Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Init/DROther with OSPF

    pfSense Packages
    2
    5
    1663
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      reqlez last edited by

      Hi.

      so i set up an OpenVPN certificate point to point tunnel ( tunnel is online, can ping thru it … set-up using TAP because could never get tun to work with OSPF last time ), yet OSPF will not work. I get the following on the "Server" router:

      192.168.20.1      1 Init/DROther      38.446s 10.10.1.2      ovpns2:10.10.1.1        0    0    0

      an no neighbour shows up at all on the "client" router.

      Any ideas how to troubleshoot further ( yes i've tried restarting routers many times ) ? using pfsense 2.2.1 here

      Have another EXACT set-up working fine but with 2.1.5

      1 Reply Last reply Reply Quote 0
      • R
        reqlez last edited by

        hi … havent seen a reply so just seeing if anybody else got ideas ...

        also ... does the VPN tunnel have to be configured in TAP for ospf to work thru it ...

        1 Reply Last reply Reply Quote 0
        • S
          Spydre13 last edited by

          I know this is an old topic, but thought I'd reply in case someone else comes across it looking for help.

          Did you add a firewall rule on the client firewall to allow the OSPF multicast traffic in?

          Also, if you want to use tun instead of tap, I did get this to work using "topology subnet".  There isn't an option for this in the GUI for Peer to Peer mode yet, but there is for Remote Access mode.  For Peer to Peer mode, in the Advanced box just put "topology subnet".

          1 Reply Last reply Reply Quote 0
          • R
            reqlez last edited by

            @Spydre13:

            I know this is an old topic, but thought I'd reply in case someone else comes across it looking for help.

            Did you add a firewall rule on the client firewall to allow the OSPF multicast traffic in?

            Also, if you want to use tun instead of tap, I did get this to work using "topology subnet".  There isn't an option for this in the GUI for Peer to Peer mode yet, but there is for Remote Access mode.  For Peer to Peer mode, in the Advanced box just put "topology subnet".

            So happy, somebody actually replied to this.  I have been using TAP for all my set ups because I could not get anything else to work.  So can you go a bit more into detail about this multicast OSPF rule that I have to add ? I have not seen this at any guides.

            1 Reply Last reply Reply Quote 0
            • S
              Spydre13 last edited by

              I'm not saying you shouldn't use TAP, but if you want to use TUN I think it should work with "topology subnet".

              If you are allowing all traffic in the OpenVPN tab of your firewall rules, you won't need another rule to allow the OSPF traffic.  If you are only allowing specific traffic in, I think you will need a rule to allow the OSPF traffic.  The reason I mentioned this is that in your original post you said the server is showing the client as "Init/DROther" and the client is not showing anything, which sounds like traffic is getting through from the client to the server, but not the other way.  The server would need to negotiate with the client before showing it as "Full/DROther", etc.  Of course by "server" and "client" I'm talking about the OpenVPN role, not OSPF.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post