I'm unable to get a basic frr ospf setup working. I have little experience with ospf, but managed to get it working on pfsense and vyos. When I add an area (0.0.0.0) to an interface other than LAN, opnsense crashes and reboots.
Too few details here. Any logs from the crash? Screenshot of console? Which type is "other than LAN"?
There are no backend or general log entries regarding FRR. I've got this in Routing - Diagnostics - Log:
08.09.2020 13:16:51 ZEBRA Terminating on signal
08.09.2020 13:16:52 ZEBRA client 11 says hello and bids fair to announce only ospf routes vrf=0
08.09.2020 13:19:10 ZEBRA client 11 says hello and bids fair to announce only ospf routes vrf=0
08.09.2020 16:49:28 ZEBRA client 11 says hello and bids fair to announce only ospf routes vrf=0
I'm using a Protectli unit with 6 ports. Port 1 is WAN, Port 2 is LAN. LAN and vlans on LANs interface (em1) work, I can add them to OSPF interfaces. I can't add other interfaces though. So, I don't want to add em1 to OSPF but I want to add em3. As soon as I try to add 0.0.0.0 as an area to em3, it crashes.
EDIT: If LAN is added as interface and I try to add another one without anything in its area, I'm getting the following in logs:
08.09.2020 17:03:57 ZEBRA [EC 4043309121] Client 'ospf' encountered an error and is shutting down.
08.09.2020 17:03:57 ZEBRA client 11 disconnected 0 ospf routes removed from the rib
08.09.2020 17:03:57 ZEBRA Terminating on signal
08.09.2020 17:03:58 ZEBRA client 11 says hello and bids fair to announce only ospf routes vrf=0
But the FRR service still seems to run
It seems if I set the interface as passive before adding the area, it doesn't crash.
You also need to set up the network tab, can you try this?
Quote from: mimugmail on September 08, 2020, 04:18:18 PM
You also need to set up the network tab, can you try this?
Oh, didn't know I have to do that. I'm adding a network for em3 (R720 in the screenshots). Does this look ok? I've applied this and removed R720 from passive interfaces and it crashed again.
Do you have a console output during the crash?
Quote from: mimugmail on September 08, 2020, 05:48:23 PM
Do you have a console output during the crash?
Unfortunately no, the unit is remote. Since then I've tried replicating the configs from vyos and pfsense. I've removed interfaces and tried to configure via Network tab.
I then removed LAN from passive interfaces. Worked. Removed em3 from passive interfaces and it crashed.
Current configuration:
!
frr version 7.4
frr defaults traditional
hostname opnedge.xxx.xyz
log file /var/log/frr.log notifications
log syslog notifications
!
router ospf
ospf router-id 172.16.68.68
passive-interface em1
passive-interface em1_vlan37
passive-interface em3
passive-interface pppoe0
network 172.16.68.0/24 area 0.0.0.0
!
line vty
!
endEdit: these are the last lines in syslog before crashing:
Sep 8 18:55:34 opnedge kernel: pflog0: promiscuous mode disabled
Sep 8 18:55:34 opnedge kernel: pflog0: promiscuous mode enabled
Sep 8 18:58:37 opnedge kernel: pflog0: promiscuous mode disabled
Sep 8 18:58:37 opnedge kernel: pflog0: promiscuous mode enabled
Sep 8 19:00:44 opnedge syslogd: kernel boot file is /boot/kernel/kernel
Sep 8 19:00:44 opnedge kernel: ---<<BOOT>>---
Sep 8 19:00:44 opnedge kernel: Copyright (c) 2013-2019 The HardenedBSD Project.
Sep 8 19:00:44 opnedge kernel: Copyright (c) 1992-2019 The FreeBSD Project.Note: I was thinking maybe it's a hardware problem but I have pfsense installed on 2 identical units and ospf works fine.
Issue seems solved with latest version, 20.7.3
Really? Previous was 20.7.2?
Quote from: mimugmail on October 02, 2020, 06:05:04 AM
Really? Previous was 20.7.2?
Sorry for the late reply, I didn't notice your message.
Yes it was either 20.7.2 or 1 version earlier, can't remember exactly.The FRR package was also updated between my first and second attempt.
The issue wasn't completely fixed. With the updated version, the opnsense would no longer insta-reboot when trying to startup OSPF, instead it completely locked about 5 minutes after writing the forum post. It wouldn't route anything, not even on LAN. I had to reinstall opnsense and gave up till today.
I'm giving it another go, baby steps.
Having entries in both Networks and Interfaces the log would show something like:
Command returned Warning Config Failed on config line 21: network [network subnet/24] area 0.0.0.0Now I have it like this:
- every interface to passive except for loopback and LAN (LAN is actually a VLAN).
- Disabled all entries in the "Networks" tab. Added LAN to the "Interfaces" tab Area 0.0.0.0. Everything else is default
- Route redistribution: Connected routes
- no prefix lists or route maps
I'm going to run it like this for a few hours, then reboot and see if at least this is stable. Then I'm enabling OSPF on the downstream pfsense's WAN for route redistribution.
What's confusing for me, is that pfsense uses "Interfaces" whereas on VyOS I've set "Networks" and opnsense has both.
EDITFound 2 users with a similar but successful setup which I'm replicating:
https://forum.opnsense.org/index.php?topic=17629.msg80064#msg80064
https://forum.opnsense.org/index.php?topic=12413.msg57357#msg57357
I've deleted "Area" in the interfaces tab and added it to "Networks". Then I've added 2 networks with Area 0.0.0.0 and also filled in the "Area Range" with the subnets/24 on which they're on.
Quote from: blusens on October 19, 2020, 12:15:37 PM
I've deleted "Area" in the interfaces tab and added it to "Networks". Then I've added 2 networks with Area 0.0.0.0 and also filled in the "Area Range" with the subnets/24 on which they're on.
Yes, don't use Area in Interface when you already use it in Networks.
No idea about Area Range, don't think this is required.
I gave up. FRR and OSPF start, seem to work and after a few minutes the unit (protectli btw) becomes unresponsive. After a reboot I can access the webui for a few minutes then it becomes unresponsive again. For now I'm switching back to pfsense which doesn't present this issue. Thanks for the suggestions so far.
Can you send me your config so I can try to reproduce?
Quote from: mimugmail on October 20, 2020, 05:03:26 PM
Can you send me your config so I can try to reproduce?
Hey, sorry for not replying. I didn't get a notification.
I'm gonna try this again soon. I hope I'll make it work this time.
I came back to report that FRR OSPF worked this time. The only difference since last time is that now it's running in a proxmox VM instead of baremetal. For future reference, I've added entries in interfaces and networks (here I've added the "active" networks where OSPF should send packages).