[clug] Re: openvpn + quagga + rip
Michael Cohen
scudette at gmail.com
Thu May 28 22:35:51 GMT 2009
Hi List,
Just to set the archives right in case someone else has a similar
problem - the solution was to use p2p mode in openvpn instead of
client server mode. I wrote a wiki page to explain:
http://www.secure-computing.net/wiki/index.php/OpenVPN/RIPRouting
Thanks for all the helpful replies i got off list.
Michael.
On Sat, May 23, 2009 at 12:06 AM, Michael Cohen <scudette at gmail.com> wrote:
> Hi list,
> This is a question for someone familiar with openvpn. I want to run
> RIP over the openvpn tun link. But when you set up open vpn it tries
> to do weird stuff with the tun0 ptp ip addresses:
>
> tun0 Link encap:UNSPEC HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> inet addr:172.12.71.6 P-t-P:172.12.71.5 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
> RX packets:1 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:52 (52.0 b) TX bytes:52 (52.0 b)
>
> tun71 Link encap:UNSPEC HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> inet addr:172.12.71.1 P-t-P:172.12.71.2 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:0 (0.0 b) TX bytes:92 (92.0 b)
>
>
> So in other words the tunnel goes from .1 to .2 on one end and .5 to
> .6 on the other end. Openvpn does routing internally.
>
> The issue is that when quagga tries to sent RIP updates it detects the
> remote end of the tunnel as the peer address and sends the update to
> that. That address is actually totally bogus and is completely ignored
> by openvpn. If I try to make quagga send to the correct address (i.e.
> to 172.12.71.1 or 172.12.71.6) it tells me:
>
> 2009/05/23 00:03:09 RIP: Neighbor 172.12.71.6 doesnt have connected interface!
>
> it will actually send the update to 172.12.71.1 but the other end will
> ignore this packet.
>
> Is there a way to make openvpn set up sane ptp addresses? My next step
> it to recompile quagga and remove the check for peer addresses to make
> it send the routing update across the tunnel - this seems a bit
> extreme. Google revealed many many posts of people with exactly the
> same problem - no solutions though other than using tap in openvpn
> instead (which is not an option in this case).
>
> Thanks,
> Michael.
>
More information about the linux
mailing list