seems that this it the problem from this thread as I and perhaps also you go in…
    http://forum.pfsense.org/index.php/topic,60231.0.html
    => http://redmine.pfsense.org/issues/2712

    I also found my OpenVPN  Network not over my defined interface:
      BRIDGE_OPENVPN (opt32)    -> ovpns5    -> 172.16.4.1

    but on my local network (in our case it's a WLAN bridge ^^)

    [2.0.3-RELEASE][root@fw1.jws1.local]/root(1): route -n get 172.16.4.2
      route to: 172.16.4.2
    destination: 172.16.4.0
          mask: 255.255.255.0
      interface: lagg1_vlan6
          flags: <up,done>recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
          0        0        0        0      1500        1        0

    Because OSPF already knew the route (and perhaps I also get OSPF crashes when restarting the OpenVPN tunnel):

    ============ OSPF network routing table ============
    N    172.16.4.0/24        [20] area: 192.168.6.0
                              via 192.168.6.12, lagg1_vlan6
    N    192.168.6.0/25        [10] area: 192.168.6.0
                              directly attached to lagg1_vlan6

    mmh, there is also a patch for testing offered:
    http://forum.pfsense.org/index.php/topic,60231.msg331739.html#msg331739

    but better to test it with no live machines … the patch perhaps did not work as expected and my patch test said "no reversable"</up,done>



  • so… patched look good but have a little bug but would be working if fix is done ;) => other thread



  • sorry for my late response, but i have figured out where my problem was
    on the site with the 2 wans i made a gateway-group and set this on the default-lan to everywhere rule as gateway, as soon as i changed it back to the default gateway preference all works

    and the no buffer space available error appeared because on this interface was nothing plugged in
    at the moment at least a switch was connected it disappeared



  • @rengiared:

    sorry for my late response, but i have figured out where my problem was
    on the site with the 2 wans i made a gateway-group and set this on the default-lan to everywhere rule as gateway, as soon as i changed it back to the default gateway preference all works

    then you can fix it easy

    we setup a "private" alias with all internal networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16) and set on each LAN a first "external" route:
    allow any any to !private any  over gateway group (with traffic limiter)


Log in to reply