Having a lot of issues with initial setup - Please help

[loganx1121]

I have my onsense box connected to my core cisco switch.  LAN interface on opnsense is 192.168.87.1/30
L3 link on cisco switch is 192.168.87.2/30

on cisco switch:
conf t
router ospf 1
network 192.168.87.2 0.0.0.0 area 0

on opnsense I have downloaded the dynamic routing plugin, and configured ospf there - although I find it interesting that there is no area in opnsense like there is for cisco.  The area field seems to want a subnet mask instead of "area 0".  I did tk screenshots of the opnsense ospf config but it says they are too big to upload here.

I cannot get the ospf adjacency to form at all.  For the sake of getting things running, I thought I would add static routes to the various subnets on the core switch which are broken out into VLANs on that switch, but I can't seem to do that either.

I went to system > gateway and added the same IP (192.168.87.1) as a gateway on the LAN interface, but when I go to general > routing, the only selectable gateway is null6, what I assume is a loopback, and my INET (WAN)

If I go on my core switch and do:

ping 4.2.2.2 source vlan 50 - I get no replies

Any help is greatly appreciated.  I'm basically stuck.  Thanks any and all

[loganx1121]

Here is the ospf running config on opnsense

Current configuration:
!
frr version 6.0.2
frr defaults traditional
hostname Asgard-Wall.localdomain
log file /var/log/frr.log
!
interface igb1
ip ospf authentication message-digest
ip ospf dead-interval 3
ip ospf hello-interval 1
ip ospf message-digest-key 1 md5 Asgard91939
ip ospf network point-to-point
ip ospf priority 255
!
router ospf
ospf router-id 192.168.87.1
redistribute connected
redistribute static
passive-interface igb0
network 192.168.87.0/30 area 0.0.0.0
default-information originate always
!
line vty
!
end




I do have a gateway of last resort set on the cisco switch, so the default route is going to the LAN interface on the opnsense box.

[loganx1121]

I removed the message-digest key and the ospf adjacency formed, however none of the subnets that live on the core seem to be able to ping out to the internet (using 4.2.2.2)

It looks like none of the routes from the cisco devices are making it into the opnsense routing table even though the adjacency has formed....

[loganx1121]

I'm not seeing the ospf packets in the firewall logs but I'm not necessarily sure I'm supposed to either. It seems like the firewall isn't sending any hello's or responding. I turned the logging level to debug and I'm not seeing anything useful in there. I set my edge router back up to restore internet to my house.

I'd really like to know what the problem is. I do this for a living...ospf isn't really that hard to set up. I'm still stuck on why the adjacency formed when I removed the ospf authentication but I didn't see any of the routes in the opnsense routing table. I lost the adjacency again when I was trying to troubleshoot further and have not been able to get it back yet.

All of the gateways for the vlans are on the core switch:

Vlan 50 - 192.168.50.1 (Wifi Vlan)

Vlan 5 - 10.5.5.1 (Management Vlan)

Vlan 6 - 10.5.6.1 (Access Vlan)

Vlan 7 - 10.5.7.1 (Server Vlan)

All of these Vlans live on the core switch, meaning that's where the gateways are. They all have the same basic config. Example:

interface Vlan50

ip address 192.168.50.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip ospf message-digest-key 1 md5 7 somekey

ip ospf dead-interval 3

ip ospf hello-interval 1



I hooked my edge router back up, all ospf adjacency formed no problem. All my equipment is Cisco with the exception of the WiFi access point.

On the firewall I made rules for all of the subnets because I could see that they were being blocked, so I basically took all the Vlans and said - source interface LAN, put all the subnets in, and allowed access to any on any port. After I did that, I wasn't seeing any of my subnet traffic being blocked in the firewall logs.

I can't imagine what it would be. I'm not sure what to set within opnsense for the "network type" either. I tried broadcast, point-to-point, point-to-multipoint, none of that seemed to make a difference.

