OSPF not working, Openvpn between VyOS and Edgerouter

General questions
,
1

Hi
I have some problems getting OSPF working on OpenVPN tunnel between VyOS (Version: VyOS 1.3-rolling-202202241505) and Edgerouter. I have the same type of config working without problems between two Edgerouters.
The tunnel is online and both endpoints can ping each other. (It has happened that the tunnel connection has died, but the last 24 hours the tunnel connection has worked. the message I got then was something with “expected remote options string (ver=v4)”, but I don’t know if its related.)

I found that ospf is not enabled on vtun11 on VyOS. On Edgerouter OSPF is enabled on vtun2.

vyos@vyos:~$ show ip ospf interface vtun11
vtun11 is up
  ifindex 6, MTU 1500 bytes, BW 10 Mbit <UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>
  OSPF not enabled on this interface

vyos@vyos:~$ show ip ospf neighbor 

Neighbor ID     Pri State           Dead Time Address         Interface                        RXmtL RqstL DBsmL

vyos@vyos:~$

Any ideas how to get OSPF working?

Thanks :slight_smile:

CONFIG:
SITE A (VyOS)
eth1 → 10.99.99.1/24

openvpn vtun11 {
     description "A - B"
     local-address 10.0.2.11 {
     }
     local-port 10211
     mode site-to-site
     openvpn-option --comp-lzo
     openvpn-option --float
     openvpn-option "--ping 10"
     openvpn-option "--ping-restart 20"
     openvpn-option --ping-timer-rem
     openvpn-option --persist-tun
     openvpn-option --persist-key
     openvpn-option "--user nobody"
     openvpn-option "--group nogroup"
     remote-address 10.0.11.2
     remote-host siteb.domain.com
     remote-port 11102
     shared-secret-key-file /config/auth/secret

vyos@vyos# show protocols
 ospf {
     area 0 {
         network 10.99.99.0/24
         network 10.0.2.0/24
     }
     passive-interface default
     passive-interface-exclude vtun11
 }

SITE B (Edgerouter)
eth1 → 10.20.15.1/24

openvpn vtun2 {
     description "B - A"
     local-address 10.0.15.2 {
     }
     local-port 11502
     mode site-to-site
     openvpn-option --comp-lzo
     openvpn-option --float
     openvpn-option "--ping 10"
     openvpn-option "--ping-restart 20"
     openvpn-option --ping-timer-rem
     openvpn-option --persist-tun
     openvpn-option --persist-key
     openvpn-option "--user nobody"
     openvpn-option "--group nogroup"
     remote-address 10.0.2.15
     remote-host sitea.domain.com
     remote-port 10215
     shared-secret-key-file /config/auth/secret
 }

ospf {
     area 0 {
         network 10.20.15.0/24
         network 10.0.15.0/24
     }
     passive-interface default
     passive-interface-exclude vtun2
 }
2

It works If I set ip 10.0.0.1 on SITE A and 10.0.0.2 on SITE B and adds 10.0.0.0/30 in the ospf area on both sites.

There must be some differences between EdgeOS and VyOS on this.

Is it a way to have the config on VyOS as the way I use it between my Edgerouters?

Thanks :slight_smile:

3

Normally, OSPF interfaces need to be in same subnet to become neighbors
But that only explains why neigbors don’t fom, not why OSPF wasn’t enabled on vyos vtun11.
Was there some typo in IP interface address vs OSPF network statement ?

4

There was not any typo

5

That leaves another possibility: order of operation.
like: If openvpn interface is up before OSPF starts (or gets re-started after config change), OSPF will include the interface. If OSPF already runs, and interface comes up afterwards, OSPF won’t use it.