Re: multilink VPN

Sun, 31 May 2009 06:18:28 -0700 

On 2009-05-31, Stuart Henderson <s...@spacehopper.org> wrote:
> On 2009-05-29, Stuart Henderson <s...@spacehopper.org> wrote:
>>
>> OSPF over gre's or gif's (which can then themselves be protected by
>> ipsec) is probably the fastest option at present on OpenBSD.
>
> Hrmm. And then I try it...
>
> Does anyone actually have this working and if so would they mind
> sharing config? I'm seeing the hellos go out the physical interface
> rather than the gre.
>
> # tcpdump -nivr0 -vv proto ospf
> 13:00:18.661860 85.158.44.158 > 224.0.0.5: OSPFv2-hello 44: rtrid 
> 85.158.44.149 backbone auth MD5 E mask 255.255.255.255 int 1 pri 1 dead 4 
> nbrs [tos 0xc0] [ttl 1] (id 53330, len 80)
> 13:00:19.672022 85.158.44.158 > 224.0.0.5: OSPFv2-hello 44: rtrid 
> 85.158.44.149 backbone auth MD5 E mask 255.255.255.255 int 1 pri 1 dead 4 
> nbrs [tos 0xc0] [ttl 1] (id 23013, len 80)
> 13:00:20.682184 85.158.44.158 > 224.0.0.5: OSPFv2-hello 44: rtrid 
> 85.158.44.149 backbone auth MD5 E mask 255.255.255.255 int 1 pri 1 dead 4 
> nbrs [tos 0xc0] [ttl 1] (id 23179, len 80)
> 13:00:21.692350 85.158.44.158 > 224.0.0.5: OSPFv2-hello 44: rtrid 
> 85.158.44.149 backbone auth MD5 E mask 255.255.255.255 int 1 pri 1 dead 4 
> nbrs [tos 0xc0] [ttl 1] (id 60275, len 80)
>
> # tcpdump -nigre0 -vv proto ospf
><nothing>
>
> The gre itself is fine, I can ping over it and the packets show up
> correctly on gre0, and also correctly on vr0 marked with "(gre encap)".
> It's correct (per RFC2328 8.1) that AllSPFRouters is used rather than
> the tunnel endpoint addresses even on point-to-point.
>
>

Hrmm and double hrmm.

startup
orig_rtr_lsa: area 0.0.0.0
orig_rtr_lsa: stub net, interface vr0
if_fsm: event UP resulted in action START and changing state for interface vr0 
from DOWN to WAIT
if_join_group: error IP_ADD_MEMBERSHIP, interface gre0 address 224.0.0.5: 
Address already in use

<st...@troll:~:3>$ sudo grep -A3 area /etc/ospfd.conf                           
                                          
area 0.0.0.0 {
        interface gre0 { metric 200 }
        interface vr0
}

<st...@troll:~:4>$ ifconfig gre0
gre0: flags=9011<UP,POINTOPOINT,LINK0,MULTICAST> mtu 1476
        priority: 0
        groups: gre
        physical address inet 85.158.44.158 --> 195.95.187.1
        inet6 fe80::20d:b9ff:fe13:5198%gre0 ->  prefixlen 64 scopeid 0x6
        inet 85.158.44.158 --> 195.95.187.1 netmask 0xffffffff

<st...@troll:~:5>$ route -n get 195.95.187.1
   route to: 195.95.187.1
destination: 195.95.187.1
  interface: gre0
 if address: 85.158.44.158
   priority: 4 (connected)
      flags: <UP,HOST,DONE>
     use       mtu    expire
     118         0         0 

<st...@troll:~:6>$ route -n get 195.95.187.0 
   route to: 195.95.187.0
destination: default
       mask: default
    gateway: 85.158.44.145
  interface: vr0
 if address: 85.158.44.158
   priority: 8 (static)
      flags: <UP,GATEWAY,DONE,STATIC>
     use       mtu    expire
     151         0         0

Reply via email to