Init/DROther with OSPF
-
Hi.
so i set up an OpenVPN certificate point to point tunnel ( tunnel is online, can ping thru it … set-up using TAP because could never get tun to work with OSPF last time ), yet OSPF will not work. I get the following on the "Server" router:
192.168.20.1 1 Init/DROther 38.446s 10.10.1.2 ovpns2:10.10.1.1 0 0 0
an no neighbour shows up at all on the "client" router.
Any ideas how to troubleshoot further ( yes i've tried restarting routers many times ) ? using pfsense 2.2.1 here
Have another EXACT set-up working fine but with 2.1.5
-
hi … havent seen a reply so just seeing if anybody else got ideas ...
also ... does the VPN tunnel have to be configured in TAP for ospf to work thru it ...
-
I know this is an old topic, but thought I'd reply in case someone else comes across it looking for help.
Did you add a firewall rule on the client firewall to allow the OSPF multicast traffic in?
Also, if you want to use tun instead of tap, I did get this to work using "topology subnet". There isn't an option for this in the GUI for Peer to Peer mode yet, but there is for Remote Access mode. For Peer to Peer mode, in the Advanced box just put "topology subnet".
-
I know this is an old topic, but thought I'd reply in case someone else comes across it looking for help.
Did you add a firewall rule on the client firewall to allow the OSPF multicast traffic in?
Also, if you want to use tun instead of tap, I did get this to work using "topology subnet". There isn't an option for this in the GUI for Peer to Peer mode yet, but there is for Remote Access mode. For Peer to Peer mode, in the Advanced box just put "topology subnet".
So happy, somebody actually replied to this. I have been using TAP for all my set ups because I could not get anything else to work. So can you go a bit more into detail about this multicast OSPF rule that I have to add ? I have not seen this at any guides.
-
I'm not saying you shouldn't use TAP, but if you want to use TUN I think it should work with "topology subnet".
If you are allowing all traffic in the OpenVPN tab of your firewall rules, you won't need another rule to allow the OSPF traffic. If you are only allowing specific traffic in, I think you will need a rule to allow the OSPF traffic. The reason I mentioned this is that in your original post you said the server is showing the client as "Init/DROther" and the client is not showing anything, which sounds like traffic is getting through from the client to the server, but not the other way. The server would need to negotiate with the client before showing it as "Full/DROther", etc. Of course by "server" and "client" I'm talking about the OpenVPN role, not OSPF.