Been banging my head on VTI/Ipsec/BGP shit between these two sites. Have static routes working, Traffic flowing, But the BGP peer on the Opnsense2 Side wont even attempt to make a connection. frr seems to not like the setup, I've edited the conf file and added update-source lo0 and ebgp-multihop 255, but nothing seems to work. Thoughts? Setup below:
Cisco 9200 -> Opnsense1 -> IPSEC/VTI/Internet -> Opnsense2
Cisco 9200 = Loopback 0 = 192.168.0.21
router bgp 395021
neighbor 192.168.0.3 remote-as 65001
neighbor 192.168.0.3 ebgp-multihop 255
neighbor 192.168.0.3 update-source Loopback0
Opnsense2 = Loopback = 192.168.0.3
router bgp 65001
bgp router-id 192.168.0.3
neighbor 192.168.0.21 remote-as 395021
VTI:
Opsense1: 192.168.199.1
Opsense2: 192.168.199.2
Opsense2:
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.0.21 4 395021 0 0 0 0 0 never Active
Cisco 9200:
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.0.3 4 65001 0 1 1 0 0 00:00:23 OpenSent
Static Routes:
Opsense2:
192.168.0.21 - Gateway 192.168.199.1
Opsense1:
192.168.0.3 - Gateway 192.168.199.2
Cisco 9200:
Gets Routes via Ospf
#ping 192.168.0.3 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.3, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.21
!!!!!
Actually I think I know whats going on... I think the Connected subnets arnt being routed correctly.. Sorry for the trouble
router bgp 65001
bgp router-id 192.168.0.3
bgp disable-ebgp-connected-route-check
neighbor 192.168.0.21 remote-as 395021
neighbor 192.168.0.21 ebgp-multihop 255
neighbor 192.168.0.21 disable-connected-check
neighbor 192.168.0.21 update-source lo0
So, you need these two available via UI?