Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Wed Aug 23, 2017 8:56 am


VPN tunnels / IPSEC / GRE / iP-in-IP

Author Message
admin
Post  Post subject: FreeBSD to FreeBSD - OSPF over GRE over Ipsec transport mode (racoon) - Part 2  |  Posted: Sun Oct 30, 2011 7:36 am
Site Admin

Joined: Mon Aug 03, 2009 8:43 am
Posts: 95

Offline
 

FreeBSD to FreeBSD - OSPF over GRE over Ipsec transport mode (racoon) - Part 2

After setting up the IPSec tunnel between the two FreeBSD hosts (FreeBSD-A and FreeBSD-B) in part 1 (http://forum.ivorde.ro/freebsd-to-freebsd-ospf-over-gre-over-ipsec-transport-mode-racoon-part-1-t860.html using gre0 interfaces on both nodes, in this part I set up OSPF.

The relevant OSPFD configuration (quagga) on both nodes is simple. This is for FreeBSD-A node:
Code:
!
interface gre0
ip ospf hello-interval 2
ip ospf dead-interval 6
!
router ospf
ospf router-id A2.A2.A2.A2
redistribute static
network A2.A2.A2.A2/30 area 0.0.0.0
!




Ospf "hello" packets travel on the tunnel at 2 seconds intervals and ospf neighbour dead-interval is 6 seconds. These settings need to be identical on both nodes, otherwise ospf adjacency will not occur.

In case it fails, a good way to debug ospf adjacency is using tcpdump and looking at the data advertised by both OSPF nodes (can't call them "neighbours" yet).

Code:
FreeBSD-A# tcpdump -nnvi gre0
tcpdump: listening on gre3, link-type NULL (BSD loopback), capture size 96 bytes

13:23:15.745604 IP (tos 0xc0, ttl   1, id 42243, offset 0, flags [none], proto: OSPF (89), length: 68) A2.A2.A2.A2 > 224.0.0.5: OSPFv2, Hello, length: 48
   Router-ID: A2.A2.A2.A2, Backbone Area, Authentication Type: none (0)
   Options: [External]
     Hello Timer: 2s, Dead Timer 6s, Mask: 0.0.0.0, Priority: 1
     Neighbor List:
       B2.B2.B2.B2
13:23:16.002287 IP (tos 0xc0, ttl   1, id 35190, offset 0, flags [none], proto: OSPF (89), length: 68) B2.B2.B2.B2 > 224.0.0.5: OSPFv2, Hello, length: 48
   Router-ID: B2.B2.B2.B2, Backbone Area, Authentication Type: none (0)
   Options: [External]
     Hello Timer: 2s, Dead Timer 6s, Mask: 255.255.255.252, Priority: 128
     Neighbor List:
       A2.A2.A2.A2


The above output shows that FreeBSD-A node receives OSPF "hello" multicasts from FreeBSD-B and that it also sends. Both nodes use same "hello timer" and "dead-interval" settings.

Soon I will post more info on debugging quagga ospf peering.

_________________
VPSie - SSD VPS servers in AMS-IX, LINX, DE-CIX
https://vpsie.com





Top
Display posts from previous:  Sort by  
Print view

Topics related to - "FreeBSD to FreeBSD - OSPF over GRE over Ipsec transport mode (racoon) - Part 2"
 Topics   Author   Replies   Views   Last post 
There are no new unread posts for this topic. FreeBSD to FreeBSD - OSPF over GRE over Ipsec transport mode (racoon) - Part 1

admin

0

2358

Sun Oct 16, 2011 5:36 pm

admin View the latest post

There are no new unread posts for this topic. IPSEC vpn between IPHONE and Linux/FreeBSD racoon daemon

mandrei99

0

4435

Thu Feb 20, 2014 7:36 am

mandrei99 View the latest post

 

Who is online
Users browsing this forum: No registered users and 0 guests
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO