Copied from NetworkEngineering since they said it is off-topic there.
Network Diagram:
We have two OpenVPN servers that are currently accessible with static routes from the two core routers and I am trying to set them up with OSPF using Quagga (FRR is not available on RedHat 7) so I can remove the static routes. We have a robust BGP and OSPF setup currently, but things seem to break when I start ospfd. Each server hosts several OpenVPN instances (for high-availability). Some of these instances use a bridged network instead of a routed network and turning on OSPF also seems to break these systems. VPN clients on the bridged interface are connected transparently to the core of the network (used for Site-to-Site VPN), while users are put in the subnet assigned to the server they connect to.
I have tried so many different options, but this is my current config:
[root@openvpn00 ~]# vtysh
Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
openvpn00.example.edu# show run
Building configuration...
Current configuration:
!
hostname openvpn00.example.edu
log stdout
log syslog
!
password zebra
!
interface br3254
ipv6 nd suppress-ra
!
interface eth0
ip address x.x.127.201/27
ipv6 nd suppress-ra
!
interface tap0
ipv6 nd suppress-ra
!
interface tun0
ipv6 nd suppress-ra
!
interface tun1
ipv6 nd suppress-ra
!
router ospf
redistribute connected
passive-interface default
no passive-interface eth0
network 10.73.250.0/24 area 0.0.0.7
network 10.73.252.0/25 area 0.0.0.7
network x.x.127.192/27 area 0.0.0.7
!
ip forwarding
!
line vty
!
end
openvpn00.example.edu# exit
[root@s2svpnb ~]# vtysh
Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
openvpn01.example.edu# show run
Building configuration...
Current configuration:
!
hostname openvpn01.example.edu
log stdout
log syslog
!
password zebra
!
interface br3254
ipv6 nd suppress-ra
!
interface eth0
ip address x.x.127.202/27
ipv6 nd suppress-ra
!
interface tap0
ipv6 nd suppress-ra
!
interface tun0
ipv6 nd suppress-ra
!
interface tun1
ipv6 nd suppress-ra
!
router ospf
redistribute connected
passive-interface default
no passive-interface eth0
network 10.73.251.0/24 area 0.0.0.7
network 10.73.252.128/25 area 0.0.0.7
network x.x.127.192/27 area 0.0.0.7
!
ip forwarding
!
line vty
!
end
openvpn01.example.edu# exit
If I use anything besides network x.x.127.192/27, Quagga doesn't broadcast on that interface.
Switch Configuration:
router00:
router ospf
area 6
area 0
area 7
default-information-originate
redistribute bgp route-map BGP-OSPF
redistribute connected
redistribute static
log all
!
interface ve 427
ip address x.x.127.222 255.255.255.224
ip ospf area 7
ip vrrp-extended vrid 29
backup priority 200
advertise backup
ip-address x.x.127.193
enable
!
router01:
router ospf
area 6
area 0
area 7
default-information-originate
redistribute bgp route-map BGP-OSPF
redistribute connected
redistribute static
log all
!
interface ve 427
ip address x.x.127.221 255.255.255.224
ip ospf area 7
ip vrrp-extended vrid 29
backup priority 100
advertise backup
ip-address x.x.127.193
enable
!
Do I need to use separate VLANs and point-to-point subnets (maybe /31s) for this or is there a way to keep everything on the same VLAN? Any better ways to handle this?