I have 6 interfaces on the box so I set up another one with a different /30 subent and plugged it into my core switch. I can ping the interface on the core switch side from my office PC, but I'm not getting replies from the other end of the interface on the FW, and I can't access the web UI from my office either. I wanted to see if I could get the ospf adjacency to form on a different interface but it seems like that's not going to work from in here either.

[loganx1121]

Here is the output from the opnsense ospf log with the log set to debug.  This is after I setup the new subnet on a /30 to the core switch and tried to make it work

06.10.2019 17:04:47 OSPF DR-Election[1st]: Backup 192.168.80.1
06.10.2019 17:04:47 OSPF DR-Election[1st]: DR 192.168.80.1
06.10.2019 17:04:47 OSPF DR-Election[2nd]: Backup 0.0.0.0
06.10.2019 17:04:47 OSPF DR-Election[2nd]: DR 192.168.80.1
06.10.2019 17:04:47 OSPF interface 192.168.80.1 [4] join AllDRouters Multicast group.
06.10.2019 17:04:47 OSPF EXT (ospf_ext_link_ism_change): Set LAN Adj. SID to interface igb3
06.10.2019 17:05:04 OSPF Terminating on signal
06.10.2019 17:05:04 OSPF ASBR[Status:0]: Update
06.10.2019 17:05:04 OSPF interface 192.168.87.1 [2] leave AllDRouters Multicast group.
06.10.2019 17:05:04 OSPF EXT (ospf_ext_link_ism_change): Set Adj. SID to interface igb1
06.10.2019 17:05:04 OSPF interface 192.168.80.1 [4] leave AllDRouters Multicast group.
06.10.2019 17:05:04 OSPF EXT (ospf_ext_link_ism_change): Set Adj. SID to interface igb3
06.10.2019 17:05:04 ZEBRA Client 'ospf' encountered an error and is shutting down.
06.10.2019 17:05:04 ZEBRA release_daemon_table_chunks: Released 0 table chunks
06.10.2019 17:05:04 ZEBRA release_daemon_label_chunks: Released 0 label chunks
06.10.2019 17:05:04 ZEBRA client 9 disconnected. 0 ospf routes removed from the rib
06.10.2019 17:05:04 ZEBRA Terminating on signal
06.10.2019 17:05:04 OSPF ASBR[Status:1]: Update
06.10.2019 17:05:04 ZEBRA client 9 says hello and bids fair to announce only ospf routes vrf=0
06.10.2019 17:05:04 OSPF ASBR[Status:1]: Update
06.10.2019 17:05:04 OSPF EXT (ospf_ext_link_ism_change): Set Adj. SID to interface igb1
06.10.2019 17:05:04 OSPF EXT (ospf_ext_link_ism_change): Set Adj. SID to interface igb3
06.10.2019 17:05:07 OSPF DR-Election[1st]: Backup 192.168.87.1
06.10.2019 17:05:07 OSPF DR-Election[1st]: DR 192.168.87.1
06.10.2019 17:05:07 OSPF DR-Election[2nd]: Backup 0.0.0.0
06.10.2019 17:05:07 OSPF DR-Election[2nd]: DR 192.168.87.1
06.10.2019 17:05:07 OSPF interface 192.168.87.1 [2] join AllDRouters Multicast group.
06.10.2019 17:05:07 OSPF EXT (ospf_ext_link_ism_change): Set LAN Adj. SID to interface igb1
06.10.2019 17:05:07 OSPF DR-Election[1st]: Backup 192.168.80.1
06.10.2019 17:05:07 OSPF DR-Election[1st]: DR 192.168.80.1
06.10.2019 17:05:07 OSPF DR-Election[2nd]: Backup 0.0.0.0
06.10.2019 17:05:07 OSPF DR-Election[2nd]: DR 192.168.80.1
06.10.2019 17:05:07 OSPF interface 192.168.80.1 [4] join AllDRouters Multicast group.
