Questions regarding OSPF topology and ExStart

Alright, I’m thrown for a loop, and would like some help here.

I currently have a site-to-site IPSec VTI tunnel between two routers, and currently, I have it set up as such:

I keep getting conflicting information. Do you set it up as such, or like this?

The reason I’m concerned about this, is between VIN and ATL, state is full, but when I try ATL to PBI, I see ExStart. Firewall isn’t an issue, as I’m allowing OSPF through the correct zone.

it looks like an MTU issues , I don’t know which version do you use (on vyos) but I would like to suggest to check MTU on all the interfaces ( because OSPF used it to share its information) and also check TCP MSS value.

it should be applied over the vti interface.

In PBI, I’m on VyOS 1.4-rolling-202208100217

ATL: EdgeRouter
VIN: VyOS 1.3.0-epa3

I’ll check the MTU and MSS Clamps.

ok , so TCP MSS in this version is on firewall section, just to know :


Ok, so I did TCP MSS and its working now.

Now that just leaves me with the first question about OSPF topology. Does each tunnel need its own area, and each network set its own area, or can it share an area?

A single OSPF “area 0” works perfectly well for small networks, and some larger networks. On the basis of your diagram, multiple areas seem just to add complexity.

Gotcha. I was just always told to do multiple areas for different locations, since these are all linked over a VTI tunnel.