1. I'm using IPIP tunnels between my routers which are encrypted with IPsec.
2. I'm doing this with the IPsec password option on the IPIP tunnel configuration and the default IPsec policies.
3. This works fine, and it has been working for years.
4. Recently I've changed the hardware for my router with hEX S, moved my old config and... the tunnels are up, traffic passes through them, but the OSPF neighbor relationship over the tunnels does not form.
5. All routers which terminate the IPIP tunnels are RouterOS based and have the same software version. It's just that hEX S device, that just does not want to form OSPF adjacency with its peers.
So, I digged further. I did a packet capture on one of the IPIP tunnel interfaces:
1. What I observe is that the local router (hEX S) is sending an OSPF Hello packet - fair enough...
2. The remote router is sending an OSPF Hello packet, and that's the tricky part - it lists the local router (the hEX S device) in it's Active Neighobor field. Hence, it recognizes it as a neighbor.
3. The local router continues to send OSPF Hello packets but never lists anything in its Active Neighbor field.
How to resolve that?
Code: Select all
/routing ospf instance
set [ find default=yes ] redistribute-bgp=as-type-1 router-id=10.1.1.82
/routing ospf interface
add disabled=yes
add interface=bridge-local passive=yes
add cost=9 interface=ovpn-router72-in network-type=point-to-point
add interface=ovpn-rtsf83-in network-type=point-to-point
add cost=20 interface=Tunnel-rtsf79 network-type=point-to-point
add cost=100 interface=Tunnel-rtkj25 network-type=point-to-point
add cost=7 interface=Tunnel-rtdp73 network-type=point-to-point
add interface=Tunnel-rtsf83 network-type=point-to-point
add cost=110 interface=Tunnel-rtkj22 network-type=point-to-point
add interface=loopback0 passive=yes
/routing ospf network
add area=backbone network=192.168.82.0/24
add area=backbone comment="OVPN Network" network=192.168.100.0/24
add area=backbone comment="Transit network to rtsf79.sotirov-bg.net" network=10.82.79.0/30
add area=backbone comment="Transit network to rtkj25.sotirov-bg.net" network=10.82.25.0/30
add area=backbone comment="Transit network to rtkj22.sotirov-bg.net" network=10.82.22.0/30
add area=backbone comment="OSPF Router-id" network=10.1.1.82/32
add area=backbone comment="Transit network to rtdp73.sotirov-bg.net" network=10.82.73.0/30
add area=backbone comment="Transit Network to rtsf83.sotirov-bg.net" network=10.82.83.0/30