Line 1: |
Line 1: |
| + | |
| <p style="color:red">The information on this page is updated in accordance with the [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.07.1'''] firmware version .</p> | | <p style="color:red">The information on this page is updated in accordance with the [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.07.1'''] firmware version .</p> |
| | | |
Line 25: |
Line 26: |
| Create a new instance with a name of Your choice. In this example, we will name it '''"HUB"''' | | Create a new instance with a name of Your choice. In this example, we will name it '''"HUB"''' |
| | | |
− | (Image)
| + | [[File:DMVPN add Hub.png|none|border|left|class=tlt-border|1100x1100px]] |
| | | |
| Configure the HUB as shown: | | Configure the HUB as shown: |
| | | |
− | (Image)
| + | [[File:DMVPN Hub 1.png|none|border|left|class=tlt-border|1100x1100px]] |
− | | |
− | (Image)
| |
| | | |
| + | [[File:DMVPN Hub 2.png|none|border|left|class=tlt-border|1100x1100px]] |
| | | |
| <ul> | | <ul> |
− | <li>'''Enable''' - On</li> | + | <li>'''1. Enable''' - On</li> |
− | <li>'''Working mode''' - Hub</li> | + | <li>'''2. Working mode''' - Hub</li> |
− | <li>'''Local GRE interface IP address''' - 10.0.0.254</li> | + | <li>'''3. Local GRE interface IP address''' - 10.0.0.254</li> |
− | <li>'''Local GRE interface netmask''' - 255.255.255.255</li> | + | <li>'''4. Local GRE interface netmask''' - 255.255.255.255</li> |
− | <li>'''Pre-shared key''' - Create a password which will be used in authentication</li> | + | <li>'''5. Pre-shared key''' - Create a password which will be used in authentication</li> |
− | <li>'''Redirect''' - On</li> | + | <li>'''6. Redirect''' - On</li> |
− | <li>'''NFLOG group''' - 123</li> | + | <li>'''7. NFLOG group''' - 123</li> |
− | <li>'''NHRP multicast NFLOG group''' - 124 (different than NFLOG group number)</li> | + | <li>'''8. NHRP multicast NFLOG group''' - 124 (different than NFLOG group number)</li> |
| </ul> | | </ul> |
| | | |
Line 50: |
Line 50: |
| | | |
| Create a new instance with a name of Your choice. In this example, we will name it '''"SPOKE1"''' | | Create a new instance with a name of Your choice. In this example, we will name it '''"SPOKE1"''' |
− |
| |
− | (Image)
| |
| | | |
| Configure the SPOKE1 as shown: | | Configure the SPOKE1 as shown: |
| | | |
− | (Image)
| + | [[File:DMVPN Spoke1 1.png|none|border|left|class=tlt-border|1100x1100px]] |
| | | |
− | (Image)
| + | [[File:DMVPN Spoke1 2.png|none|border|left|class=tlt-border|1100x1100px]] |
| | | |
| <ul> | | <ul> |
− | <li>'''Enable''' - On</li> | + | <li>'''1. Enable''' - On</li> |
− | <li>'''Working mode''' - Spoke</li> | + | <li>'''2. Working mode''' - Spoke</li> |
− | <li>'''Hub address''' - Public IP address of the Hub</li> | + | <li>'''3. Hub address''' - Public IP address of the Hub</li> |
− | <li>'''Local GRE interface IP address''' - 10.0.0.1</li> | + | <li>'''4. Local GRE interface IP address''' - 10.0.0.1</li> |
− | <li>'''Remote GRE interface IP address''' - 10.0.0.254</li> | + | <li>'''5. Remote GRE interface IP address''' - 10.0.0.254</li> |
− | <li>'''Pre-shared key''' - Use the same password that was created in the Hub's configuration</li> | + | <li>'''6. Pre-shared key''' - Use the same password that was created in the Hub's configuration</li> |
− | <li>'''Redirect''' - On</li> | + | <li>'''7. Redirect''' - On</li> |
− | <li>'''Multicast''' - On</li> | + | <li>'''8. Multicast''' - On</li> |
− | <li>'''NHRP multicast NFLOG group''' - 124 (same number that was in the Hub's configuration)</li> | + | <li>'''9. NHRP multicast NFLOG group''' - 124 (same number that was in the Hub's configuration)</li> |
| </ul> | | </ul> |
| | | |
Line 99: |
Line 97: |
