Community discussions

MikroTik App
 
slesru
just joined
Topic Author
Posts: 6
Joined: Thu Jan 20, 2022 10:37 am

7.1.1, 7.2rc1, wireguard, ospf, nmba - problem

Thu Jan 20, 2022 10:58 am

Hello!

I want to use several mikrotik devices connected over wireguard to the same server, with ospf.
I created wireguard server on centos 7, with address 192.168.89.1/24 and bird as ospf service.
Then I connect mikrotik over wireguard. Everything is good here.
If I set AllowedIPs = 0.0.0.0/0 then ospf just works over multicast in one peer mode,
but this does not work if more then one peer.
So I limited this on server side to AllowedIPs = 192.168.89.2/32.
Any traffic passes over wireguard then but multicast.
So I need unicast:

/routing ospf instance
add name=ospf-instance-1 router-id=192.168.89.2
/routing ospf area
add area-id=0.0.0.1 instance=ospf-instance-1 name=ospf-area-1

/routing ospf interface-template
add area=ospf-area-1 networks=192.168.89.0/24 priority=0 type=nbma
/routing ospf static-neighbor
add address=192.168.89.1%wireguard1 area=ospf-area-1 poll-interval=5s

And here problem starts.
As I can see from tcpdump on server side mikrotik does not send hellos into wireguard interface, I see only hellos from bird:

tcpdump -n -i wg0 host 192.168.89.2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wg0, link-type RAW (Raw IP), capture size 262144 bytes
13:57:56.341322 IP 192.168.89.1 > 192.168.89.2: OSPFv2, Hello, length 44
13:58:16.341272 IP 192.168.89.1 > 192.168.89.2: OSPFv2, Hello, length 44
13:58:36.341131 IP 192.168.89.1 > 192.168.89.2: OSPFv2, Hello, length 44


If I connects from my desktop as second peer using FRR then everything works just fine:
interface wg0
ip ospf network non-broadcast
ip ospf priority 0
!
router ospf
ospf router-id 192.168.89.3
network 192.168.89.0/24 area 1
neighbor 192.168.89.1

ospfd# show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
10.1.1.5 128 Full/DR 39.863s 192.168.89.1 wg0:192.168.89.3 0 0 0

ospfd#


Could you tell me what is wrong here? Looks like mikrotik bug for me...

Thank you!
 
OlofL
Member Candidate
Member Candidate
Posts: 102
Joined: Mon Oct 12, 2015 2:37 pm

Re: 7.1.1, 7.2rc1, wireguard, ospf, nmba - problem

Thu Jan 20, 2022 4:01 pm

/routing ospf interface-template
add area=ospf-area-1 networks=192.168.89.0/24 priority=0 type=nbma

change this to:
type=ptp

(and the equivalent on frr side)
:)
 
slesru
just joined
Topic Author
Posts: 6
Joined: Thu Jan 20, 2022 10:37 am

Re: 7.1.1, 7.2rc1, wireguard, ospf, nmba - problem

Fri Jan 21, 2022 6:42 am

ptp will work only if multicast traffic works, it works only in point to point mode, not when one have several peers.

well, there is workaround- gre over wireguard, tunnel for each peer, to make it ptp , it works...
 
aleksis
just joined
Posts: 23
Joined: Wed Apr 30, 2014 12:13 pm

Re: 7.1.1, 7.2rc1, wireguard, ospf, nmba - problem

Fri Jan 21, 2022 9:48 am

For nbma and also ptmp network types static-neighbor configuration must be set.
 
slesru
just joined
Topic Author
Posts: 6
Joined: Thu Jan 20, 2022 10:37 am

Re: 7.1.1, 7.2rc1, wireguard, ospf, nmba - problem

Fri Jan 21, 2022 12:34 pm

Yes, sure, it is in first message here:

/routing ospf static-neighbor
add address=192.168.89.1%wireguard1 area=ospf-area-1 poll-interval=5s
 
slesru
just joined
Topic Author
Posts: 6
Joined: Thu Jan 20, 2022 10:37 am

Re: 7.1.1, 7.2rc1, wireguard, ospf, nmba - problem

Mon Jan 24, 2022 8:20 am

Well, we don't need this type of link right now, but we need to use router.
So, I have no mikrotik router for testing anymore.
Just interesting- does nmba work in v7 without wireguard?
 
slesru
just joined
Topic Author
Posts: 6
Joined: Thu Jan 20, 2022 10:37 am

Re: 7.1.1, 7.2rc1, wireguard, ospf, nmba - problem

Wed Feb 02, 2022 7:58 am

Well 7.2rc3 fixed nbma hellos, now I receive them.
But bird does not like them:

bird: MyOSPF: Bad HELLO packet from nbr 192.168.89.2 on wg0 - eligibility mismatch (1)

fortunately, ptmp works in unicast mode :-)

somethink like this:

/routing ospf interface-template
add area=ospf-area-1 networks=192.168.89.0/24 priority=1 type=ptmp
/routing ospf static-neighbor
add address=192.168.89.1%wireguard1 area=ospf-area-1 poll-interval=5s

and on bird side:

interface "wg0" {
#wg test
priority 128;
cost 1;
# type nbma;
type ptmp;
strict nonbroadcast yes;
neighbors {
192.168.89.2;
192.168.89.3;
};
};

So it works in unicast mode on both sides.

To install routes into mikrotik we need :
/interface wireguard peers
add allowed-address=0.0.0.0/0

otherwise mikrotik does not install routes...
 
AUsquirrel
just joined
Posts: 22
Joined: Fri Feb 21, 2014 10:28 pm

Re: 7.1.1, 7.2rc1, wireguard, ospf, nmba - problem

Sat Feb 12, 2022 8:50 am

I got mine working by adding the ospf multicast address 224.0.0.5/32 to my wireguard link.
 
slesru
just joined
Topic Author
Posts: 6
Joined: Thu Jan 20, 2022 10:37 am

Re: 7.1.1, 7.2rc1, wireguard, ospf, nmba - problem

Mon Feb 21, 2022 12:33 pm

Adding multicast will only work in point-to-point scenario, otherwise peers will not send it all other peers :-)
I.e. this is not an option.
 
Lilarcor
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Sun Oct 08, 2017 3:16 am

Re: 7.1.1, 7.2rc1, wireguard, ospf, nmba - problem

Mon Mar 07, 2022 5:44 am

I experienced same issue

Who is online

Users browsing this forum: No registered users and 7 guests