Hi, Seb! Sorry for the quoting-stuff. I added your original question:
>>>Do you have basic IP connectivity through the tunnel? Can you ping the remote inner IP endpoint of your tunnel? >> Yes. >Which build of OpenSolaris are you using? The one, that came with the live cd: r...@opensolaris:~# uname -a SunOS opensolaris 5.11 snv_111b i86pc i386 i86pc Solaris >If it's newer than build 125, >you can snoop the tunnel interface and observe packets in the clear as >they are transmitted or received over the tunnel. This can be useful in >diagnosing problems such as this. Can you see the OSPF packets when you >snoop on the tunnel? Sorry - snoop is a nogo. >To any application speaking IP (such as a routing protocol), an IP >tunnel interface looks just like any other point-to-point interface. If >you have connectivity through the tunnel, then I'd focus on your OSPF >configuration. Yeh - I though so. >What does that look like? I threw every possibly involved network and interface into the config, willing to cut down appropriately, once, it's working. Please note that all systems are currently connected in a lab environment but have the IPs, they will get in the future. For vpn1, it's 120.0.0.0/24<-J-Router->82.100.214.146/29<-Internet->213.172.123.136/29< -Opensolaris custom zone->82.100.231.232/29 (Yes - the 'LAN' behind the Opensolaris-Zone has public IPs) For vpn2: 103.0.0.0/24<-J-Router->82.102.214.146/29<-Internet->213.172.123.136/29< -Opensolaris custom zone->82.100.231.232/29 Since both remote sites are connected directly themselves too, the final goal is to reach both sides thru both tunnels - If one site's WAN-connection fails, OSPF will take care, that I can still reach that site thru the vpn to the other site and the inter-site-connect... r...@kunde003-wan:~# cat /etc/quagga/ospfd.conf ! -*- ospf -*- ! ! OSPFd sample configuration file ! ! hostname kunde003-wan password zebra enable password zebra ! router ospf ospf router-id 82.100.231.233 redistribute connected redistribute static network 120.0.0.0/24 area 0 network 103.0.0.0/24 area 0 network 213.172.123.136/29 area 0 network 82.100.231.232/29 area 0 network 82.100.214.136/29 area 0 network 82.102.214.136/29 area 0 ! log file /var/log/ospfd.log debugging r...@kunde003-wan:~# cat /etc/quagga/zebra.conf interface ip.tun0 link-detect interface ip.tun1 link-detect interface wan3001 link-detect interface dmz103001 link-detect quaggaadm show that config as: kunde003-wan# sho run Current configuration: ! hostname kunde003-wan password zebra enable password zebra log file /var/log/ospfd.log ! ! ! interface dmz103001 ! interface ip.tun0 ! interface ip.tun1 ! interface lo0 ! interface wan3001 ! router ospf ospf router-id 82.100.231.233 redistribute connected redistribute static network 82.100.214.136/29 area 0.0.0.0 network 82.100.231.232/29 area 0.0.0.0 network 82.102.214.136/29 area 0.0.0.0 network 103.0.0.0/24 area 0.0.0.0 network 120.0.0.0/24 area 0.0.0.0 network 213.172.123.136/29 area 0.0.0.0 ! line vty ! End Where is the config-bug? Thanks, Kai _______________________________________________ networking-discuss mailing list [email protected]