| On the Hub router, navigate to '''Network → Routing → Dynamic Routes → OSPF''' and configure OSPF as shown: | | On the Hub router, navigate to '''Network → Routing → Dynamic Routes → OSPF''' and configure OSPF as shown: |
| | | |
− | (image)
| + | [[File:DMVPN Hub OSPF 1.png|none|border|left|class=tlt-border|1100x1100px]] |
| | | |
− | (image2)
| + | [[File:DMVPN Hub OSPF Interface.png|none|border|left|class=tlt-border|1100x1100px]] |
| | | |
− | (image3)
| + | [[File:DMVPN Spoke1 OSPF 2.png|none|border|left|class=tlt-border|1100x1100px]] |
| | | |
| <ul> | | <ul> |
− | <li>'''Enable Service''' - On</li> | + | <li>'''1. Enable Service''' - On</li> |
− | <li>'''Router ID''' - 10.0.0.254</li> | + | <li>'''2. Router ID''' - 10.0.0.254</li> |
− | <li>'''Passive interfaces''' - br-lan (all LAN interfaces)</li> | + | <li>'''3. Passive interfaces''' - br-lan (all LAN interfaces)</li> |
− | <li>'''Redistribution options''' - NHRP </li> | + | <li>'''4. Redistribution options''' - NHRP </li> |
− | <li>'''OSPF Interfaces''' - Create an entry, choose '''Type''' as '''Point-to-Multipoint''' and choose DMVPN interface as OSPF Interface and enable it</li> | + | <li>'''5. OSPF Interfaces''' - Create an entry, choose '''Type''' as '''Point-to-Multipoint''' and choose DMVPN interface as OSPF Interface and enable it</li> |
− | <li>'''OSPF Area''' - Create an entry, input '''0''' to the '''Zone''' parameter and enable it </li> | + | <li>'''6. OSPF Area''' - Create an entry, input '''0''' to the '''Zone''' parameter and enable it </li> |
− | <li>'''OSPF Networks''' - Create 2 entries, one network will be named GRE for VPN addresses '''10.0.0.0/24''', another networking will be named LAN for LAN addresses '''192.168.254.0/24.''' | + | <li>'''7. OSPF Networks''' - Create 2 entries, one network will be named GRE for VPN addresses '''10.0.0.0/24''', another networking will be named LAN for LAN addresses '''192.168.254.0/24.''' |
| | | |
| Choose previously created OSPF Area entry and enable OSPF Networks</li> | | Choose previously created OSPF Area entry and enable OSPF Networks</li> |
Line 121: |
Line 119: |
| On the Spoke1 router, navigate to '''Network → Routing → Dynamic Routes → OSPF''' and configure OSPF as shown: | | On the Spoke1 router, navigate to '''Network → Routing → Dynamic Routes → OSPF''' and configure OSPF as shown: |
| | | |
− | (image)
| + | [[File:DMVPN Spoke1 OSPF 1.png|none|border|left|class=tlt-border|1100x1100px]] |
| | | |
− | (image2)
| + | [[File:DMVPN Hub OSPF Interface.png|none|border|left|class=tlt-border|1100x1100px]] |
| | | |
− | (image3)
| + | [[File:DMVPN Spoke1 OSPF 2.png|none|border|left|class=tlt-border|1100x1100px]] |
| | | |
| <ul> | | <ul> |
− | <li>'''Enable Service''' - On</li> | + | <li>'''1. Enable Service''' - On</li> |
− | <li>'''Router ID''' - 10.0.0.1</li> | + | <li>'''2. Router ID''' - 10.0.0.1</li> |
− | <li>'''Passive interfaces''' - br-lan (all LAN interfaces)</li> | + | <li>'''3. Passive interfaces''' - br-lan (all LAN interfaces)</li> |
− | <li>'''Redistribution options''' - None </li> | + | <li>'''4. Redistribution options''' - None </li> |
− | <li>'''OSPF Interfaces''' - Create an entry, choose '''Type''' as '''Point-to-Multipoint''' and choose DMVPN interface as OSPF Interface and enable it</li> | + | <li>'''5. OSPF Interfaces''' - Create an entry, choose '''Type''' as '''Point-to-Multipoint''' and choose DMVPN interface as OSPF Interface and enable it</li> |
− | <li>'''OSPF Area''' - Create an entry, input '''0''' to the '''Zone''' parameter and enable it </li> | + | <li>'''6. OSPF Area''' - Create an entry, input '''0''' to the '''Zone''' parameter and enable it </li> |
