OPNsense Forum

English Forums => General Discussion => Topic started by: vrod on April 11, 2018, 12:51:21 pm

Title: OSPF through OpenVPN
Post by: vrod on April 11, 2018, 12:51:21 pm
Hello everyone,

I'm a fresh user of OPNSense. For the longest time I've been running pfsense as a virtual machine but I wanted to separate the firewall from the virtual infrastructure... In that case I have been looking at OPNSense to replace pfsense for multiple reasons (pfsense now more commercial, more features with OPNSense, etc.) and I have currently set up my hardware appliance (IBM x3650 M3).

I need to connect 3 offices and in pfsense I've been using Quagga OSPF to do the routing. Now, most of you here are aware of the fact that the GUI doesn't allow you to add the ovpns interfaces to the OSPF instance (is there any plans to make this possible soon?). I have seen that people have circumvented this by adding the interfaces directly to the OSPF config itself but where is this located? OSPF is a must for me and I would really like to use OPNSense together with it.

I hope someone here could help out, that would be great. :)

Regards,
Chris
Title: Re: OSPF through OpenVPN
Post by: fabian on April 11, 2018, 01:08:13 pm
You can find the configuration file here:
OSPFv2 (IPv4): https://github.com/opnsense/plugins/blob/master/net/frr/src/opnsense/service/templates/OPNsense/Quagga/ospfd.conf
OSPFv3 (IPv6): https://github.com/opnsense/plugins/blob/master/net/frr/src/opnsense/service/templates/OPNsense/Quagga/ospf6d.conf

The src directory in git is the /usr/local directory on the device. Please note that this will will be reset when the plugin gets an update.
Title: Re: OSPF through OpenVPN
Post by: vrod on April 11, 2018, 01:30:33 pm
Greetings and thanks for the fast reply! I replaced the contents in ospfd.conf but still can't see the option to add the ovpns interfaces. Still get the same ones. Do I need to do something specific for it to work?
Title: Re: OSPF through OpenVPN
Post by: fabian on April 11, 2018, 01:37:55 pm
No, the problem comes from core and affects all plugins. The "InterfaceField" does not return the VPN-Interfaces separately which is the reason why the plugin does not allow you to configure the OpenVPN interfaces correctly. That is the reason why the only way to configure that is by manipulating the template or temporary using vtysh.
Title: Re: OSPF through OpenVPN
Post by: vrod on April 11, 2018, 01:46:40 pm
OK sorry for my stupidity but I am a little confused then.  :o

So, this means there's no way to do it? Will I have to amend the configuration file itself (where you have networks and interfaces configured)?
Title: Re: OSPF through OpenVPN
Post by: fabian on April 11, 2018, 02:02:36 pm
Yes, you have to modify the configuration file by yourself (even better would be the template I linked above).
Title: Re: OSPF through OpenVPN
Post by: vrod on April 13, 2018, 04:23:00 pm
Hello,

I've been a bit busy so I have just gotten the time now to try this out.

I am still not exactly sure what you mean, but I applied the config that you linked to, to the folder on the opnsense firewall. I then went into /usr/local/etc/frr/ospfd.conf and added "interface ovpns1" and "interface ovpns2".

Saved file and then went to webui to reload the service. Now the interface statements has been removed. Am I not supposed to reload the service through the webui?
Title: Re: OSPF through OpenVPN
Post by: fabian on April 13, 2018, 04:46:54 pm
You have to edit the template. This file is the real file used by the service which will be overwritten via configd every time you change something in the GUI or at events like booting or upgrading. The template is the one I mentioned earlier.
Title: Re: OSPF through OpenVPN
Post by: vrod on April 13, 2018, 04:53:07 pm
Aha! I have figured it out now. :) The "real" ospfd.conf gets generated from the template that you linked to me... so I threw in interface ovpns1/2 in the template before router ospf and it's there now. Awesome, thank you!
Title: Re: OSPF through OpenVPN
Post by: favy on August 13, 2019, 12:18:27 pm
Hello, sorry for bringing up this thread but I have the same problem in 19.7. If I understand correctly, Fabian says to copy-paste the code at https://github.com/opnsense/plugins/blob/master/net/frr/src/opnsense/service/templates/OPNsense/Quagga/ospfd.conf to /usr/local/opnsense/service/templates/OPNsense/Quagga/ospfd.conf
The problem I have is that the code linked in github is already what I have on my machine so I'm not sure what I should do.