Difference between revisions of "DMVPN (Phase 3) with OSPF configuration example"

From Teltonika Networks Wiki
(First version)
(No difference)

Revision as of 15:24, 24 May 2024

The information on this page is updated in accordance with the 00.07.07.1 firmware version .

Introduction

If You have trouble seeing any of the settings, be sure to enable "Advanced mode"

Networking rutos manual webui basic advanced mode 75.gif

Topology

(Topology image)


  • DMVPN HUB - GRE interface address - 10.0.0.254 - LAN interface address 192.168.254.1
  • DMVPN SPOKE1 - GRE interface address - 10.0.0.1 - LAN interface address 192.168.1.1
  • DMVPN SPOKE2 - GRE interface address - 10.0.0.2 - LAN interface address 192.168.2.1

Creating DMVPN network

HUB's configuration

Navigate to Services → VPN → DMVPN

Create a new instance with a name of Your choice. In this example, we will name it "HUB"

(Image)

Configure the HUB as shown:

(Image)

(Image)


  • Enable - On
  • Working mode - Hub
  • Local GRE interface IP address - 10.0.0.254
  • Local GRE interface netmask - 255.255.255.255
  • Pre-shared key - Create a password which will be used in authentication
  • Redirect - On
  • NFLOG group - 123
  • NHRP multicast NFLOG group - 124 (different than NFLOG group number)

SPOKE's configuration

Navigate to Services → VPN → DMVPN

Create a new instance with a name of Your choice. In this example, we will name it "SPOKE1"

(Image)

Configure the SPOKE1 as shown:

(Image)

(Image)

  • Enable - On
  • Working mode - Spoke
  • Hub address - Public IP address of the Hub
  • Local GRE interface IP address - 10.0.0.1
  • Remote GRE interface IP address - 10.0.0.254
  • Pre-shared key - Use the same password that was created in the Hub's configuration
  • Redirect - On
  • Multicast - On
  • NHRP multicast NFLOG group - 124 (same number that was in the Hub's configuration)

Configuration for the SPOKE2 will be analog to SPOKE1, with the exception of name being SPOKE2 and Local GRE interface IP address being 10.0.0.2

Testing DMVPN's connectivity

Pinging SPOKE1 from the HUB: 

root@RUTXR1:~# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: seq=0 ttl=64 time=52.890 ms
64 bytes from 10.0.0.1: seq=1 ttl=64 time=416.808 ms
64 bytes from 10.0.0.1: seq=2 ttl=64 time=246.881 ms
64 bytes from 10.0.0.1: seq=3 ttl=64 time=222.941 ms

Pinging SPOKE2 from the HUB: 

root@RUTXR1:~# ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: seq=0 ttl=64 time=119.929 ms
64 bytes from 10.0.0.2: seq=1 ttl=64 time=79.639 ms
64 bytes from 10.0.0.2: seq=2 ttl=64 time=294.173 ms
64 bytes from 10.0.0.2: seq=3 ttl=64 time=318.533 ms


OSPF configuration

Hub configuration

On the Hub router, navigate to Network → Routing → Dynamic Routes → OSPF and configure OSPF as shown:

(image)

(image2)

(image3)

  • Enable Service - On
  • Router ID - 10.0.0.254
  • Passive interfaces - br-lan (all LAN interfaces)
  • Redistribution options - NHRP
  • OSPF Interfaces - Create an entry, choose Type as Point-to-Multipoint and choose DMVPN interface as OSPF Interface and enable it
  • OSPF Area - Create an entry, input 0 to the Zone parameter and enable it
  • OSPF Networks - Create 2 entries, one network will be named GRE for VPN addresses 10.0.0.0/24, another networking will be named LAN for LAN addresses 192.168.254.0/24. Choose previously created OSPF Area entry and enable OSPF Networks

Spokes configuration

On the Spoke1 router, navigate to Network → Routing → Dynamic Routes → OSPF and configure OSPF as shown:

(image)

(image2)

(image3)

  • Enable Service - On
  • Router ID - 10.0.0.1
  • Passive interfaces - br-lan (all LAN interfaces)
  • Redistribution options - None
  • OSPF Interfaces - Create an entry, choose Type as Point-to-Multipoint and choose DMVPN interface as OSPF Interface and enable it
  • OSPF Area - Create an entry, input 0 to the Zone parameter and enable it
  • OSPF Networks - Create 2 entries, one network will be named GRE for VPN addresses 10.0.0.0/24, another networking will be named LAN for LAN addresses 192.168.1.0/24. Choose previously created OSPF Area entry and enable OSPF Networks

Configuration for the SPOKE2 will be analog to SPOKE1, with the exception of Router ID being 10.0.0.2 and OSPF Networks LAN entry's address being 192.168.2.0/24

Firewall Zones

This step should be done on DMVPN Hub and all spokes for OSPF to allow OSPF routes to their LAN networks.

Navigate to Network -> Firewall -> General settings -> Zones, set GRE zone to forward traffic to LAN and disable masquerading.

(image)

Testing the setup

If You have followed the steps correctly, configuration should be finished. These should be the results that You will be getting:



See also


External links

Retrieved from "https://wiki.teltonika-networks.com/index.php?title=DMVPN_(Phase_3)_with_OSPF_configuration_example&oldid=125794"