I admit it - I’m a bit out of my depth. Like many small business owners I fulfill multiple roles - including IT network admin. And it’s been a while since I last set things up. I do remember utilizing some website examples/tutorials and the wiki - but I’m not finding what I need. If I can get this figured out I’ll probably document it myself and try to add to the wiki.
And anticipating any queries regarding relatively small hardware - the connections involved are 50Mb down and 5Mb up from the ISP so nothing extravagant that requires major processing power. Less than a dozen clients per site. I am using fasttrack at all sites.
My topology:
- Primary office/server location with a RB750GL primary router at 192.168.0.1. LAN 192.168.0.0/24 (my network and my control)
- Within this LAN (on 192.168.0.2) a Linux server running OpenVPN. Roadwarriors connect to this server through primary router NAT.
- Remote secondary site with RB750GL behind external router at 192.168.1.12. LAN 192.168.1.0/24 (also my control)
- Remote tertiary site with hAP mini behind external router at 192.168.1.42. LAN 192.168.1.0/24 (customer site - no control of network). The purpose of this router is to gain secure access to a single client which is accomplished via dst-nat on the required port.
The first step is getting an encrypted connection from the two remotes to the office. I think I’ve done that via IKEv2. The configuration is all within “/ip ipsec” and “/ip firewall” - nothing is/was configured specially in “interfaces”, “bridges”, or “ppp”. And - this works.
The next item I would like to have working is OSPF. At one time - I know it was working. And it is working now between the primary router and the OpenVPN server (running Quagga). But where I know it used to work between the primary router and the secondary site - I don’t see the routes showing anymore. Nor do I see them recognizing each other as neighbors.
So with all that said…let’s see if I can ask this right. If any of my premises are wrong please correct me.
I believe IPSEC provides a Layer 3 connection. If that’s correct - does OSPF communicate over Layer 3 (which I think for this purpose means IP’s accessible via routing)? Or is the lack of a Layer 2 connection the first problem?
I do have in my configuration, although presently disabled, EoIP interfaces and VPLS interfaces on both the primary and secondary routers. I remember creating them by following an example, and having them work, some time previously but don’t recall why I used them or why I disabled them. I have tried enabling them - the EoIP seems to link up immediately and shows a couple packets but I never see any traffic on the VPLS interface. And neither appears to do anything for OSPF.
Do I need to assign an IP to either of those interfaces to get things to work?
Do I need to add either of the interfaces to my LAN bridge?
Appreciate any responses to what are probably elementary questions. If there is a good resource for understanding these concepts I’d appreciate learning about it as well.