− | <li>'''OSPF Networks''' - Create 2 entries, one network will be named GRE for VPN addresses '''10.0.0.0/24''', another networking will be named LAN for LAN addresses '''192.168.1.0/24.''' | + | <li>'''7. OSPF Networks''' - Create 2 entries, one network will be named GRE for VPN addresses '''10.0.0.0/24''', another networking will be named LAN for LAN addresses '''192.168.1.0/24.''' |
| | | |
| Choose previously created OSPF Area entry and enable OSPF Networks</li> | | Choose previously created OSPF Area entry and enable OSPF Networks</li> |
Line 147: |
Line 145: |
| Navigate to '''Network -> Firewall -> General settings -> Zones''', set GRE zone to forward traffic to LAN and disable masquerading. | | Navigate to '''Network -> Firewall -> General settings -> Zones''', set GRE zone to forward traffic to LAN and disable masquerading. |
| | | |
− | (image)
| + | [[File:DMVPN Firewall LAN zone.png|none|border|left|class=tlt-border|1100x1100px]] |
| | | |
| =Testing the setup= | | =Testing the setup= |
Line 153: |
Line 151: |
| If You have followed the steps correctly, configuration should be finished. These should be the results that You will be getting: | | If You have followed the steps correctly, configuration should be finished. These should be the results that You will be getting: |
| | | |
| + | Routes on Spoke1: |
| + | root@RUTX11:~# ip route |
| + | default dev qmimux0 proto static scope link src '''WAN IP''' metric 1 |
| + | 10.0.0.2 nhid 30 via 10.0.0.254 dev gre4-SPOKE1 proto ospf metric 20 onlink |
| + | 10.0.0.254 dev gre4-SPOKE1 proto static scope link |
| + | '''WAN IP''' dev qmimux0 proto static scope link metric 1 |
| + | 192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 |
| + | 192.168.2.0/24 nhid 30 via 10.0.0.254 dev gre4-SPOKE1 proto ospf metric 20 onlink |
| + | 192.168.254.0/24 nhid 30 via 10.0.0.254 dev gre4-SPOKE1 proto ospf metric 20 onlink |
| + | |
| + | Routes on Spoke2: |
| + | root@RUTX11:~# ip route |
| + | default dev qmimux0 proto static scope link src 84.15.227.188 metric 1 |
| + | 10.0.0.1 nhid 41 via 10.0.0.254 dev gre4-SPOKE2 proto ospf metric 20 onlink |
| + | 10.0.0.254 dev gre4-SPOKE2 proto static scope link |
| + | 84.15.227.188 dev qmimux0 proto static scope link metric 1 |
| + | 192.168.1.0/24 nhid 41 via 10.0.0.254 dev gre4-SPOKE2 proto ospf metric 20 onlink |
| + | 192.168.2.0/24 dev br-lan proto kernel scope link src 192.168.2.1 |
| + | 192.168.254.0/24 nhid 41 via 10.0.0.254 dev gre4-SPOKE2 proto ospf metric 20 onlink |
| + | |
| + | OSPF neighbors on HUB (done on '''FRR VTYSH''' package): |
| + | |
| + | [[File:DMVPN OSPF neighbors.png|none|border|left|class=tlt-border|1100x1100px]] |
| + | |
| + | Spoke1 pinging Spoke2, traffic not going through HUB: |
| + | |
| + | Spoke1: |
| + | root@RUTX11:~# ping 192.168.2.1 |
| + | PING 192.168.2.1 (192.168.2.1): 56 data bytes |
| + | 64 bytes from 192.168.2.1: seq=0 ttl=63 time=122.731 ms |
| + | 64 bytes from 192.168.2.1: seq=1 ttl=63 time=123.373 ms |
| + | 64 bytes from 192.168.2.1: seq=2 ttl=64 time=100.596 ms |
| + | 64 bytes from 192.168.2.1: seq=3 ttl=64 time=100.323 ms |
| + | 64 bytes from 192.168.2.1: seq=4 ttl=64 time=100.048 ms |
| | | |
| + | HUB's traffic: |
| + | root@RUTXR1:~# tcpdump -i gre4-HUB |
| + | tcpdump: verbose output suppressed, use -v[v]... for full protocol decode |
| + | listening on gre4-HUB, link-type LINUX_SLL (Linux cooked v1), snapshot length 262144 bytes |
| + | 11:56:27.429401 IP 10.0.0.254 > ospf-all.mcast.net: OSPFv2, Hello, length 52 |
| + | 11:56:27.429578 IP 10.0.0.254 > ospf-all.mcast.net: OSPFv2, Hello, length 52 |
| + | 11:56:28.334054 IP 10.0.0.254 > 10.0.0.2: OSPFv2, LS-Update, length 100 |
| + | 11:56:29.094679 IP 10.0.0.2 > ospf-all.mcast.net: OSPFv2, Hello, length 52 |
| + | 11:56:29.095649 IP 10.0.0.2 > ospf-all.mcast.net: OSPFv2, LS-Ack, length 44 |
| + | 11:56:35.381588 IP 10.0.0.1 > ospf-all.mcast.net: OSPFv2, Hello, length 52 |
| | | |
| <br> | | <br> |