OSPF over SSTP help

RouterOS Forwarding Protocols
1

Hi,

I have an SSTP link

/interface sstp-client
add add-default-route=no authentication=pap,chap,mschap1,mschap2 certificate=none connect-to=X.X.X.X:443 \
    dial-on-demand=no disabled=no http-proxy=0.0.0.0:443 keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=disabled \
    name=sstp-THORODIN password=XXX profile=default-encryption user=XXX \
    verify-server-address-from-certificate=no verify-server-certificate=no

and I want OSFP on the link

admin@NV0N] /routing ospf interface> print
Flags: X - disabled, I - inactive, D - dynamic, P - passive
 #    INTERFACE                                          COST PRIORITY NETWORK-TYPE   AUTHENTICATION AUTHENTICATION-KEY
 0 D  sstp-THORODIN                                        10        1 point-to-point none

to route these networks

/routing ospf network
add area=backbone network=172.16.0.0/16
add area=backbone network=10.0.0.0/16
add area=backbone network=10.1.0.0/16
add area=backbone network=10.11.0.0/16
add area=backbone network=10.20.0.0/16
add area=backbone network=10.30.0.0/16

However IP ROUTE never shows any of the OSPF dynamic routes for these networks and when you attempt to ping a network (e.g. 10.30.20.1) it goes over over my WAN which olds the default 0.0.0.0 route.

Any ideas on how to make this work without adding static IP ROUTE entries (which is the way I’m doing it now)?

Thanks,

Joey

2

And the configuration on the other end?
Adding subnets to an area just enables the processing of routes from that subnet…

Usually, on each endpoint you need to add your local subnet and the subnet of the remote tunnel endpoint to the area.
The confirmation of this will be the fact that 2 dynamic interfaces will show up for ospf interface print: your local network interface and the tunnel interface.
The same has to be done on the other side, too.

3

Yes. I see the same OSPF link on the other side. It has a subset of all those networks (simply because we haven’t enabled full OSPF routing yet for all the subnets).

This works on the test bench with 6 routers but in our production environment it’s not working. The SSTP server machine does have a downlevel routerboard code and is on 6.5. It’s at the top of a mountain we can’t get to yet due to snow so we are not willing to update the code until we know we can get up there and replace the router if it dies.