On Mon, Oct 17, 2005 at 09:39:01AM -0400, stan wrote:
> I'm trying to do something that should be simple with ospfd from a snapshot
> from last week.
>
> I have a pair of carp's firewall/gatway boxes (3.7 machines) and they
> connect a single subnet to the corporate network. Corporate wans to move
> from rip to ospf. I'v set up the following ospfd.conf file:
>
>
> # $OpenBSD: ospfd.conf,v 1.2 2005/02/06 20:07:09 norby Exp $
>
> # macros
> # password="secret"
>
> # global configuration
> router-id 170.85.113.111
> # fib-update no
> # spf-delay 1
> # spf-holdtime 5
>
> # auth-key $password
> # auth-type none
> # hello-interval 10
> # metric 10
> # retransmit-interval 5
> # router-dead-time 40
> # router-priority 1
> # transmit-delay 1
>
> # areas
> area 0.0.0.120 {
> interface fxp0 {
> auth-type none
> }
> }
>
>
> fxp0 is the "external" interface. The CARP interface is fxp1, and the
> "internal" interface is fxp2. Presently I have pf off.
>
> When I start ospfd I get the routes advertised by corporate, but they don't
> see my route.
>
> What am I doing wrong?
>
You're not advertising any routes with this setup. "redistribute static"
is probably what you are looking for.
Another option would be to use passive interfaces like
area 0.0.0.120 {
interface fxp0 {
auth-type none
}
interface fxp2 {
passive
}
interface carp0 {
passive
}
}
Side note: auth-type none is OK for testing but auth-type crypt should be
considered production.
--
:wq Claudio
