ospfd and L2VPN routes

Fri, 28 Feb 2014 12:43:30 -0800 

I'm currently setting up an L2TP VPN with npppd. I've got the VPN piece
working, and can send packets between the client and the openbsd box
running the vpn. However, I'm currently using ospfd for routing between
the rest of the network and the openbsd box, and it doesn't seem to be
pushing routes for the IP addresses in use by the clients.

So, after a couple VPN clients connect, there are pppx interfaces:

pppx0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1360
        description: henson
        priority: 0
        groups: pppx
        inet 10.128.120.1 --> 10.128.120.82 netmask 0xffffffff

pppx1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1360
        description: henson
        priority: 0
        groups: pppx
        inet 10.128.120.1 --> 10.128.120.121 netmask 0xffffffff

and the local routing tables know how to get to them:

Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
10.128.120.82      10.128.120.1       UH         0       10     -     4 pppx0
10.128.120.121     10.128.120.1       UH         0       63     -     4 pppx1

ospfd seems to know *something* about the /24 I've allocated to the VPN:

flags: * = valid, O = OSPF, C = Connected, S = Static
Flags  Prio Destination          Nexthop          
*C        4 10.128.110.0/24      link#7
          4 10.128.120.43/32     10.128.120.1
          4 10.128.120.45/32     10.128.120.1
          4 10.128.120.82/32     10.128.120.1
          4 10.128.120.107/32    10.128.120.1
          4 10.128.120.121/32    10.128.120.1
          4 10.128.120.160/32    10.128.120.1
          4 10.128.120.163/32    10.128.120.1
          4 10.128.120.165/32    10.128.120.1
          4 10.128.120.208/32    10.128.120.1
          4 10.128.120.212/32    10.128.120.1
          4 10.128.120.214/32    10.128.120.1
          4 10.128.120.219/32    10.128.120.1
          4 10.128.120.223/32    10.128.120.1
          4 10.128.120.233/32    10.128.120.1
          4 10.128.120.246/32    10.128.120.1
          4 10.128.120.248/32    10.128.120.1
*O       32 10.128.130.0/24      10.128.0.14

But it doesn't have the active ones marked as valid, and it's not pushing
them, so there's no traffic flow between the vpn client and the network.

I currently have ospfd set to:

redistribute default
redistribute connected

While I am pushing a default route, I also have lower priority null routes
set on the other network equipment:

ip route 10.0.0.0 255.0.0.0 Null0 254
ip route 172.16.0.0 255.240.0.0 Null0 254
ip route 192.168.0.0 255.255.0.0 Null0 254

So they will blackhole any address space not valid on the network.

Am I missing some configuration that will make ospfd push out routes to
the client VPN addresses?

Thanks...

Reply via email to