I’m trying to get OSPF to work over an IPSEC tunnel with a palo Alto firewall.
My tunnel is up. I can ping the IPSec interface IP’s on each side. However It seems that the OSPF config I’ve done is not being advertised to my Palo Alto firewall.
Has anyone over done this or can anyone point me in the right direction.
I’m a newb in teltonika so hope someone can help me out here
Hi, @TomDeVos
You will need a GRE tunnel, inside of ipsec tunnel…
Thx Marcelo,
Is there a reason a second tunnel (GRE tunnel) is needed? Why can’t it work over the IPSEC?
When i take wireshark I can see OSPF packets incoming on my PA. But the logs say that “OSPF adjacency with neighbor has gone down”.
OSPF it is a multicast protocol.
“ OSPF uses two primary IPv4 multicast addresses for efficient communication on broadcast networks “
“ Using GRE you force OSPF to be a unicast. “
Google it an explanation…
“ Yes, GRE (Generic Routing Encapsulation) tunnels can effectively handle OSPF (Open Shortest Path First) routing. In fact, running OSPF over GRE is a common networking technique, particularly for building virtual private networks (VPNs) between sites, as GRE provides a mechanism to transport multicast and broadcast traffic—essential for OSPF adjacency—across networks that might not otherwise support it “
Yes, IPsec can handle OSPF, but it typically requires encapsulation like GRE (Generic Routing Encapsulation) or VTI (Virtual Tunnel Interfaces) because standard IPsec does not support the multicast traffic necessary for OSPF to form neighbor relationships
. Without encapsulation, OSPF packets are generally dropped by pure policy-based IPsec tunnels
Thx 4 the info Marcelo,
I’ve made it a route based tunnel. And I deleted and recreated my ospf config and now my OSPF neighbour is up and running. Routes are advertised. So all is good.
thx