Details
Details
I have an OSPF configuration problem on VyOS 1.1.6.
I have 2 clustered routers/firewall accessing Internet through 2 router of 2 different Internet providers, each one connects via dual VPN (OpenVPN) to another remote VyOS.
I configured the first router VyOS-A of cluster without problems, managing to pass routes to the router VyOS-remote remotely via OSPF through the double tunnel.
When I connect the second router VyOS-B of cluster, I don't receive any routes on remote VyOS. The following diagram summarizes the situation: network diagram
Below the part of the VyOS configuration:
VyOS-A router:
openvpn vtun0 { description "to Internet provider C" ip { ospf { dead-interval 40 hello-interval 10 priority 250 retransmit-interval 5 transmit-delay 1 } } mode client remote-host 10.100.100.100 remote-port 5000 tls { ca-cert-file /config/auth/ca.crt cert-file /config/auth/vyos-A1.crt key-file /config/auth/vyos-A1.key } } openvpn vtun1 { description "to Internet provider D" ip { ospf { dead-interval 40 hello-interval 10 priority 200 retransmit-interval 5 transmit-delay 1 } } mode client remote-host 10.101.101.101 remote-port 5001 tls { ca-cert-file /config/auth/ca.crt cert-file /config/auth/vyos-A2.crt key-file /config/auth/vyos-A2.key } } ospf { area 0.0.0.0 { network 10.0.10.0/24 network 10.0.20.0/24 } area 0.0.0.64 { network 10.64.16.0/24 } parameters { abr-type cisco router-id 10.0.0.201 } passive-interface default passive-interface-exclude vtun0 passive-interface-exclude vtun1 }
router VyOS-B:
openvpn vtun0 { description "to Internet provider C" ip { ospf { dead-interval 40 hello-interval 10 priority 150 retransmit-interval 5 transmit-delay 1 } } mode client remote-host 10.100.100.100 remote-port 5000 tls { ca-cert-file /config/auth/ca.crt cert-file /config/auth/vyos-B1.crt key-file /config/auth/vyos-B1.key } } openvpn vtun1 { description "to Internet provider D" ip { ospf { dead-interval 40 hello-interval 10 priority 100 retransmit-interval 5 transmit-delay 1 } } mode client remote-host 10.101.101.101 remote-port 5001 tls { ca-cert-file /config/auth/ca.crt cert-file /config/auth/vyos-B2.crt key-file /config/auth/vyos-B2.key } } ospf { area 0.0.0.0 { network 10.0.10.0/24 network 10.0.20.0/24 } area 0.0.0.64 { network 10.64.16.0/24 } parameters { abr-type cisco router-id 10.0.0.201 } passive-interface default passive-interface-exclude vtun0 passive-interface-exclude vtun1 }
remote router VyOS:
openvpn vtun0 { description "Internet provider C" local-port 5000 mode server server { client vyos-A1 { ip 10.0.10.201 subnet 10.64.16.0/24 } client vyos-B1 { ip 10.0.10.202 subnet 10.64.16.0/24 } } tls { ca-cert-file /config/auth/ca.crt cert-file /config/auth/keys/site.crt crl-file /config/auth/crl.pem dh-file /config/auth/dh2048.pem key-file /config/auth/site.key } } openvpn vtun1 { description "Internet provider D" local-port 5001 mode server server { client vyos-A2 { ip 10.0.20.201 subnet 10.64.16.0/24 } client vyos-B2 { ip 10.0.20.202 subnet 10.64.16.0/24 } } tls { ca-cert-file /config/auth/ca.crt cert-file /config/auth/site.crt crl-file /config/auth/crl.pem dh-file /config/auth/dh2048.pem key-file /config/auth/site.key } } ospf { area 0.0.0.0 { network 10.0.10.0/24 network 10.0.20.0/24 } area 0.0.0.128 { network 10.128.16.0/24 } parameters { abr-type cisco router-id 10.0.0.1 } passive-interface default passive-interface-exclude vtun0 passive-interface-exclude vtun1 }
This is my current attempt.
Andrea Ugoni
Answers
Answers
This answer has been hidden.
New Answer
New Answer