Hi Brian, Please try this configuration: ============================= Dynamic: conn site-2-dynamic-ip left=%defaultroute leftsubnet=10.10.0.0/22,10.9.255.252/30 leftfirewall=no right=dy.na.mi.cip rightsubnet=10.10.4.0/22,10.9.255.252/30 rightid=%specific.example.com auto=add
Static: conn site-1-static-ip left=st.at.ic.ip leftsubnet=10.10.4.0/22,10.9.255.252/30 leftid=%specific.example.com leftfirewall=no right=%any rightsubnet=10.10.0.0/22,10.9.255.252/30 auto=add =============================== Two things to observe: In Initiator: ip address add 10.9.255.253/30 dev vti ip route add 10.10.4.0/22 dev vti src 10.9.255.253 #for locally generated packets sent to 10.10.4.0/22 to have source as 10.9.255.253 OR ip route add 10.10.4.0/22 dev vti src 10.10.0.1 #for locally generated packets sent to 10.10.4.0/22 to have source as 10.10.0.1 Apply the same logic on the responder by replacing the destination network and the source IP Also OSPF uses multicast for default operation in Ethernet, remember to change this link to Point to Point so it uses unicast. Let us know how it goes. Thanks, On Thu, Feb 28, 2019 at 7:51 PM Brian Topping <brian.topp...@gmail.com> wrote: > Hi Felipe, thank you for your consideration of this. It took me a bit to > create a diagram: > > > 10.10.0.0/22 10.10.4.0/22 > ^ ^ > v v > +---------------+ +---------------+ > | Initiator | | Responder | > |---------------| |---------------| > |10.9.255.253/30| <http://10.9.255.253/30%7C><- - - -VTI - - - ->| > 10.9.255.254/30| <http://10.9.255.254/30%7C> > +---------------+ +---------------+ > ^ ^ > v v > ini.tia.tor.ip <---- Internet ----> res.pon.der.ip > > From the bottom, the internet connection between the initiator and > responder, a PtP VTI between the the two nodes and in turn, the two /22 > networks that I want to connect through the VTI as native routing between > networks (hence the VTI interfaces on each node). The initiator public IP > is dynamic. > > The reason for not doing straight tunneling between the two /22 networks > is OSPF discovery of interfaces, typical routing daemons can only see > interfaces to add discovery over (ie “vti*”). As the network grows, the > routing daemons will self-discover for optimal backbone routing. > > Apologies that I didn’t get deeper into that previously! Does it help? >