Community discussions

 
mst1711
just joined
Topic Author
Posts: 3
Joined: Wed Aug 02, 2017 10:56 pm

6.4x OpenVPN + OSPF trouble

Fri Mar 23, 2018 8:35 pm

Hello.

I want communicate two mikrotik by the OpenVPN and configure OSPF routes, but i get a problem.
== > 6.41.3 Router Server
OpenVPN server:
Local Address 172.16.0.1
Netmask 16
IP pool 172.16.0.2-172.16.254.254

OSPF networks
172.16.0.0/16 backbone

== > 6.41.3 Router Client
OpenVPN Client
Get address 172.16.248.10/16 network 172.16.0.0

OSPF networks
172.16.0.0/16 backbone

OpenVPN connected successfully, but OSPF get errors in log:
route,ospf,info Discarding Hello packet: mismatch in network mask
route,ospf,info mine=255.255.0.0
route,ospf,info remote=255.255.255.255
route,ospf,info source=172.16.0.1

I think this is a bug, because Local Address on ovpn server has netmask /32, at this time Network is /16.
For bugfix is need apply Netmask parameter to Local Address too.
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 227
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: 6.4x OpenVPN + OSPF trouble

Fri Mar 23, 2018 11:40 pm

Me too.
I have using static routes temporarily as workaround. :( :(
I apologize my grammatical errors, my english not so good, I am not a native speaker.
Wiki is maintained in English. I use Google translator. 8)
 
mst1711
just joined
Topic Author
Posts: 3
Joined: Wed Aug 02, 2017 10:56 pm

Re: 6.4x OpenVPN + OSPF trouble

Sat Mar 24, 2018 6:58 am

Me too.
I have using static routes temporarily as workaround. :( :(
For me this is not a solution, I have 500+ routes :-(
 
jrpaz
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Wed Jun 05, 2013 5:54 am

Re: 6.4x OpenVPN + OSPF trouble

Sat Mar 24, 2018 7:51 am

Can confirm this is annoying.

I only have five sites and to get OSPF to work I added each /32 to the network tab, and it's working.

This seems like an urgently needed fix for larger deployments.

*Make sure to set netmask to 32 on the OVPN server. It's like the OVPN Server doesn't respect that setting only the client applies it.
 
zuku
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Sat Jun 27, 2015 3:56 pm

Re: 6.4x OpenVPN + OSPF trouble

Tue Sep 11, 2018 2:54 pm

I have the same problem on mikrotik 6.40.9 bugfixes, my other mikrotik routers with older ROS do not have this error, I had to switch to static route to work on this router. Is any way to fix this?
 
kavehvn
just joined
Posts: 1
Joined: Sat Nov 28, 2015 6:10 pm

Re: 6.4x OpenVPN + OSPF trouble

Fri Jan 11, 2019 1:06 pm

Hi
Change netmask in OVPN server to 32 and test it again after a while.
It might solve your problem.
 
Ape
Member Candidate
Member Candidate
Posts: 177
Joined: Sun Oct 06, 2013 3:32 pm
Location: Freiburg, Germany
Contact:

Re: 6.4x OpenVPN + OSPF trouble

Fri Jan 11, 2019 3:58 pm

Hi,

if you only need to connect MT devices, you could use another VPN technology like IPSec/L2TP.
I like MT very much, but their OpenVPN implementation is known to be rudimentary.

Nonetheless, this should be fixed.

Regards,
Ape
 
tdw
Member Candidate
Member Candidate
Posts: 118
Joined: Sat May 05, 2018 11:55 am

Re: 6.4x OpenVPN + OSPF trouble

Sat Jan 12, 2019 10:06 pm

but their OpenVPN implementation is known to be rudimentary.
And insecure, the MT OpenVPN client does not check the server certificate, see https://nvd.nist.gov/vuln/detail/CVE-2018-10066 and https://janis-streib.de/post/mikrotik-ovpn-security/, which AFAIK has not been addressed
 
TheCiscoGuy
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Fri Jun 22, 2018 8:32 am

Re: 6.4x OpenVPN + OSPF trouble

Mon Jan 14, 2019 10:37 am

Just a thought, but there are 2 modes to set openvpn to, ethernet and ip. the ip setting creates a tun interface and will not allow the multicast to forward, ethernet on the otherhand creates a tap which does. If you are in ip mode, try setting the network-type to nbma and specify the peers, or change the openvpn mode from ip to ethernet.

If I am off base let me know as I do have not run into a situation where I need to run OSPF over OpenVPN
Network Solutions Engineer and Trainer
Cisco | Juniper | Mikrotik | Ubiquiti

Who is online

Users browsing this forum: No registered users and 4 guests