Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
BGP/VTI/IPSEC/Loopback/Cisco Woes
« previous
next »
Print
Pages: [
1
]
Author
Topic: BGP/VTI/IPSEC/Loopback/Cisco Woes (Read 2529 times)
xoclutch
Newbie
Posts: 6
Karma: 1
BGP/VTI/IPSEC/Loopback/Cisco Woes
«
on:
September 02, 2019, 11:26:08 pm »
Been banging my head on VTI/Ipsec/BGP shit between these two sites. Have static routes working, Traffic flowing, But the BGP peer on the Opnsense2 Side wont even attempt to make a connection. frr seems to not like the setup, I've edited the conf file and added update-source lo0 and ebgp-multihop 255, but nothing seems to work. Thoughts? Setup below:
Cisco 9200 -> Opnsense1 -> IPSEC/VTI/Internet -> Opnsense2
Cisco 9200 = Loopback 0 = 192.168.0.21
router bgp 395021
neighbor 192.168.0.3 remote-as 65001
neighbor 192.168.0.3 ebgp-multihop 255
neighbor 192.168.0.3 update-source Loopback0
Opnsense2 = Loopback = 192.168.0.3
router bgp 65001
bgp router-id 192.168.0.3
neighbor 192.168.0.21 remote-as 395021
VTI:
Opsense1: 192.168.199.1
Opsense2: 192.168.199.2
Opsense2:
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.0.21 4 395021 0 0 0 0 0 never Active
Cisco 9200:
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.0.3 4 65001 0 1 1 0 0 00:00:23 OpenSent
Static Routes:
Opsense2:
192.168.0.21 - Gateway 192.168.199.1
Opsense1:
192.168.0.3 - Gateway 192.168.199.2
Cisco 9200:
Gets Routes via Ospf
#ping 192.168.0.3 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.3, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.21
!!!!!
Logged
xoclutch
Newbie
Posts: 6
Karma: 1
Re: BGP/VTI/IPSEC/Loopback/Cisco Woes
«
Reply #1 on:
September 03, 2019, 12:40:51 am »
Actually I think I know whats going on... I think the Connected subnets arnt being routed correctly.. Sorry for the trouble
Logged
xoclutch
Newbie
Posts: 6
Karma: 1
Re: BGP/VTI/IPSEC/Loopback/Cisco Woes [SOLVED]
«
Reply #2 on:
September 03, 2019, 05:48:08 am »
router bgp 65001
bgp router-id 192.168.0.3
bgp disable-ebgp-connected-route-check
neighbor 192.168.0.21 remote-as 395021
neighbor 192.168.0.21 ebgp-multihop 255
neighbor 192.168.0.21 disable-connected-check
neighbor 192.168.0.21 update-source lo0
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: BGP/VTI/IPSEC/Loopback/Cisco Woes
«
Reply #3 on:
September 03, 2019, 05:57:48 am »
So, you need these two available via UI?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
BGP/VTI/IPSEC/Loopback/Cisco Woes