OpenVPN Site-to-Site + OSPF [Solved]
I'm not sure if I'm missing something really simple here, but I'm struggling to get OpenVPN and OSPF to work on 2.2.6.
What I've set up so far;
Site 1: CARP, OpenVPN tunnels running on WAN VIPs
Site 2: CARP, OpenVPN tunnels running on WAN VIPs
Site 3: Standalone, OpenVPN tunnels running on WAN addresses
Site 4: Standalone, OpenVPN tunnels running on WAN addresses
Every WAN connection (whether it is a CARP VIP or a standard WAN IP) has an OpenVPN /30 tunnel to every other WAN connection, as long as it is on a different site - effectively creating a mesh.
The /30 subnets are outside the site's normal IP allocation (each site has a /16 divided up into VLANs).
To test with, I have installed Quagga OSPF at Site 1 and Site 4. OSPF is bound to the OpenVPN tunnel interface (which gets created when you set up site-to-site), and has a stub configured in the management VLAN at both sites.
The OSPF output suggests that no neighbours have been found. Firewall rules at both ends of the tunnel allow Any <–> Any for OSPF traffic.
It also suggests that the OpenVPN tunnel interface is operating as a /32 rather than a /30 - which also concerns me.
I am thinking that this might be down to the fact I've not set up any loopback interfaces to use as the Router ID - is this required?
Do I need to assign the automatically created OpenVPN tunnel as an interface within webconfigurator?
Should I be using TAP rather than TUN mode for OpenVPN?
Or have I missed something during configuration?
rubic last edited by
Try 'topology subnet' in the OpenVPN: Server - Advanced configuration
Cheers - I'll have a try with that tomorrow!
Out of curiosity, in this mode, would I be better to assign a larger subnet and have all sites connecting to the server daemon, or would it still be better with each site connecting to it's own daemon?
Still no dice!
Do I need to manually create a loopback address for the Router ID to use (like you do with Cisco kit)?
For anyone else who runs into this;