[clug] Re: openvpn + quagga + rip

Michael Cohen scudette at gmail.com
Thu May 28 22:35:51 GMT 2009 

Hi List,
  Just to set the archives right in case someone else has a similar
problem - the solution was to use p2p mode in openvpn instead of
client server mode. I wrote a wiki page to explain:

http://www.secure-computing.net/wiki/index.php/OpenVPN/RIPRouting

Thanks for all the helpful replies i got off list.
Michael.

On Sat, May 23, 2009 at 12:06 AM, Michael Cohen <scudette at gmail.com> wrote:
> Hi list,
>  This is a question for someone familiar with openvpn. I want to run
> RIP over the openvpn tun link. But when you set up open vpn it tries
> to do weird stuff with the tun0 ptp ip addresses:
>
> tun0      Link encap:UNSPEC  HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>          inet addr:172.12.71.6  P-t-P:172.12.71.5  Mask:255.255.255.255
>          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
>          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:100
>          RX bytes:52 (52.0 b)  TX bytes:52 (52.0 b)
>
> tun71     Link encap:UNSPEC  HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>          inet addr:172.12.71.1  P-t-P:172.12.71.2  Mask:255.255.255.255
>          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
>          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:100
>          RX bytes:0 (0.0 b)  TX bytes:92 (92.0 b)
>
>
> So in other words the tunnel goes from .1 to .2 on one end and .5 to
> .6 on the other end. Openvpn does routing internally.
>
> The issue is that when quagga tries to sent RIP updates it detects the
> remote end of the tunnel as the peer address and sends the update to
> that. That address is actually totally bogus and is completely ignored
> by openvpn. If I try to make quagga send to the correct address (i.e.
> to 172.12.71.1 or 172.12.71.6) it tells me:
>
> 2009/05/23 00:03:09 RIP: Neighbor 172.12.71.6 doesnt have connected interface!
>
> it will actually send the update to 172.12.71.1 but the other end will
> ignore this packet.
>
> Is there a way to make openvpn set up sane ptp addresses? My next step
> it to recompile quagga and remove the check for peer addresses to make
> it send the routing update across the tunnel - this seems a bit
> extreme. Google revealed many many posts of people with exactly the
> same problem - no solutions though other than using tap in openvpn
> instead (which is not an option in this case).
>
> Thanks,
> Michael.
>

More information about the linux mailing list