FRR plugin is at version 1.42..

[Deathmage85]

Hello,

New to OPNsense.

I've been running into OPSF neighbor relationship problems for over a week and been hammering at this right to get this to work with a Netgear and Cisco switch topology.

I've been a CCNA since 2005, and nearly all of my networking at home is based on the Cisco-CLI.

I presently have a Sophos XG firewall as my edge connected to a Netgear M4300 switch that is dishing out OSFP for layer 3. Right now its working correctly and has been for the past 5+ years.

I recently purchased a Protectli VP6630 firewall and deployed OPNsense on the vault.

Right now, I can not for the death of me get the OPNsense to form a OSPF neighbor relationship with the Netgear M4300. I know its not the switch cause it forms correctly to the Sophos XG firewall.

My M4300 on all of the interfaces sent from the OPNsense show up, but they settle on 'Init/BACKUP-DR' for the native vLAN and 'Ex Start/DR-OTHER' on the other vlans.

I've set the MTU on the OPNsense side to 1500 and also forced a MTU of 1500 on the Netgear side via CLI. The Netgear is presenting the vLAN's to the OPNsense via "switchport mode trunk | switchport trunk allow vlan 1, 200, 300 | ip mtu 1500 | ip ospf area 0".

The Hello intervals are 10, an dead intervals are 40 on both ends. The interface for OSPF is set to broadcast, and i've tried all of the AAA types, and just using none for AAA right now.

I'm using the auto-deployed OSPF rules, but I did trying to disable the auto rules and manually create a OSPF Multicast, UDP, IGMP Multicast (all 3 of them as inbound/bound) so 6 rules in total for all OSPF-enable interfaces on the OPNsense.

I'm honestly stumped right now and not sure why the FRR is not working.

If anyone has had this problem and knows how to get around it, please let me know.

Note: I tried to disable the firewall under the Advanced setting as I found in a OPNsense forum article, but it didn't fix the problem under the latest build.

I noticed on the FRR website they manage a Github, the latest stable build of FRR is 10.2.1 but the plugin the OPNsense can fetch is 1.42 from March 4th 2017; is there any reason the OPNsense is using an 8 year old plugin for routing?

[Monviech (Cedrik)]

Actually its using frr 8

https://github.com/opnsense/ports/blob/f005f9c9a34daafec0d596d02400f78982bb168c/net/frr8/Makefile#L2

As you can see here frr 8 is stable and actively maintained:

https://github.com/FRRouting/frr/releases/tag/frr-8.4.7

Sponsored by Netflix:

https://www.freshports.org/net/frr8/

[Deathmage85]

you are 100% right. I've only have OPNsense for about 2 weeks now. I was looking at the plugin version of 1.42, after looking at the running config I see its frr 8.

Asking the gents on the FRR slack if they have seen the latest version of frr 10 has fixed the ospf peering problems since frr 8.

I'm learning this new firewall slowly but surely.

Its very different from my Fortigate 100F and Sophos XG firewalls in form and function. It reminds me of a ASA back in the day.