OSPF over OpenVPN tunnel

I am trying to configure a RUT360 (RUT36X_R_00.07.08.2) to run OSPF over an OpenVPN tunnel.

I can configure the OpenVPN client tunnel (TUN mode) and I can ping across the tunnel in both directions. The tun_c_* interface exists on the RUT360.

root@Teltonika-RUT360:~# ifconfig tun_c_4G
tun_c_4G Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.0.8.6  P-t-P:10.0.8.5  Mask:255.255.255.255
          inet6 addr: fe80::37dd:1b44:540d:aa91/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:20 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:1377 (1.3 KiB)  TX bytes:1312 (1.2 KiB)

Now I want to use OSPF and connect the OSPF to the OpenVPN tunnel

  • the OSPF Interfaces section does not show the OpenVPN tunnel
  • if I configure an OSPF Neighbour there is no OSPF traffic, presumably due to the slightly cryptic message “OSPF neighbors works only when an interface with type ‘Non-Broadcast’ or ‘Point-to-Multipoint’ is configured” at the top of the OSPF page

(As a side-note I tried configuring a Wireguard tunnel and couldn’t see how to make it appear in OSPF either).

Is there some way in the UI to use OSPF over OpenVPN (and Wireguard) tunnels?

Thanks,
Tim

I have worked out how to do this, however, it is quite possible that this is not the “correct” answer. I am leaving the information here in case it is useful to someone else.

This information is correct for a RUT360, with RUT36X_R_00.07.08.2 firmware, and packages: OSPF daemon version 1, FRR VTYSH version 8.4.2-1.

  1. The ‘vtysh’ command is in a separate package. So if you need to use vtysh to debug/diagnose what is going on then you need to load this package. Just use the package search function and look for vtysh.

  2. You can handcraft a FRR OSPF configuration file and then use the ‘Import config’ option on the Network/Routing/Dynamic_routes page. You click ‘Browse’ under OSPF - General Settings, locate your config file, then enable the service and then ‘Save & Apply’. This avoids the UI totally and allows you to select a config of your own choice.

  3. To get a starting config I configured the non-Teltonika end of the OSPF connection (which was pfsense) and then grabbed the OSPF configuration file from pfsense. I then made changes to this configuration file so that it would be correct for the Teltonika end of things. I installed as described above and voila OSPF came up as required - and routes worked as expected. (You may need to log into the Teltonika and use various commands to find the name of the network interfaces for interfaces that you require).

  4. I have yet to add additional complexity to my initial configuration, however, this works as a starting point and I see no reason that it won’t work as I require.

  5. A side benefit of this mechanism is that you have the full configuration file for the Teltonika and are not left guessing as to what the UI actually generated.

  6. If you want to find the ospf.conf file for a Teltonika UI generated OSPF configuration it is in /tmp/etc/frr/ospf.conf.

  7. I think that for a wireguard connection you may need to enter the wireguard interface twice in the configuration because I read somewhere that the wireguard interface is renamed during it creation and that FRR starts before wireguard so there is a race condition and it is not certain which interface name will exist when FRR sees it. (At least that is my memory of what I read).

The configuration file that I tested with was this:

password admin01
enable password admin01
line vty
access-class vty
access-list vty seq 1 permit 127.0.0.1

interface wlan0-2
description “ospfd: GuestWiFi network”
ip ospf area 0.0.0.40
!
interface tun_c_4G
description “ospfd: 4G OpenVPN”
ip ospf network point-to-point
ip ospf cost 100
ip ospf area 0.0.0.0
!

router ospf
ospf router-id 192.168.129.1
redistribute connected
passive-interface wlan0-2
area 0.0.0.0 shortcut default
area 0.0.0.40 stub
area 0.0.0.40 shortcut default
!

I hope that this helps anyone else who is trying to work out how this works,
Tim

This topic was automatically closed after 15 days. New replies are no longer allowed.