site to site vpn with frr.

[crash]

hey,
so I have two opnsense boxes
siteA:10.5.0.0/24 (pppoe WAN)
siteB:10.10.0.0/24 (dhcp NATed WAN)
in each site I have some other subnets aswell (say for example 172.16.0.0/24 + 192.168.160.0/24 in siteA and 172.18.0.0/24 + 172.168.5.0/24 on siteB).

what I'm looking for is to connect the sites together with a site to site vpn and the the route to different networks be distributed between them (so any site can access any subnet).

rn I have a ZT tunnel between sites and tried dynamic routing via osfp but for some reason tunnel flaps (tunnel comes up but after a minute or so gets disconnected, then reconnects and the cycle repeats; this happens with OSPF ENABLED on the zt interface).
I tried adding some route maps (to prevent routes to wan being distributed) but was not successful.

what is the correct approach to doing the above?

ospf conf:

Code Select Expand

Current configuration:
!
frr version 8.5.3
frr defaults traditional
hostname siteA.*
log syslog
!
interface lo0
....(all interfaces except zt set as passive)

exit
!
interface zt********
ip ospf area 0.0.0.1
ip ospf network point-to-point
exit
!
router ospf
ospf router-id 10.5.0.1
redistribute connected
exit
!
end

siteB conf is the same with a diffrent router id.


- zt interface network is 172.25.0.0/16
- zt interface has routes set like so (in zt website):
10.5.0.1 via 172.25.0.1(siteA zt IP)
10.10.0.1 via 172.25.0.2(siteB zt IP)