OSPF : Manually inject a route
-
Hi,
I am having some trouble advertising an openvpn subnet through OSPF.
In the "Interface Settings" tab, I add my openvpn interface so that the subnet gets advertised but instead of my whole /24 subnet, only the /32 ip of the server gets advertised :
Link connected to: Stub Network (Link ID) Net: 10.10.13.2 (Link Data) Network Mask: 255.255.255.255 Number of TOS metrics: 0 TOS 0 Metric: 10As a fix, I tried to inject my 10.10.13.0/24 route manually in "Global Settings", "Subnet to route" but the result is the same (even after removing the openvpn interface from the "Interface Settings" tab)
Then, I tried to inject a dummy route in "Global Settings", "Subnet to route" as a result the route is not even advertised.
It seems like Quagga is only advertising routes if it can find an interface with the exact same subnet configured, because if I add a subnet for which I have an interface it gets advertised.It does not make sense to me, I should be able to advertise any subnet I want, right ?
Some examples :
router ospf ospf router-id 10.10.10.1 area 0.0.0.0 stub ... network 10.10.13.0/24 area 0.0.0.0 ; > 10.10.13.2/32 gets advetised not the /24router ospf ospf router-id 10.10.10.1 area 0.0.0.0 stub ... network 192.168.1.0/24 area 0.0.0.0 network 192.168.2.0/24 area 0.0.0.0 ; > lets assume I have an interface with 192.168.1.0/24, the subnet gets advertised, but I have no interface on 192.168.2.0/24 so this is not advertised -
If the interface is a /32 you might need to tell it to summarize anything in the /24 into the /24.
I believe you have to have the routes being summarized in a different OSPF area. Then you should be able to tell it to summarize the routes into a /24 for insertion into area 0.
This help? :
http://www.nongnu.org/quagga/docs/docs-multi/OSPF-area.html
Installing Quagga OSPF has been on my list of things to do. Sorry. No first hand experience.
-
I am in a very basic single area OSPF structure.
Regarding the openvpn related issue I found a post from jimp describing sometinq quite similar (https://forum.pfsense.org/index.php?topic=52236.msg279764#msg279764).
He suggested a workaround by using manual subnet but in my case the subnet I add manually does not get distributed at all. The manual subnet not beeing redistributed is the main issue I am facing (using this as a workaround is fine for me).
-
distributing subnets works fine for me …. i do it all the time.
do you get full neighbour link? (```
10.0.0.1 1 Full/DROther 39.030s 192.168.222.2 ovpns5:192.168.0.1 0 0 0could you post a censored output of quagga-status & raw config ? I'm by no means an expert, but i can compare with my setups -
Yes I get a full relation between both neighbors
From one of my router (192.168.92.1) :
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL 192.168.38.202 1 Full/DR 33.572s 172.16.16.9 ovpnc4:172.16.16.10 0 0 0 10.10.10.1 1 Full/DR 34.891s 172.16.16.1 ovpnc5:172.16.16.2 0 0 0OSPF Router with ID (192.168.92.1) Router Link States (Area 0.0.0.0 [Stub]) Link ID ADV Router Age Seq# CkSum Link count 10.10.10.1 10.10.10.1 476 0x80000060 0xb634 6 192.168.38.202 192.168.38.202 187 0x80000062 0x6faa 3 192.168.92.1 192.168.92.1 186 0x80000064 0x166c 4 Net Link States (Area 0.0.0.0 [Stub]) Link ID ADV Router Age Seq# CkSum 172.16.16.1 10.10.10.1 96 0x8000002f 0xe37a 172.16.16.5 10.10.10.1 1277 0x8000002f 0x04c2 172.16.16.9 192.168.38.202 357 0x80000030 0x835bOSPF Router with ID (192.168.92.1) Router Link States (Area 0.0.0.0 [Stub]) LS age: 476 Options: 0x0 : *|-|-|-|-|-|-|* LS Flags: 0x6 Flags: 0x0 LS Type: router-LSA Link State ID: 10.10.10.1 Advertising Router: 10.10.10.1 LS Seq Number: 80000060 Checksum: 0xb634 Length: 96 Number of Links: 6 Link connected to: Stub