OSPF over PPTP problems

cobianet · May 12, 2009, 3:49pm

I am having some issues getting ospf to propagate over pptp.

I can establish the pptp connection without problem, and I very much understand that you need a static route with a lower distance to allow the pptp tunnel to stay open. Simply put it would try to send the pptp encapsulation packets over the ospf route which is in the pptp link if you did not do this.

Everything works fine until I enable ospf on each router. When I enable OSPF everything dies for about 10 seconds, then comes back on for a few seconds, then dies again, then repeats over and over. My guess is that the pptp link is being established, then ospf is propagating routes which causes pptp to die.

If you look below, you will see that I have routes with a distance of 0 which are added by pptp that should take care of the static route with a lower cost for the pptp encapsulation packets to traverse.

Anyone have any ideas on how to resolve this? Many thanks!

Here is the simple network layout:

Router 1:
pptp server
static public address

Router 2:
pptp client
dynamic wan address which is behind nat

Router 1 settings:

[admin@shark] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.40.1/24 192.168.40.0 192.168.40.255 ether1
1 10.0.0.1/29 10.0.0.0 10.0.0.7 ether3
2 PPTPSERVERIP/30 PPTPSERVERNETMASK PPTPSERVERBROADCAST ether2

/ppp secret
add caller-id=“” comment=“” disabled=no limit-bytes-in=0 limit-bytes-out=0 local-address=192.168.39.3 name=blackbox
password=blackbox profile=default remote-address=192.168.39.4 routes=“192.168.70.0/24 192.168.39.4” service=any

[admin@shark] > /routing ospf network print
Flags: X - disabled, I - invalid

NETWORK AREA

0 10.0.0.0/29 backbone
1 X 192.168.39.4/32 backbone

[admin@shark] > /routing ospf interface print
Flags: X - disabled, I - inactive, D - dynamic, P - passive

INTERFACE COST PRIORITY NETWORK-TYPE AUTHENTICATION AUTHENTICATION-KEY

0 50 1 broadcast none
1 D ether3 10 1 broadcast none

[admin@shark] > /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE

0 A S ;;; Default Route
0.0.0.0/0 reachable PPTPSERVERGW 1 ether2
1 ADC 10.0.0.0/29 10.0.0.1 0 ether3
2 ADo 10.0.0.8/29 reachable 10.0.0.2 110 ether3
3 ADo 10.0.0.16/29 reachable 10.0.0.2 110 ether3
4 ADo 10.1.0.0/16 reachable 10.0.0.2 110 ether3
5 ADo 63.99.9.0/24 reachable 10.0.0.2 110 ether3
6 ADC 75.140.233.124/30 75.140.233.126 0 ether2
7 ADo 192.168.2.0/24 reachable 10.0.0.2 110 ether3
8 ADC 192.168.39.4/32 192.168.39.3 0
9 ADC 192.168.39.6/32 192.168.39.5 0
10 ADC 192.168.40.0/24 192.168.40.1 0 ether1
11 ADo 192.168.41.0/24 reachable 10.0.0.2 110 ether3
12 ADo 192.168.42.0/24 reachable 10.0.0.2 110 ether3
13 ADo 192.168.43.0/24 reachable 10.0.0.2 110 ether3
14 ADS 192.168.44.0/24 reachable 192.168.39.6 1
15 ADS 192.168.70.0/24 reachable 192.168.39.4 1

Router 2 settings:

[admin@blackbox] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.70.1/24 192.168.70.0 192.168.70.255 bridge1
1 D 192.168.1.179/24 192.168.1.0 192.168.1.255 wlan1
2 D 192.168.39.4/32 192.168.39.3 0.0.0.0 pptp-out1

[admin@blackbox] > /interface pptp-client print
Flags: X - disabled, R - running
0 R name=“pptp-out1” max-mtu=1460 max-mru=1460 mrru=disabled
connect-to=PPTPSERVERIP user=“blackbox” password=“blackbox”
profile=default-encryption add-default-route=no
allow=pap,chap,mschap1,mschap2

[admin@blackbox] > /routing ospf interface print
Flags: X - disabled, I - inactive, D - dynamic, P - passive

INTERFACE COST PRIORITY NETWORK-TYPE AUTHENTICATION AUTHENTICATION-KEY

0 pptp-out1 50 1 broadcast none

[admin@blackbox] > /routing ospf network print
Flags: X - disabled, I - invalid

NETWORK AREA

0 192.168.39.3/32 backbone

[admin@blackbox] > /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE

0 ADS 0.0.0.0/0 reachable 192.168.1.254 0 wlan1
1 ADC 192.168.1.0/24 192.168.1.179 0 wlan1
2 ADC 192.168.39.3/32 192.168.39.4 0 pptp-out1
3 A S ;;; home route
192.168.40.0/24 reachable 192.168.39.3 1 pptp-out1
4 ADC 192.168.70.0/24 192.168.70.1 0 bridge1

mrz · May 15, 2009, 12:59pm

Most likely OSPF installs more specific route into routing table. PPTP will start to use that route and will try to reconnect. At this point OSPF also will loose connectivity. Use routing filters to filter out specific routes that are causing this behavior.

brianchrist · April 14, 2010, 2:35pm

mrz is right, i have same situation with cobianet and now i have oveercome the problem by add filters to allow only prefix you need only.

my routing filter on pptp server:

0 chain=ospf-in prefix=10.162.0.0/16 prefix-length=0-32 invert-match=no
action=accept

1 chain=ospf-in invert-match=no action=discard

2 chain=ospf-out invert-match=no action=discard