Page MenuHomeVyOS Platform
New Question
Ponder Q21

OSPF configuration problem on VyOS 1.1.6 (by Andrea Ugoni)
Closed, ObsoletePublic
Actions

Asked by syncer on Mar 31 2016, 11:28 PM.

Details

I have an OSPF configuration problem on VyOS 1.1.6.

I have 2 clustered routers/firewall accessing Internet through 2 router of 2 different Internet providers, each one connects via dual VPN (OpenVPN) to another remote VyOS.

I configured the first router VyOS-A of cluster without problems, managing to pass routes to the router VyOS-remote remotely via OSPF through the double tunnel.

When I connect the second router VyOS-B of cluster, I don't receive any routes on remote VyOS. The following diagram summarizes the situation: network diagram

Below the part of the VyOS configuration:

VyOS-A router:

    openvpn vtun0 {
    description "to Internet provider C"
    ip {
        ospf {
            dead-interval 40
            hello-interval 10
            priority 250
            retransmit-interval 5
            transmit-delay 1
        }
    }
    mode client
    remote-host 10.100.100.100
    remote-port 5000
    tls {
        ca-cert-file /config/auth/ca.crt
        cert-file /config/auth/vyos-A1.crt
        key-file /config/auth/vyos-A1.key
    }
}
openvpn vtun1 {
    description "to Internet provider D"
    ip {
        ospf {
            dead-interval 40
            hello-interval 10
            priority 200
            retransmit-interval 5
            transmit-delay 1
        }
    }
    mode client
    remote-host 10.101.101.101
    remote-port 5001
    tls {
        ca-cert-file /config/auth/ca.crt
        cert-file /config/auth/vyos-A2.crt
        key-file /config/auth/vyos-A2.key
    }
}

ospf {
    area 0.0.0.0 {
        network 10.0.10.0/24
        network 10.0.20.0/24
    }
    area 0.0.0.64 {
        network 10.64.16.0/24
    }
    parameters {
        abr-type cisco
        router-id 10.0.0.201
    }
    passive-interface default
    passive-interface-exclude vtun0
    passive-interface-exclude vtun1
}

router VyOS-B:

    openvpn vtun0 {
    description "to Internet provider C"
    ip {
        ospf {
            dead-interval 40
            hello-interval 10
            priority 150
            retransmit-interval 5
            transmit-delay 1
        }
    }
    mode client
    remote-host 10.100.100.100
    remote-port 5000
    tls {
        ca-cert-file /config/auth/ca.crt
        cert-file /config/auth/vyos-B1.crt
        key-file /config/auth/vyos-B1.key
    }
}
openvpn vtun1 {
    description "to Internet provider D"
    ip {
        ospf {
            dead-interval 40
            hello-interval 10
            priority 100
            retransmit-interval 5
            transmit-delay 1
        }
    }
    mode client
    remote-host 10.101.101.101
    remote-port 5001
    tls {
        ca-cert-file /config/auth/ca.crt
        cert-file /config/auth/vyos-B2.crt
        key-file /config/auth/vyos-B2.key
    }
}

ospf {
    area 0.0.0.0 {
        network 10.0.10.0/24
        network 10.0.20.0/24
    }
    area 0.0.0.64 {
        network 10.64.16.0/24
    }
    parameters {
        abr-type cisco
        router-id 10.0.0.201
    }
    passive-interface default
    passive-interface-exclude vtun0
    passive-interface-exclude vtun1
}

remote router VyOS:

    openvpn vtun0 {
    description "Internet provider C"
    local-port 5000
    mode server
    server {
        client vyos-A1 {
            ip 10.0.10.201
            subnet 10.64.16.0/24
        }
        client vyos-B1 {
            ip 10.0.10.202
            subnet 10.64.16.0/24
        }
    }
    tls {
        ca-cert-file /config/auth/ca.crt
        cert-file /config/auth/keys/site.crt
        crl-file /config/auth/crl.pem
        dh-file /config/auth/dh2048.pem
        key-file /config/auth/site.key
    }
}
openvpn vtun1 {
    description "Internet provider D"
    local-port 5001
    mode server
    server {
        client vyos-A2 {
            ip 10.0.20.201
            subnet 10.64.16.0/24
        }
        client vyos-B2 {
            ip 10.0.20.202
            subnet 10.64.16.0/24
        }
    }
    tls {
        ca-cert-file /config/auth/ca.crt
        cert-file /config/auth/site.crt
        crl-file /config/auth/crl.pem
        dh-file /config/auth/dh2048.pem
        key-file /config/auth/site.key
    }
}

ospf {
    area 0.0.0.0 {
        network 10.0.10.0/24
        network 10.0.20.0/24
    }
    area 0.0.0.128 {
        network 10.128.16.0/24
    }
    parameters {
        abr-type cisco
        router-id 10.0.0.1
    }
    passive-interface default
    passive-interface-exclude vtun0
    passive-interface-exclude vtun1
}

This is my current attempt.
Andrea Ugoni

Add a Comment

Answers

EwaldvanGeffen
Updated 3,534 Days Ago
Actions

I have vyos w/ openvpn running ospf towards an ubuntu box in production. I remember there's some trick to get quaga to listen and respond on a tun. add the tuns /32 in the area or something.

Add a Comment

JFL
Updated 2,824 Days Ago
Actions

I have a similar issue on VyOS 1.1.8

the routers correctly exchange the routes when there's no configuration under interfaces openvpn vtunX ip ospf

If I add a "cost" or "bandwidth" statement, then the router stops sending (receiving?) the routes.

Add a Comment
This answer has been hidden.

New Answer

Answer

This question has been marked as closed, but you can still leave a new answer.