[clug] openvpn + quagga + rip

Michael Cohen scudette at gmail.com
Fri May 22 14:06:35 GMT 2009


Hi list,
  This is a question for someone familiar with openvpn. I want to run
RIP over the openvpn tun link. But when you set up open vpn it tries
to do weird stuff with the tun0 ptp ip addresses:

tun0      Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:172.12.71.6  P-t-P:172.12.71.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:52 (52.0 b)  TX bytes:52 (52.0 b)

tun71     Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:172.12.71.1  P-t-P:172.12.71.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:92 (92.0 b)


So in other words the tunnel goes from .1 to .2 on one end and .5 to
.6 on the other end. Openvpn does routing internally.

The issue is that when quagga tries to sent RIP updates it detects the
remote end of the tunnel as the peer address and sends the update to
that. That address is actually totally bogus and is completely ignored
by openvpn. If I try to make quagga send to the correct address (i.e.
to 172.12.71.1 or 172.12.71.6) it tells me:

2009/05/23 00:03:09 RIP: Neighbor 172.12.71.6 doesnt have connected interface!

it will actually send the update to 172.12.71.1 but the other end will
ignore this packet.

Is there a way to make openvpn set up sane ptp addresses? My next step
it to recompile quagga and remove the check for peer addresses to make
it send the routing update across the tunnel - this seems a bit
extreme. Google revealed many many posts of people with exactly the
same problem - no solutions though other than using tap in openvpn
instead (which is not an option in this case).

Thanks,
Michael.


More information about the linux mailing list