Community discussions

MikroTik App
 
Wazza
newbie
Topic Author
Posts: 45
Joined: Thu Oct 13, 2011 10:43 am

OSPF over L2TP not establishing after ROS7 upgrade.

Sun Aug 14, 2022 4:27 pm

Hi all,

Been hitting my head on this one, and I can't see it. Have many devices setup the same way, and ROS v6.x works fine. Upgrade to ROS v7, and hardware interfaces work okay, but I am unable to get OSPF to establish over L2TP.

So going with the "simplest" working config from 6.49 automatic conversion to 7.4.1, L2TP comes up, but OSPF only comes up on LAN interfaces, and not on the L2TP.

I've attempted to create an interface-template with basic details, and while this generates an OSPF interface for the L2TP interface, I can't get the state to go beyond ExStart.

Config under 7.4.1 looks like this:-
# aug/14/2022 22:27:39 by RouterOS 7.4.1

/interface bridge
add name=br.lan57 protocol-mode=none

/interface l2tp-client
add comment="WAN via L2TP" connect-to=11x.yyy.zz.nn \
    disabled=no mrru=1500 name=l2tp-wan01 password=PASSWORDHERE user=\
    USERNAMEHERE

/routing ospf instance
add disabled=no name=default-v2 router-id=172.31.57.66

/routing ospf area
add disabled=no instance=default-v2 name=backbone-v2

/ip address
add address=172.16.57.1/24 interface=br.lan57 network=172.16.57.0

/ip dhcp-client
add interface=ether1

/routing ospf interface-template
add area=backbone-v2 disabled=no interfaces=br.lan57 networks=\
    172.16.57.0/24 priority=1
add area=backbone-v2 disabled=no interfaces=l2tp-wan01 networks=172.19.8.0/24 \
    priority=1 type=ptp

I've attempted various types, from ptp, ptmp, ptmp broadcast, etc. with no change in result.

Results from running look like this:-
[admin@dev-ospf-741] > /routing/ospf/instance/print detail
Flags: X - disabled, I - inactive 
 0   name="default-v2" version=2 vrf=main router-id=172.31.57.66 

[admin@dev-ospf-741] > /routing/ospf/interface-template/print detail 
Flags: X - disabled, I - inactive 
 0   area=backbone-v2 interfaces=br.lan57 instance-id=0 networks=172.16.57.0/24 
     type=broadcast retransmit-interval=5s transmit-delay=1s hello-interval=10s 
     dead-interval=40s priority=1 cost=1 

 1   area=backbone-v2 interfaces=l2tp-wan01 instance-id=0 networks=172.19.8.0/24 
     type=ptmp-broadcast retransmit-interval=5s transmit-delay=1s 
     hello-interval=10s dead-interval=40s priority=1 cost=1 

[admin@dev-ospf-741] > /routing/ospf/interface/print detail 
Flags: D - dynamic 
 0 D address=172.19.8.152%l2tp-wan01 area=backbone-v2 state=ptp 
     network-type=broadcast cost=1 retransmit-interval=5s transmit-delay=1s 
     hello-interval=10s dead-interval=40s 

 1 D address=172.16.57.1%br.lan57 area=backbone-v2 state=dr 
     network-type=broadcast cost=1 priority=1 retransmit-interval=5s 
     transmit-delay=1s hello-interval=10s dead-interval=40s 

[admin@dev-ospf-741] > /routing/ospf/neighbor/print detail
Flags: V - virtual; D - dynamic 
 0  D instance=default-v2 area=backbone-v2 address=172.19.8.1 
      router-id=172.31.8.1 state="ExStart" state-changes=3 timeout=33s 

And some other operational information that shouldn't count, but will make it clear that this is a pretty basic config
[admin@dev-ospf-741] > /interface/print detail where running
Flags: D - dynamic; X - disabled, R - running; S - slave; P - passthrough 
 0  R   name="ether1" default-name="ether1" type="ether" mtu=1500 actual-mtu=1500 
        l2mtu=1592 max-l2mtu=9578 mac-address=08:55:31:62:68:10 ifname="eth0" 
        ifindex=11 id=1 last-link-up-time=aug/14/2022 22:21:24 link-downs=0 

11  R   name="br.lan57" type="bridge" mtu=auto actual-mtu=1500 l2mtu=65535 
        mac-address=96:C4:E6:06:B2:D7 ifname="br0" ifindex=4 id=13 
        last-link-up-time=aug/14/2022 22:21:15 link-downs=0 

12  R   ;;; WAN via L2TP
        name="l2tp-wan01" type="l2tp-out" mtu=1496 actual-mtu=1496 
        ifname="ppp11" ifindex=31 id=12 
        last-link-down-time=aug/14/2022 23:07:07 
        last-link-up-time=aug/14/2022 23:07:08 link-downs=2 

[admin@dev-ospf-741] > /interface/l2tp-client/print detail 
Flags: X - disabled; R - running 
 0  R ;;; WAN via L2TP
      name="l2tp-wan01" max-mtu=1450 max-mru=1450 mrru=1500 
      connect-to=11x.yyy.zz.nn user="USERNAMEHERE" password="PASSWORDHERE" 
      profile=default-encryption keepalive-timeout=60 use-peer-dns=no 
      use-ipsec=no ipsec-secret="" allow-fast-path=no add-default-route=no 
      dial-on-demand=no allow=pap,chap,mschap1,mschap2 
      l2tp-proto-version=l2tpv2 l2tpv3-digest-hash=md5 vrf=main 

[admin@dev-ospf-741] > /ip/address/print detail 
Flags: X - disabled, I - invalid, D - dynamic 
 0   address=172.16.57.1/24 network=172.16.57.0 interface=br.lan57 
     actual-interface=br.lan57 

 1 D address=10.204.98.192/24 network=10.204.98.0 interface=ether1 
     actual-interface=ether1 

 2 D address=172.19.8.152/32 network=172.19.8.1 interface=l2tp-wan01 
     actual-interface=l2tp-wan01 


I'm sure I'm missing something, and it "should" be simple, but I can't see it.

