92
edits
Changes
DMVPN (Phase 3) with OSPF configuration example (view source)
Revision as of 15:41, 27 May 2024
, 27 MayEdit with screenshots
<p style="color:red">The information on this page is updated in accordance with the [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.07.1'''] firmware version .</p>
<p style="color:red">The information on this page is updated in accordance with the [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.07.1'''] firmware version .</p>
Create a new instance with a name of Your choice. In this example, we will name it '''"HUB"'''
Create a new instance with a name of Your choice. In this example, we will name it '''"HUB"'''
[[File:DMVPN add Hub.png|none|border|left|class=tlt-border|1100x1100px]]
Configure the HUB as shown:
Configure the HUB as shown:
[[File:DMVPN Hub 1.png|none|border|left|class=tlt-border|1100x1100px]]
[[File:DMVPN Hub 2.png|none|border|left|class=tlt-border|1100x1100px]]
<ul>
<ul>
<li>'''Enable''' - On</li>
<li>'''1. Enable''' - On</li>
<li>'''Working mode''' - Hub</li>
<li>'''2. Working mode''' - Hub</li>
<li>'''Local GRE interface IP address''' - 10.0.0.254</li>
<li>'''3. Local GRE interface IP address''' - 10.0.0.254</li>
<li>'''Local GRE interface netmask''' - 255.255.255.255</li>
<li>'''4. Local GRE interface netmask''' - 255.255.255.255</li>
<li>'''Pre-shared key''' - Create a password which will be used in authentication</li>
<li>'''5. Pre-shared key''' - Create a password which will be used in authentication</li>
<li>'''Redirect''' - On</li>
<li>'''6. Redirect''' - On</li>
<li>'''NFLOG group''' - 123</li>
<li>'''7. NFLOG group''' - 123</li>
<li>'''NHRP multicast NFLOG group''' - 124 (different than NFLOG group number)</li>
<li>'''8. NHRP multicast NFLOG group''' - 124 (different than NFLOG group number)</li>
</ul>
</ul>
Create a new instance with a name of Your choice. In this example, we will name it '''"SPOKE1"'''
Create a new instance with a name of Your choice. In this example, we will name it '''"SPOKE1"'''
Configure the SPOKE1 as shown:
Configure the SPOKE1 as shown:
[[File:DMVPN Spoke1 1.png|none|border|left|class=tlt-border|1100x1100px]]
[[File:DMVPN Spoke1 2.png|none|border|left|class=tlt-border|1100x1100px]]
<ul>
<ul>
<li>'''Enable''' - On</li>
<li>'''1. Enable''' - On</li>
<li>'''Working mode''' - Spoke</li>
<li>'''2. Working mode''' - Spoke</li>
<li>'''Hub address''' - Public IP address of the Hub</li>
<li>'''3. Hub address''' - Public IP address of the Hub</li>
<li>'''Local GRE interface IP address''' - 10.0.0.1</li>
<li>'''4. Local GRE interface IP address''' - 10.0.0.1</li>
<li>'''Remote GRE interface IP address''' - 10.0.0.254</li>
<li>'''5. Remote GRE interface IP address''' - 10.0.0.254</li>
<li>'''Pre-shared key''' - Use the same password that was created in the Hub's configuration</li>
<li>'''6. Pre-shared key''' - Use the same password that was created in the Hub's configuration</li>
<li>'''Redirect''' - On</li>
<li>'''7. Redirect''' - On</li>
<li>'''Multicast''' - On</li>
<li>'''8. Multicast''' - On</li>
<li>'''NHRP multicast NFLOG group''' - 124 (same number that was in the Hub's configuration)</li>
<li>'''9. NHRP multicast NFLOG group''' - 124 (same number that was in the Hub's configuration)</li>
</ul>
</ul>
On the Hub router, navigate to '''Network → Routing → Dynamic Routes → OSPF''' and configure OSPF as shown:
