Community discussions

MUM Europe 2020
 
dalami
just joined
Topic Author
Posts: 23
Joined: Mon Dec 12, 2011 9:18 am

Request for information - VPN & Routing

Tue Jan 14, 2020 12:33 am

I admit it - I'm a bit out of my depth. Like many small business owners I fulfill multiple roles - including IT network admin. And it's been a while since I last set things up. I do remember utilizing some website examples/tutorials and the wiki - but I'm not finding what I need. If I can get this figured out I'll probably document it myself and try to add to the wiki.

And anticipating any queries regarding relatively small hardware - the connections involved are 50Mb down and 5Mb up from the ISP so nothing extravagant that requires major processing power. Less than a dozen clients per site. I am using fasttrack at all sites.

My topology:
  • Primary office/server location with a RB750GL primary router at 192.168.0.1. LAN 192.168.0.0/24 (my network and my control)
  • Within this LAN (on 192.168.0.2) a Linux server running OpenVPN. Roadwarriors connect to this server through primary router NAT.
  • Remote secondary site with RB750GL behind external router at 192.168.1.12. LAN 192.168.1.0/24 (also my control)
  • Remote tertiary site with hAP mini behind external router at 192.168.1.42. LAN 192.168.1.0/24 (customer site - no control of network). The purpose of this router is to gain secure access to a single client which is accomplished via dst-nat on the required port.
The first step is getting an encrypted connection from the two remotes to the office. I *think* I've done that via IKEv2. The configuration is all within "/ip ipsec" and "/ip firewall" - nothing is/was configured specially in "interfaces", "bridges", or "ppp". And - this works.

The next item I would like to have working is OSPF. At one time - I know it *was* working. And it *is* working now between the primary router and the OpenVPN server (running Quagga). But where I know it used to work between the primary router and the secondary site - I don't see the routes showing anymore. Nor do I see them recognizing each other as neighbors.

So with all that said...let's see if I can ask this right. If any of my premises are wrong please correct me.

I believe IPSEC provides a Layer 3 connection. If that's correct - does OSPF communicate over Layer 3 (which I think for this purpose means IP's accessible via routing)? Or is the lack of a Layer 2 connection the first problem?

I *do* have in my configuration, although presently disabled, EoIP interfaces and VPLS interfaces on both the primary and secondary routers. I remember creating them by following an example, and having them work, some time previously but don't recall why I used them or why I disabled them. I have tried enabling them - the EoIP seems to link up immediately and shows a couple packets but I never see any traffic on the VPLS interface. And neither appears to do anything for OSPF.

Do I need to assign an IP to either of those interfaces to get things to work?
Do I need to add either of the interfaces to my LAN bridge?

Appreciate any responses to what are probably elementary questions. If there is a good resource for understanding these concepts I'd appreciate learning about it as well.
 
User avatar
leoservices
Trainer
Trainer
Posts: 140
Joined: Fri Jan 13, 2012 2:20 am
Location: Belo Horizonte - MG - Brazil
Contact:

Re: Request for information - VPN & Routing

Thu Jan 16, 2020 3:58 am

Is there any OSPF related information in the LOG?
I try to help !

Leonardo Vieira
https://youtube.com/contractti
Like Facebook.com/contractti
 
dalami
just joined
Topic Author
Posts: 23
Joined: Mon Dec 12, 2011 9:18 am

Re: Request for information - VPN & Routing

Sat Jan 25, 2020 10:51 pm

None.
 
dalami
just joined
Topic Author
Posts: 23
Joined: Mon Dec 12, 2011 9:18 am

Re: Request for information - VPN & Routing  [SOLVED]

Tue Jan 28, 2020 2:56 am

The answer here is OSPF requires multicast which IPSEC does not provide. So either a layer 2 tunnel needs to be established - or a simple workaround is configuring the necessary links within OSPF via NBMA to use unicast communication.

Who is online

Users browsing this forum: No registered users and 3 guests