Hi
I have some problems getting OSPF working on OpenVPN tunnel between VyOS (Version: VyOS 1.3-rolling-202202241505) and Edgerouter. I have the same type of config working without problems between two Edgerouters.
The tunnel is online and both endpoints can ping each other. (It has happened that the tunnel connection has died, but the last 24 hours the tunnel connection has worked. the message I got then was something with “expected remote options string (ver=v4)”, but I don’t know if its related.)
I found that ospf is not enabled on vtun11 on VyOS. On Edgerouter OSPF is enabled on vtun2.
vyos@vyos:~$ show ip ospf interface vtun11
vtun11 is up
ifindex 6, MTU 1500 bytes, BW 10 Mbit <UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>
OSPF not enabled on this interface
vyos@vyos:~$ show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
vyos@vyos:~$
Any ideas how to get OSPF working?
Thanks
CONFIG:
SITE A (VyOS)
eth1 → 10.99.99.1/24
openvpn vtun11 {
description "A - B"
local-address 10.0.2.11 {
}
local-port 10211
mode site-to-site
openvpn-option --comp-lzo
openvpn-option --float
openvpn-option "--ping 10"
openvpn-option "--ping-restart 20"
openvpn-option --ping-timer-rem
openvpn-option --persist-tun
openvpn-option --persist-key
openvpn-option "--user nobody"
openvpn-option "--group nogroup"
remote-address 10.0.11.2
remote-host siteb.domain.com
remote-port 11102
shared-secret-key-file /config/auth/secret
vyos@vyos# show protocols
ospf {
area 0 {
network 10.99.99.0/24
network 10.0.2.0/24
}
passive-interface default
passive-interface-exclude vtun11
}
SITE B (Edgerouter)
eth1 → 10.20.15.1/24
openvpn vtun2 {
description "B - A"
local-address 10.0.15.2 {
}
local-port 11502
mode site-to-site
openvpn-option --comp-lzo
openvpn-option --float
openvpn-option "--ping 10"
openvpn-option "--ping-restart 20"
openvpn-option --ping-timer-rem
openvpn-option --persist-tun
openvpn-option --persist-key
openvpn-option "--user nobody"
openvpn-option "--group nogroup"
remote-address 10.0.2.15
remote-host sitea.domain.com
remote-port 10215
shared-secret-key-file /config/auth/secret
}
ospf {
area 0 {
network 10.20.15.0/24
network 10.0.15.0/24
}
passive-interface default
passive-interface-exclude vtun2
}