|
|
Mike Diehl (Encrypted email preferred) writes:
> I'm about to setup a lot of OpenVPN links which will link quite a few networks
> together. Some of these links are dynamic.
>
> I'm trying to figure out how to propagate all of these network routes to each
> peer in the network.
>
> If I've got 7 VPN connections and some of those connections link multiple
> networks, configuring the routes in the OpenVPN configuration file simply
> doesn't scale.
>
> I've tried to use Zebra's OSPFd to setup all of these routes, but I just can't
> seem to get it to work. Looks like the routing metric that OSPF sets up is
> higher than the default route.
>
> Has anyone come up with a solution to this problem?
I use Zebra/ospfd for this. Getting ospfd to work with point-to-point
links (not just OpenVPN) can be tricky, but I haven't yet found
anything that can't be made to work. I've used both the old Zebra and
the newer Quagga fork, running on Linux (mix of 2.4 and 2.6 kernels)
and interacting with Ciscos and old Livingston Portmasters.
One key to getting this working that is non-obvious is that the ospfd
configuration needs a network statement for both the full IP range of
an area and for each area subnet to which it's connected. In other
words, it may need network statements for subnets that are encompassed
by another network statement, like so:
network 192.168.0.0/24 area 1
network 192.168.0.0/27 area 1
This would be for a box with a interface IP within the narrower /27
subnet in an ospf area encompassing the larger /24 subnet. (No
"range" statements are needed unless you do route summarization.)
Also, the network statements for point-to-point links must specify the
*remote* end IP address with a /32 mask.
--
Dick St.Peters, stpeters@xxxxxxxxxxxxx
Gatekeeper, NetHeaven, Saratoga Springs, NY
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|