On the Hub router, navigate to '''Network → Routing → Dynamic Routes → OSPF''' and configure OSPF as shown:
[[File:DMVPN Hub OSPF 1.png|none|border|left|class=tlt-border|1100x1100px]]
[[File:DMVPN Hub OSPF Interface.png|none|border|left|class=tlt-border|1100x1100px]]
[[File:DMVPN Spoke1 OSPF 2.png|none|border|left|class=tlt-border|1100x1100px]]
<ul>
<ul>
<li>'''Enable Service''' - On</li>
<li>'''1. Enable Service''' - On</li>
<li>'''Router ID''' - 10.0.0.254</li>
<li>'''2. Router ID''' - 10.0.0.254</li>
<li>'''Passive interfaces''' - br-lan (all LAN interfaces)</li>
<li>'''3. Passive interfaces''' - br-lan (all LAN interfaces)</li>
<li>'''Redistribution options''' - NHRP </li>
<li>'''4. Redistribution options''' - NHRP </li>
<li>'''OSPF Interfaces''' - Create an entry, choose '''Type''' as '''Point-to-Multipoint''' and choose DMVPN interface as OSPF Interface and enable it</li>
<li>'''5. OSPF Interfaces''' - Create an entry, choose '''Type''' as '''Point-to-Multipoint''' and choose DMVPN interface as OSPF Interface and enable it</li>
<li>'''OSPF Area''' - Create an entry, input '''0''' to the '''Zone''' parameter and enable it </li>
<li>'''6. OSPF Area''' - Create an entry, input '''0''' to the '''Zone''' parameter and enable it </li>
<li>'''OSPF Networks''' - Create 2 entries, one network will be named GRE for VPN addresses '''10.0.0.0/24''', another networking will be named LAN for LAN addresses '''192.168.254.0/24.'''
<li>'''7. OSPF Networks''' - Create 2 entries, one network will be named GRE for VPN addresses '''10.0.0.0/24''', another networking will be named LAN for LAN addresses '''192.168.254.0/24.'''
Choose previously created OSPF Area entry and enable OSPF Networks</li>
Choose previously created OSPF Area entry and enable OSPF Networks</li>
On the Spoke1 router, navigate to '''Network → Routing → Dynamic Routes → OSPF''' and configure OSPF as shown:
On the Spoke1 router, navigate to '''Network → Routing → Dynamic Routes → OSPF''' and configure OSPF as shown:
[[File:DMVPN Spoke1 OSPF 1.png|none|border|left|class=tlt-border|1100x1100px]]
[[File:DMVPN Hub OSPF Interface.png|none|border|left|class=tlt-border|1100x1100px]]
[[File:DMVPN Spoke1 OSPF 2.png|none|border|left|class=tlt-border|1100x1100px]]
<ul>
<ul>
<li>'''Enable Service''' - On</li>
<li>'''1. Enable Service''' - On</li>
<li>'''Router ID''' - 10.0.0.1</li>
<li>'''2. Router ID''' - 10.0.0.1</li>
<li>'''Passive interfaces''' - br-lan (all LAN interfaces)</li>
<li>'''3. Passive interfaces''' - br-lan (all LAN interfaces)</li>
<li>'''Redistribution options''' - None </li>
<li>'''4. Redistribution options''' - None </li>
<li>'''OSPF Interfaces''' - Create an entry, choose '''Type''' as '''Point-to-Multipoint''' and choose DMVPN interface as OSPF Interface and enable it</li>
<li>'''5. OSPF Interfaces''' - Create an entry, choose '''Type''' as '''Point-to-Multipoint''' and choose DMVPN interface as OSPF Interface and enable it</li>
<li>'''OSPF Area''' - Create an entry, input '''0''' to the '''Zone''' parameter and enable it </li>
<li>'''6. OSPF Area''' - Create an entry, input '''0''' to the '''Zone''' parameter and enable it </li>
<li>'''OSPF Networks''' - Create 2 entries, one network will be named GRE for VPN addresses '''10.0.0.0/24''', another networking will be named LAN for LAN addresses '''192.168.1.0/24.'''