06.10.2019 17:05:07 OSPF EXT (ospf_ext_link_ism_change): Set LAN Adj. SID to interface igb3
06.10.2019 17:05:18 OSPF Terminating on signal
06.10.2019 17:05:18 OSPF ASBR[Status:0]: Update
06.10.2019 17:05:18 OSPF interface 192.168.87.1 [2] leave AllDRouters Multicast group.
06.10.2019 17:05:18 OSPF EXT (ospf_ext_link_ism_change): Set Adj. SID to interface igb1
06.10.2019 17:05:18 OSPF interface 192.168.80.1 [4] leave AllDRouters Multicast group.
06.10.2019 17:05:18 OSPF EXT (ospf_ext_link_ism_change): Set Adj. SID to interface igb3
06.10.2019 17:05:18 ZEBRA Client 'ospf' encountered an error and is shutting down.
06.10.2019 17:05:18 ZEBRA release_daemon_table_chunks: Released 0 table chunks
06.10.2019 17:05:18 ZEBRA release_daemon_label_chunks: Released 0 label chunks
06.10.2019 17:05:18 ZEBRA client 9 disconnected. 0 ospf routes removed from the rib
06.10.2019 17:05:18 ZEBRA Terminating on signal
06.10.2019 17:05:19 OSPF ASBR[Status:1]: Update
06.10.2019 17:05:19 ZEBRA client 9 says hello and bids fair to announce only ospf routes vrf=0
06.10.2019 17:05:19 OSPF ASBR[Status:1]: Update
06.10.2019 17:05:19 OSPF EXT (ospf_ext_link_ism_change): Set Adj. SID to interface igb1
06.10.2019 17:05:19 OSPF EXT (ospf_ext_link_ism_change): Set Adj. SID to interface igb3
06.10.2019 17:05:22 OSPF DR-Election[1st]: Backup 192.168.87.1
06.10.2019 17:05:22 OSPF DR-Election[1st]: DR 192.168.87.1
06.10.2019 17:05:22 OSPF DR-Election[2nd]: Backup 0.0.0.0
06.10.2019 17:05:22 OSPF DR-Election[2nd]: DR 192.168.87.1
06.10.2019 17:05:22 OSPF interface 192.168.87.1 [2] join AllDRouters Multicast group.
06.10.2019 17:05:22 OSPF EXT (ospf_ext_link_ism_change): Set LAN Adj. SID to interface igb1
06.10.2019 17:06:48 OSPF Terminating on signal
06.10.2019 17:06:48 OSPF ASBR[Status:0]: Update
06.10.2019 17:06:48 OSPF interface 192.168.87.1 [2] leave AllDRouters Multicast group.
06.10.2019 17:06:48 OSPF EXT (ospf_ext_link_ism_change): Set Adj. SID to interface igb1
06.10.2019 17:06:48 OSPF EXT (ospf_ext_link_ism_change): Set Adj. SID to interface igb3
06.10.2019 17:06:48 ZEBRA Client 'ospf' encountered an error and is shutting down.
06.10.2019 17:06:48 ZEBRA release_daemon_table_chunks: Released 0 table chunks
06.10.2019 17:06:48 ZEBRA release_daemon_label_chunks: Released 0 label chunks
06.10.2019 17:06:48 ZEBRA client 9 disconnected. 0 ospf routes removed from the rib
06.10.2019 17:06:48 ZEBRA Terminating on signal
06.10.2019 17:06:49 OSPF ASBR[Status:1]: Update
06.10.2019 17:06:49 ZEBRA client 9 says hello and bids fair to announce only ospf routes vrf=0
06.10.2019 17:06:49 OSPF ASBR[Status:1]: Update
06.10.2019 17:06:49 OSPF EXT (ospf_ext_link_ism_change): Set Adj. SID to interface igb1
06.10.2019 17:06:49 OSPF EXT (ospf_ext_link_ism_change): Set Adj. SID to interface igb3

[loganx1121]

Apparently the issue is with my core switch, although I have no idea why. I plugged the same port from the firewall into my access switch, configured ospf the same way, adjacency came up instantly and all the routes showed in opnsense. I'll have to test some more.