"
Hmm.. Seems like its a bug in FRR: https://github.com/FRRouting/frr/issues/3973
And its still not fixed :(
And its still not fixed :(
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
Virtual private networks / Re: OSPF via GRE/IPSec
July 23, 2021, 12:43:46 AMQuote from: lilsense on July 22, 2021, 09:38:56 PM
create a loopback and place all your devices in the same subnet for the loopback. place the loopback in the area 0. make sure your loopback is a passive interface.
Ok... I did:
* Interfaces - Other types - Loopback - Add (Description: "172.16.255.77". It is ok? I can't set text here, only ip-like record)
* Interfaces - Assignments - Loopback - Add. Set Enabled, IPv4 = Static, 172.16.255.77/32
* Routing - OSPF - Router ID set to "172.16.255.77", added loopback to passive interfaces
* Routing - OSPF - Networks - Add: 172.16.0.0/16, Area: 0.0.0.0
On mikrotik - add only network to area 0.0.0.0...
Now - i have additional route in ospf routes list on mikrotik... Without gateway/interface...
I think mikrotik just not understand "Wildcard" mask... It is possible to swith it on OPNsense (For compatability)?
On Mikrotik (Now his ID is "172.16.255.74"):
Code Select
flags=
links (type, id, data, metric)
Stub 10.77.0.0 255.255.0.0 10
Point-To-Point 172.16.255.74 0.0.0.8 10
Stub 172.16.255.77 255.255.255.255 0
#3
Virtual private networks / Re: OSPF via GRE/IPSec
July 22, 2021, 07:35:49 PMQuote from: mimugmail on July 22, 2021, 07:20:02 PM172.16.255.74 = 10.74.0.1 (Router ID). Sorry, wrong screenshot (I just try to change router ID)
What is 172.16.255? 0.0.0.7 is a wildcard mask.
#4
Virtual private networks / Re: OSPF via GRE/IPSec
July 22, 2021, 05:29:45 PMQuote from: mimugmail on July 22, 2021, 02:58:08 PMYep. Hello packets, LSA...
When you capture on GRE .. do you see OSPF packets in and out?
I see neighbors in OSPF on both routers, i see routes. But on OPNsense routes is correct, but on Mikrotik - with empty gateways/interfaces (see screenshot above).
I test OPNsense and Mikrotik (as 2nd router) and found difference:
OPNsense (fw_v21.1.8_1 / FRR_v7.4_6):
Code Select
Type: Stub ID: 10.77.0.0 Data: 255.255.0.0 Metric: 10
Type: PTP ID: 10.74.0.1 Data: 0.0.0.8 Metric: 10
Mikrotik (fw_v6.48.3):
Code Select
Type: Stub ID: 10.77.0.0 Data: 255.255.0.0 Metric: 10
Type: PTP ID: 10.74.0.1 Data: 172.16.74.14 Metric: 10
Type: Stub ID: 172.16.74.12 Data: 255.255.255.252 Metric: 11
As you see - mikrotik send an additional "stub" route, but OPNsense - ony strange "0.0.0.8".
On Wiki i found - thats a port number (MIB-II notation) and Mikrotik won't understand this form of record (Or expect a regular route/ip address).
Any ideas how to fix it?
#5
Virtual private networks / Re: OSPF via GRE/IPSec
July 22, 2021, 09:57:47 AM
What exacly you want to see?
OSPF and GRE settings almost same on Mikrotik and OPNsense.
Router #1: 10.74.0.0/16 (Mikrotik, gre ip: 172.16.74.13)
Router #2: 10.77.0.0/16 (OPNsense, gre ip: 172.16.74.14)
GRE between routers: 172.16.74.12/30
Can ping both gre ip's. Can ping and access resource behind both routers if select interface manually or add static route.
But on mikrotik side - ospf won't work. Route added without gateway and interface.
OSPF config on OPNsense:
OSPF and GRE settings almost same on Mikrotik and OPNsense.
Router #1: 10.74.0.0/16 (Mikrotik, gre ip: 172.16.74.13)
Router #2: 10.77.0.0/16 (OPNsense, gre ip: 172.16.74.14)
GRE between routers: 172.16.74.12/30
Can ping both gre ip's. Can ping and access resource behind both routers if select interface manually or add static route.
But on mikrotik side - ospf won't work. Route added without gateway and interface.
OSPF config on OPNsense:
Code Select
Current configuration:
!
frr version 7.4
frr defaults traditional
hostname gw.dc.sipcolor.ru.sipcolor.ru
log syslog notifications
!
router ospf
ospf router-id 10.77.0.1
passive-interface bridge0
passive-interface vtnet0
passive-interface vtnet1
network 10.77.0.0/16 area 0.0.0.0
network 172.16.74.12/30 area 0.0.0.0
!
line vty
!
end
#6
Virtual private networks / Re: OSPF via GRE/IPSec
July 21, 2021, 11:13:55 PM
And same strange things for me.
On mikrotik side, on LSA tab i found this:
Wrong data (OPNsense)
Correct data (Mikrotik)
Note:
* 10.74.0.1/16 - Router ID of Mikrotik #1
* 10.77.0.1/16 - Router ID of OPNsense
172.16.0.0/30 - GRE tunnel network:
172.16.0.1 - mikrotik ip
172.16.0.2 - opnsense ip
What is "0.0.0.7" ?
Any ideas how to fix it (Make it work?)
Look like OSPF won't announce GRE tunnel network to Mikrotik, so mikrotik don't known how to route 10.77 network (And show it as "empty" gateway and interface)
note2:
In OPNSense, on "Network" side i add two networks: LAN and GRE (to area "0.0.0.0"). On "Interfaces" - LAN and GRE interfaces.
On mikrotik side, on LSA tab i found this:
Wrong data (OPNsense)
Code Select
flags=
links (type, id, data, metric)
Point-To-Point 10.74.0.1 0.0.0.7 10
Stub 10.77.0.0 255.255.255.0 10
Correct data (Mikrotik)
Code Select
flags=
links (type, id, data, metric)
Point-To-Point 10.74.0.1 172.16.0.2 10
Stub 172.16.0.0 255.255.255.252 10
Stub 10.77.0.0 255.255.255.0 10
Note:
* 10.74.0.1/16 - Router ID of Mikrotik #1
* 10.77.0.1/16 - Router ID of OPNsense
172.16.0.0/30 - GRE tunnel network:
172.16.0.1 - mikrotik ip
172.16.0.2 - opnsense ip
What is "0.0.0.7" ?
Any ideas how to fix it (Make it work?)
Look like OSPF won't announce GRE tunnel network to Mikrotik, so mikrotik don't known how to route 10.77 network (And show it as "empty" gateway and interface)
note2:
In OPNSense, on "Network" side i add two networks: LAN and GRE (to area "0.0.0.0"). On "Interfaces" - LAN and GRE interfaces.
Pages1