Network (Link ID) Net: 10.10.13.2 (Link Data) Network Mask: 255.255.255.255 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: Stub Network (Link ID) Net: 10.10.12.130 (Link Data) Network Mask: 255.255.255.255 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 172.16.16.1 (Link Data) Router Interface address: 172.16.16.1 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 172.16.16.5 (Link Data) Router Interface address: 172.16.16.5 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: Stub Network (Link ID) Net: 10.10.10.0 (Link Data) Network Mask: 255.255.255.0 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: Stub Network (Link ID) Net: 10.10.11.0 (Link Data) Network Mask: 255.255.255.0 Number of TOS metrics: 0 TOS 0 Metric: 10 LS age: 187 Options: 0x0 : *|-|-|-|-|-|-|* LS Flags: 0x6 Flags: 0x0 LS Type: router-LSA Link State ID: 192.168.38.202 Advertising Router: 192.168.38.202 LS Seq Number: 80000062 Checksum: 0x6faa Length: 60 Number of Links: 3 Link connected to: Stub Network (Link ID) Net: 192.168.38.0 (Link Data) Network Mask: 255.255.255.0 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 172.16.16.5 (Link Data) Router Interface address: 172.16.16.6 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 172.16.16.9 (Link Data) Router Interface address: 172.16.16.9 Number of TOS metrics: 0 TOS 0 Metric: 19 LS age: 186 Options: 0x0 : *|-|-|-|-|-|-|* LS Flags: 0x3 Flags: 0x0 LS Type: router-LSA Link State ID: 192.168.92.1 Advertising Router: 192.168.92.1 LS Seq Number: 80000064 Checksum: 0x166c Length: 72 Number of Links: 4 Link connected to: a Transit Network (Link ID) Designated Router address: 172.16.16.9 (Link Data) Router Interface address: 172.16.16.10 Number of TOS metrics: 0 TOS 0 Metric: 19 Link connected to: a Transit Network (Link ID) Designated Router address: 172.16.16.1 (Link Data) Router Interface address: 172.16.16.2 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: Stub Network (Link ID) Net: 192.168.92.0 (Link Data) Network Mask: 255.255.255.0 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: Stub Network (Link ID) Net: 192.168.10.0 (Link Data) Network Mask: 255.255.255.0 Number of TOS metrics: 0 TOS 0 Metric: 10============ OSPF network routing table ============ N 10.10.10.0/24 [20] area: 0.0.0.0 via 172.16.16.1, ovpnc5 N 10.10.11.0/24 [20] area: 0.0.0.0 via 172.16.16.1, ovpnc5 N 10.10.12.130/32 [20] area: 0.0.0.0 via 172.16.16.1, ovpnc5 N 10.10.13.2/32 [20] area: 0.0.0.0 via 172.16.16.1, ovpnc5 N 172.16.16.0/30 [10] area: 0.0.0.0 directly attached to ovpnc5 N 172.16.16.4/30 [20] area: 0.0.0.0 via 172.16.16.1, ovpnc5 N 172.16.16.8/30 [19] area: 0.0.0.0 directly attached to ovpnc4 N 192.168.10.0/24 [10] area: 0.0.0.0 directly attached to vtnet1 N 192.168.38.0/24 [29] area: 0.0.0.0 via 172.16.16.9, ovpnc4 N 192.168.92.0/24 [10] area: 0.0.0.0 directly attached to vtnet0 ============ OSPF router routing table ============= ============ OSPF external routing table ===========Config of 192.168.92.1 :
interface ovpnc4 ip ospf cost 19 interface vtnet0 interface ovpnc5 ip ospf cost 10 router ospf ospf router-id 192.168.92.1 area 0.0.0.0 stub redistribute static passive-interface vtnet0 network 172.16.16.8/30 area 0.0.0.0 network 192.168.92.0/24 area 0.0.0.0 network 172.16.16.0/30 area 0.0.0.0 network 192.168.10.0/24 area 0.0.0.0 network 192.168.93.0/24 area 0.0.0.0Both 192.168.10.0/24 and 192.168.93.0/24 are configured to be manually announced. But only 192.168.10.0/24 is actually announced.
The only difference between those two subnets is that I have an interface configured with the subnet 192.168.10.0/24 (vtnet1) on my 192.168.92.1 router whereas I have not got any interface on the subnet 192.168.93.0/24 that I am trying to announce.
