1
Virtual private networks / Re: OSPF via GRE/IPSec
« on: July 23, 2021, 11:03:44 am »
Hmm.. Seems like its a bug in FRR: https://github.com/FRRouting/frr/issues/3973
And its still not fixed
And its still not fixed
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Virtual private networks / Re: OSPF via GRE/IPSec
« on: July 23, 2021, 12:43:46 am »create a loopback and place all your devices in the same subnet for the loopback. place the loopback in the area 0. make sure your loopback is a passive interface.
Ok... I did:
* Interfaces - Other types - Loopback - Add (Description: "172.16.255.77". It is ok? I can't set text here, only ip-like record)
* Interfaces - Assignments - Loopback - Add. Set Enabled, IPv4 = Static, 172.16.255.77/32
* Routing - OSPF - Router ID set to "172.16.255.77", added loopback to passive interfaces
* Routing - OSPF - Networks - Add: 172.16.0.0/16, Area: 0.0.0.0
On mikrotik - add only network to area 0.0.0.0...
Now - i have additional route in ospf routes list on mikrotik... Without gateway/interface...
I think mikrotik just not understand "Wildcard" mask... It is possible to swith it on OPNsense (For compatability)?
On Mikrotik (Now his ID is "172.16.255.74"):
Code: [Select]
flags=
links (type, id, data, metric)
Stub 10.77.0.0 255.255.0.0 10
Point-To-Point 172.16.255.74 0.0.0.8 10
Stub 172.16.255.77 255.255.255.255 0
3
Virtual private networks / Re: OSPF via GRE/IPSec
« on: July 22, 2021, 07:35:49 pm »What is 172.16.255? 0.0.0.7 is a wildcard mask.172.16.255.74 = 10.74.0.1 (Router ID). Sorry, wrong screenshot (I just try to change router ID)
4
Virtual private networks / Re: OSPF via GRE/IPSec
« on: July 22, 2021, 05:29:45 pm »When you capture on GRE .. do you see OSPF packets in and out?Yep. Hello packets, LSA...
I see neighbors in OSPF on both routers, i see routes. But on OPNsense routes is correct, but on Mikrotik - with empty gateways/interfaces (see screenshot above).
I test OPNsense and Mikrotik (as 2nd router) and found difference:
OPNsense (fw_v21.1.8_1 / FRR_v7.4_6):
Code: [Select]
Type: Stub ID: 10.77.0.0 Data: 255.255.0.0 Metric: 10
Type: PTP ID: 10.74.0.1 Data: 0.0.0.8 Metric: 10
Mikrotik (fw_v6.48.3):Code: [Select]
Type: Stub ID: 10.77.0.0 Data: 255.255.0.0 Metric: 10
Type: PTP ID: 10.74.0.1 Data: 172.16.74.14 Metric: 10
Type: Stub ID: 172.16.74.12 Data: 255.255.255.252 Metric: 11
As you see - mikrotik send an additional "stub" route, but OPNsense - ony strange "0.0.0.8".
On Wiki i found - thats a port number (MIB-II notation) and Mikrotik won't understand this form of record (Or expect a regular route/ip address).
Any ideas how to fix it?
5
Virtual private networks / Re: OSPF via GRE/IPSec
« on: July 22, 2021, 09:57:47 am »
What exacly you want to see?
OSPF and GRE settings almost same on Mikrotik and OPNsense.
Router #1: 10.74.0.0/16 (Mikrotik, gre ip: 172.16.74.13)
Router #2: 10.77.0.0/16 (OPNsense, gre ip: 172.16.74.14)
GRE between routers: 172.16.74.12/30
Can ping both gre ip's. Can ping and access resource behind both routers if select interface manually or add static route.
But on mikrotik side - ospf won't work. Route added without gateway and interface.
OSPF config on OPNsense:
OSPF and GRE settings almost same on Mikrotik and OPNsense.
Router #1: 10.74.0.0/16 (Mikrotik, gre ip: 172.16.74.13)
Router #2: 10.77.0.0/16 (OPNsense, gre ip: 172.16.74.14)
GRE between routers: 172.16.74.12/30
Can ping both gre ip's. Can ping and access resource behind both routers if select interface manually or add static route.
But on mikrotik side - ospf won't work. Route added without gateway and interface.
OSPF config on OPNsense:
Code: [Select]
Current configuration:
!
frr version 7.4
frr defaults traditional
hostname gw.dc.sipcolor.ru.sipcolor.ru
log syslog notifications
!
router ospf
ospf router-id 10.77.0.1
passive-interface bridge0
passive-interface vtnet0
passive-interface vtnet1
network 10.77.0.0/16 area 0.0.0.0
network 172.16.74.12/30 area 0.0.0.0
!
line vty
!
end
6
Virtual private networks / Re: OSPF via GRE/IPSec
« on: July 21, 2021, 11:13:55 pm »
And same strange things for me.
On mikrotik side, on LSA tab i found this:
Wrong data (OPNsense)
Correct data (Mikrotik)
* 10.74.0.1/16 - Router ID of Mikrotik #1
* 10.77.0.1/16 - Router ID of OPNsense
172.16.0.0/30 - GRE tunnel network:
172.16.0.1 - mikrotik ip
172.16.0.2 - opnsense ip
What is "0.0.0.7" ?
Any ideas how to fix it (Make it work?)
Look like OSPF won't announce GRE tunnel network to Mikrotik, so mikrotik don't known how to route 10.77 network (And show it as "empty" gateway and interface)
note2:
In OPNSense, on "Network" side i add two networks: LAN and GRE (to area "0.0.0.0"). On "Interfaces" - LAN and GRE interfaces.
On mikrotik side, on LSA tab i found this:
Wrong data (OPNsense)
Code: [Select]
flags=
links (type, id, data, metric)
Point-To-Point 10.74.0.1 0.0.0.7 10
Stub 10.77.0.0 255.255.255.0 10
Correct data (Mikrotik)
Code: [Select]
flags=
links (type, id, data, metric)
Point-To-Point 10.74.0.1 172.16.0.2 10
Stub 172.16.0.0 255.255.255.252 10
Stub 10.77.0.0 255.255.255.0 10
Note:* 10.74.0.1/16 - Router ID of Mikrotik #1
* 10.77.0.1/16 - Router ID of OPNsense
172.16.0.0/30 - GRE tunnel network:
172.16.0.1 - mikrotik ip
172.16.0.2 - opnsense ip
What is "0.0.0.7" ?
Any ideas how to fix it (Make it work?)
Look like OSPF won't announce GRE tunnel network to Mikrotik, so mikrotik don't known how to route 10.77 network (And show it as "empty" gateway and interface)
note2:
In OPNSense, on "Network" side i add two networks: LAN and GRE (to area "0.0.0.0"). On "Interfaces" - LAN and GRE interfaces.
Pages: [1]