1
21.7 Legacy Series / Re: OPNsense in Google Cloud and IPsec Routed issue
« on: October 18, 2021, 05:35:15 am »
any solution to this?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
19.1 Legacy Series / FRR IPv4 routes are not displayed
« on: April 18, 2019, 09:13:58 am »OPNsense 19.1.6-amd64
FreeBSD 11.2-RELEASE-p9-HBSD
OpenSSL 1.0.2r 26 Feb 2019
with FRR package installed and up & running, under "Routing: Diagnostics: General" IPv4 is all empty. The IPv6 tab shows information on connected and other routes.
3
19.1 Legacy Series / Re: FRR package broken for OSPF Neighbors exchange
« on: April 18, 2019, 09:10:16 am »
the FRR package does not like the IP alias either. I configured one today and OSPF went down right away.
if you want to have a clean neighbor, add one east-west link between the firewalls and let OSPF be on this VLAN exclusively. when you got two firewalls, probably HA needs to be configured and use this link for that too.
my ospf config:
!
interface ix2_vlan20
ip ospf authentication message-digest
ip ospf cost 100
ip ospf message-digest-key 1 md5 supersecret
ip ospf priority 200
!
router ospf
ospf router-id 10.169.3.2
redistribute connected
passive-interface ix1
passive-interface ix3_vlan120
passive-interface ix3_vlan131
passive-interface openvpn
network 10.168.20.0/24 area 0.0.0.0 <--- peering interface ix2_vlan20
network 10.168.120.0/24 area 0.0.0.0
network 10.168.131.0/24 area 0.0.0.0
network 10.169.3.2/32 area 0.0.0.0
network 172.17.17.0/24 area 0.0.0.0
area 0.0.0.0 range 10.168.20.0/24
area 0.0.0.0 range 10.168.120.0/24
area 0.0.0.0 range 10.168.131.0/24
!
just replicate it similar and mirror on the second firewall.
if you want to have a clean neighbor, add one east-west link between the firewalls and let OSPF be on this VLAN exclusively. when you got two firewalls, probably HA needs to be configured and use this link for that too.
my ospf config:
!
interface ix2_vlan20
ip ospf authentication message-digest
ip ospf cost 100
ip ospf message-digest-key 1 md5 supersecret
ip ospf priority 200
!
router ospf
ospf router-id 10.169.3.2
redistribute connected
passive-interface ix1
passive-interface ix3_vlan120
passive-interface ix3_vlan131
passive-interface openvpn
network 10.168.20.0/24 area 0.0.0.0 <--- peering interface ix2_vlan20
network 10.168.120.0/24 area 0.0.0.0
network 10.168.131.0/24 area 0.0.0.0
network 10.169.3.2/32 area 0.0.0.0
network 172.17.17.0/24 area 0.0.0.0
area 0.0.0.0 range 10.168.20.0/24
area 0.0.0.0 range 10.168.120.0/24
area 0.0.0.0 range 10.168.131.0/24
!
just replicate it similar and mirror on the second firewall.
4
General Discussion / mdns repeater fro v6?
« on: April 13, 2019, 03:00:38 am »
installed the os-mdns-repeater, but this only works for v4, any option for v6?
5
19.1 Legacy Series / Re: FRR package broken for OSPF Neighbors exchange
« on: April 12, 2019, 06:55:18 pm »
replied on the netgate forum too...
OPNsense 19.1.6-amd64
FreeBSD 11.2-RELEASE-p9-HBSD
OpenSSL 1.0.2r 26 Feb 2019
I did more work yesterday and got ospf now working. Initially the opnsense fw connected right out from the initial install to my ubuntu frr ospf on the LAN interface. However after a few hours of configuration and setting up rules and interfaces, I noticed OSPF to be down.
by tracing back my steps, on my setup the CARP interface was the issue, apparently you cannot have a virtual carp interface for redundancy and ospf on the same interface. I noticed the "ununumbered" interface on interfaces having CARP enabled:
"This interface is UNNUMBERED, Area 0.0.0.0,No Hellos (Passive interface),No Hellos (Passive interface)"
As soon as I deleted the CARP config, OSPF came up. My solution was to add a new VLAN interface between the firewalls and all servers in need to custom gateways and run OSPF for routing sync there. Since the VLAN is only for routing, rules are very easy there.
last but not least, the OSPF config seems to be very picky, make sure all interfaces are set to broadcast on ethernet connections and not as default. In my setup I got a pfsense firewall, one opnsense firewall and several ubuntu VMs now connected.
OPNsense 19.1.6-amd64
FreeBSD 11.2-RELEASE-p9-HBSD
OpenSSL 1.0.2r 26 Feb 2019
I did more work yesterday and got ospf now working. Initially the opnsense fw connected right out from the initial install to my ubuntu frr ospf on the LAN interface. However after a few hours of configuration and setting up rules and interfaces, I noticed OSPF to be down.
by tracing back my steps, on my setup the CARP interface was the issue, apparently you cannot have a virtual carp interface for redundancy and ospf on the same interface. I noticed the "ununumbered" interface on interfaces having CARP enabled:
"This interface is UNNUMBERED, Area 0.0.0.0,No Hellos (Passive interface),No Hellos (Passive interface)"
As soon as I deleted the CARP config, OSPF came up. My solution was to add a new VLAN interface between the firewalls and all servers in need to custom gateways and run OSPF for routing sync there. Since the VLAN is only for routing, rules are very easy there.
last but not least, the OSPF config seems to be very picky, make sure all interfaces are set to broadcast on ethernet connections and not as default. In my setup I got a pfsense firewall, one opnsense firewall and several ubuntu VMs now connected.
Pages: [1]