Oh, the peer end is another Tik, running 6.49.6, with dozens of L2TP tunnels and OSPF running over them, and I wouldn't be able to even think about touching that till I could get the client devices working...

Any help, gratefully appreciated.

Thanks,
Waz.
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 168
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: OSPF over L2TP not establishing after ROS7 upgrade.

Sun Aug 14, 2022 6:06 pm

Changes in OSPF settings, that occurred during the transition from version 6 to version 7, have been discussed on the forum several times already. I recommend deleting your current settings and doing the following:
/routing id add disabled=no id=172.22.99.254 name=id-slava select-dynamic-id=""
/routing ospf instance add disabled=no name=rt-slava router-id=id-slava
/routing ospf area add disabled=no instance=rt-slava name=backbone

/routing ospf interface-template add area=backbone comment="current LAN" disabled=no networks=172.22.99.0/24 passive
/routing ospf interface-template add area=backbone comment="current VPN" cost=20 disabled=no networks=172.16.42.0/24 passive type=ptp
/routing ospf interface-template add area=backbone comment=IPIP-TP cost=101 disabled=no networks=10.15.1.0/24 type=ptp
/routing ospf interface-template add area=backbone comment=IPIP-MO cost=101 disabled=no networks=10.16.1.0/24 type=ptp
/routing ospf interface-template add area=backbone comment=pool-L2TP cost=106 disabled=no networks=10.10.0.0/16 type=ptmp-broadcast
/routing ospf interface-template add area=backbone comment=pool-SSTP cost=107 disabled=no networks=10.11.0.0/16 type=ptmp-broadcast
/routing ospf interface-template add area=backbone comment=pool-PPTP cost=109 disabled=no networks=10.12.0.0/16 type=ptmp-broadcast

This example is taken from one of my routers.
 
Wazza
newbie
Topic Author
Posts: 45
Joined: Thu Oct 13, 2011 10:43 am

Re: OSPF over L2TP not establishing after ROS7 upgrade.

Mon Aug 15, 2022 1:09 am

Thanks for the reply.
I did try to redo the entire config manually deleting all OSPF and related settings and rely on nothing from the converted.

Still didn't make a difference...

Manual attempt:-
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing id
add disabled=no id=172.31.57.66 name=wan-ospf-id select-dynamic-id=""
/routing ospf instance
add disabled=no name=wan-ospf router-id=wan-ospf-id
/routing ospf area
add disabled=no instance=wan-ospf name=wan-backbone-v2
/routing ospf interface-template
add area=wan-backbone-v2 disabled=no interfaces=br.lan57 networks=\
    172.16.57.0/24 passive priority=1
add area=wan-backbone-v2 disabled=no networks=172.19.8.0/24 type=ptmp-broadcast
Still can't get it to come up and is stuck in ExStart...
[admin@dev-ospf-741] /routing> /routing/ospf/neighbor/print detail 
Flags: V - virtual; D - dynamic 
 0  D instance=wan-ospf area=wan-backbone-v2 address=172.19.8.1 
      router-id=172.31.8.1 state="ExStart" state-changes=3 timeout=30s 

Any other ideas?

Thanks,
Waz
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 168
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: OSPF over L2TP not establishing after ROS7 upgrade.

Mon Aug 15, 2022 9:52 pm

  1. In the 7th version, the name of the interface most often does not need to be specified.
  2. Do you have similar settings on both sides of the vpn tunnel?
 
Wazza
newbie
Topic Author
Posts: 45
Joined: Thu Oct 13, 2011 10:43 am

Re: OSPF over L2TP not establishing after ROS7 upgrade.  [SOLVED]

Tue Aug 16, 2022 1:25 am

Morning,

Yeah, tried with / without interface name etc.
VPN settings identical on both sides...

It does seem I've stumbled across the solution... It seems that in v6 ptp links still sent announcements via protocol 89 to the multicast addresses.
In v7 it seems these are no longer to the multicast addresses, but rather to the other end of the tunnel, which makes enough sense, however it is a change in behavior

Of course, for a bunch of legacy reasons we blocked protocol 89 to everything but the multicast addresses on the server side, and while that worked just fine in v6, we need to allow protocol 89 through the L2TP link for a v7 client to be able to establish a full OSPF session...

So... In short, not v7 OSPF config as such, but the way it operates is slightly different, and in our default environment, that gets blocked and prevents it from establishing properly.

Thanks for the replys.
Rgds,
Waz
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: OSPF over L2TP not establishing after ROS7 upgrade.

Tue Aug 16, 2022 9:11 am

ptmp-broadcast in v7 operate the same as ptmp in v6, both are using multicast to discover neighbours.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: OSPF over L2TP not establishing after ROS7 upgrade.

Tue Aug 16, 2022 12:42 pm

@mrx

is there any plan for sham links on v7?

Who is online

Users browsing this forum: No registered users and 17 guests