-
Disclaimer: use at your own risk …
in that scenario i think you'd need to either:a) 'redistribute kernel routes' (if you have it as a static route configured in pfsense) … do note that this will also redistribute your default route / monitor ip's / ... / ... ( you could restrict them by adding them to 'disable acceptance')
b) use zebra to fabricate a route for you by entering a route in 'raw config'-->zebra.conf--> for example: ip route 192.168.93.0/24 em8 <–- then you have to enable 'redistribute static'
I quickly tried option b between home <–> work and it seemed to distribute fine
-
Thanks, I tried your solution b (I am trying to inject 192.168.39.0/24 and 192.168.40.0/24)
My zebra.conf :
ip route 192.168.39.0/24 em0 ip route 192.168.40.0/24 em1I can see the static route in "Quagga Zebra Routes" but neither in Quagga OSPF Routes nor in the advertised LSA… :(
Which version of pfsense/quagga are you using ?Thanks
--
interface ovpns2 ip ospf cost 19 interface em0 interface ovpnc3 ip ospf cost 10 router ospf ospf router-id 192.168.38.202 area 0.0.0.0 stub redistribute static passive-interface em0 network 172.16.16.8/30 area 0.0.0.0 network 192.168.38.0/24 area 0.0.0.0 network 172.16.16.4/30 area 0.0.0.0 network 192.168.39.0/24 area 0.0.0.0Quagga Zebra Routes Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, A - Babel, > - selected route, * - FIB route K>* 0.0.0.0/0 via 192.168.38.1, em0 C>* 127.0.0.0/8 is directly connected, lo0 O 172.16.16.4/30 [110/10] is directly connected, ovpnc3, 00:00:06 C>* 172.16.16.4/30 is directly connected, ovpnc3 O 172.16.16.8/30 [110/19] is directly connected, ovpns2, 00:00:06 C>* 172.16.16.8/30 is directly connected, ovpns2 O 192.168.38.0/24 [110/10] is directly connected, em0, 00:00:06 C>* 192.168.38.0/24 is directly connected, em0 S> 192.168.39.0/24 [1/0] is directly connected, em0 S 192.168.40.0/24 [1/0] is directly connected, em1 inactiveQuagga OSPF Routes ============ OSPF network routing table ============ N 10.10.10.0/24 [20] area: 0.0.0.0 via 172.16.16.5, ovpnc3 N 10.10.11.0/24 [20] area: 0.0.0.0 via 172.16.16.5, ovpnc3 N 10.10.12.130/32 [20] area: 0.0.0.0 via 172.16.16.5, ovpnc3 N 10.10.13.2/32 [20] area: 0.0.0.0 via 172.16.16.5, ovpnc3 N 172.16.16.0/30 [20] area: 0.0.0.0 via 172.16.16.5, ovpnc3 N 172.16.16.4/30 [10] area: 0.0.0.0 directly attached to ovpnc3 N 172.16.16.8/30 [19] area: 0.0.0.0 directly attached to ovpns2 N 192.168.10.0/24 [29] area: 0.0.0.0 via 172.16.16.10, ovpns2 N 192.168.38.0/24 [10] area: 0.0.0.0 directly attached to em0 N 192.168.92.0/24 [29] area: 0.0.0.0 via 172.16.16.10, ovpns2 ============ OSPF router routing table ============= ============ OSPF external routing table ===========LS age: 276 Options: 0x0 : *|-|-|-|-|-|-|* LS Flags: 0x3 Flags: 0x0 LS Type: router-LSA Link State ID: 192.168.38.202 Advertising Router: 192.168.38.202 LS Seq Number: 80000193 Checksum: 0x2cba Length: 60 Number of Links: 3 Link connected to: Stub Network (Link ID) Net: 192.168.38.0 (Link Data) Network Mask: 255.255.255.0 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 172.16.16.5 (Link Data) Router Interface address: 172.16.16.6 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 172.16.16.10 (Link Data) Router Interface address: 172.16.16.9 Number of TOS metrics: 0 TOS 0 Metric: 19 -
pfsense 2.2 one end <–> 2.1.4 other end of openvpn tunnel.
quagga: Installed: 0.99.22.3.1_2 v0.6.2 <-- not all that much has changed in functionality lately (i think).what i did notice was some weirdness on the quagga 'status' page on the pfsense that was injecting the routes ( Quagga Zebra Routes = empty) ... but the receiving end added the route automagically, and everything keeps working ;)
injector quagga config:
Quagga ospfd.conf # This file was created by the pfSense package manager. Do not edit! password xxxxx log syslog interface ovpnc1 ip ospf cost 100 router ospf ospf router-id 10.0.0.1 redistribute static network 192.168.222.0/30 area 0.0.0.1 network 192.168.226.0/24 area 0.0.0.1 network 10.0.0.0/24 area 0.0.0.1Quagga zebra.conf
ip route 192.168.213.0/24 lo0Quagga OSPF Database on inject side
OSPF Router with ID (10.0.0.1) Router Link States (Area 0.0.0.1) Link ID ADV Router Age Seq# CkSum Link count 10.0.0.1 10.0.0.1 3 0x800013d7 0xd3cf 3 10.10.10.1 10.10.10.1 98 0x8000be71 0x1f18 11 10.20.10.1 10.20.10.1 776 0x80007af9 0x447c 10 10.30.10.1 10.30.10.1 1246 0x8000049f 0xd60d 5 AS External Link States Link ID ADV Router Age Seq# CkSum Route 192.168.213.0 10.0.0.1 3 0x80000002 0x670c E2 192.168.213.0/24 [0x0]Quagga OSPF Database on receiving end
OSPF Router with ID (10.10.10.1) Router Link States (Area 0.0.0.1) Link ID ADV Router Age Seq# CkSum Link count 10.0.0.1 10.0.0.1 233 0x800013d8 0xd1d0 3 10.10.10.1 10.10.10.1 268 0x8000be72 0xdbed 12 10.20.10.1 10.20.10.1 1041 0x80007af9 0x447c 10 10.30.10.1 10.30.10.1 1511 0x8000049f 0xd60d 5 AS External Link States Link ID ADV Router Age Seq# CkSum Route 192.168.213.0 10.0.0.1 268 0x80000002 0x670c E2 192.168.213.0/24 [0x0]