<li>'''7. OSPF Networks''' - Create 2 entries, one network will be named GRE for VPN addresses '''10.0.0.0/24''', another networking will be named LAN for LAN addresses '''192.168.1.0/24.'''
Choose previously created OSPF Area entry and enable OSPF Networks</li>
Choose previously created OSPF Area entry and enable OSPF Networks</li>
Navigate to '''Network -> Firewall -> General settings -> Zones''', set GRE zone to forward traffic to LAN and disable masquerading.
Navigate to '''Network -> Firewall -> General settings -> Zones''', set GRE zone to forward traffic to LAN and disable masquerading.
[[File:DMVPN Firewall LAN zone.png|none|border|left|class=tlt-border|1100x1100px]]
=Testing the setup=
=Testing the setup=
If You have followed the steps correctly, configuration should be finished. These should be the results that You will be getting:
If You have followed the steps correctly, configuration should be finished. These should be the results that You will be getting:
Routes on Spoke1:
root@RUTX11:~# ip route
default dev qmimux0 proto static scope link src '''WAN IP''' metric 1
10.0.0.2 nhid 30 via 10.0.0.254 dev gre4-SPOKE1 proto ospf metric 20 onlink
10.0.0.254 dev gre4-SPOKE1 proto static scope link
'''WAN IP''' dev qmimux0 proto static scope link metric 1
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
192.168.2.0/24 nhid 30 via 10.0.0.254 dev gre4-SPOKE1 proto ospf metric 20 onlink
192.168.254.0/24 nhid 30 via 10.0.0.254 dev gre4-SPOKE1 proto ospf metric 20 onlink
Routes on Spoke2:
root@RUTX11:~# ip route
default dev qmimux0 proto static scope link src 84.15.227.188 metric 1
10.0.0.1 nhid 41 via 10.0.0.254 dev gre4-SPOKE2 proto ospf metric 20 onlink
10.0.0.254 dev gre4-SPOKE2 proto static scope link
84.15.227.188 dev qmimux0 proto static scope link metric 1
192.168.1.0/24 nhid 41 via 10.0.0.254 dev gre4-SPOKE2 proto ospf metric 20 onlink
192.168.2.0/24 dev br-lan proto kernel scope link src 192.168.2.1
192.168.254.0/24 nhid 41 via 10.0.0.254 dev gre4-SPOKE2 proto ospf metric 20 onlink
OSPF neighbors on HUB (done on '''FRR VTYSH''' package):
[[File:DMVPN OSPF neighbors.png|none|border|left|class=tlt-border|1100x1100px]]
Spoke1 pinging Spoke2, traffic not going through HUB:
Spoke1:
root@RUTX11:~# ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
64 bytes from 192.168.2.1: seq=0 ttl=63 time=122.731 ms
64 bytes from 192.168.2.1: seq=1 ttl=63 time=123.373 ms
64 bytes from 192.168.2.1: seq=2 ttl=64 time=100.596 ms
64 bytes from 192.168.2.1: seq=3 ttl=64 time=100.323 ms
64 bytes from 192.168.2.1: seq=4 ttl=64 time=100.048 ms
HUB's traffic:
root@RUTXR1:~# tcpdump -i gre4-HUB
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on gre4-HUB, link-type LINUX_SLL (Linux cooked v1), snapshot length 262144 bytes
11:56:27.429401 IP 10.0.0.254 > ospf-all.mcast.net: OSPFv2, Hello, length 52
11:56:27.429578 IP 10.0.0.254 > ospf-all.mcast.net: OSPFv2, Hello, length 52
11:56:28.334054 IP 10.0.0.254 > 10.0.0.2: OSPFv2, LS-Update, length 100
11:56:29.094679 IP 10.0.0.2 > ospf-all.mcast.net: OSPFv2, Hello, length 52
11:56:29.095649 IP 10.0.0.2 > ospf-all.mcast.net: OSPFv2, LS-Ack, length 44
11:56:35.381588 IP 10.0.0.1 > ospf-all.mcast.net: OSPFv2, Hello, length 52
<br>
<br>
