Hello, Please tell me if it's possible to use tinc together with OSPF (instead of static routes in LAN). By OSPF I mean Quagga's GNU/Linux daemon. Namely, I have a group of LANs (private 192.168.x.0/24 each). Each LAN has a GNU/Linux default gateway, 192.168.x.1, that also connects to the Internet via a public IP address (does NAT and firewall for the LAN "behind" it). tinc daemon runs on each default gateway, connecting all LANs in a mesh. Today, on each default gateway, the /etc/tinc/NETWORK/tinc-up looks like: ifconfig $INTERFACE 192.168.x.1 netmask 255.255.0.0 ip route replace 10.0.0.0/8 dev $INTERFACE ip route replace 172.16.0.0/12 dev $INTERFACE so all private addreses are routed via the mesh. Now other gateways/routers (non-tinc, non-defaut, with private adddreses only) are installed in each LAN, connecting them via ?backup? links (purely private Ethernets). What I need is to start an interior dynamic routing daemon (OSPF?) on all routers (tinc or non-tinc) and share the routing information between them all (*including* those over tinc tunnels). The final goal is that if some random router/gateway fails, the network reconfigures itself without manual intervention (without the need to modify static routes on non-tinc routers). Could you please point me to some good documentation / examples for accomplishing this (if technically possible) ? How do I "inject" tinc routes in OSPF and vice-versa? Should the tinc virtual NETWORK interface participate in a Quaga/OSPF process, together with the other physical Ethernet private interfaces? How should /etc/tinc/NETWORK/tinc-up look like in such cases? Thanks a lot, R?zvan -------------- partea urm?toare -------------- Un ata?ament HTML a fost eliminat URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20151001/c1d5f410/attachment.html>
Hello R?zvan I use babeld and tinc. but I think you can use ospf and tinc. You need to take care about mesh capability from tinc to avoiding flaping route ou loop routing. You need to deactivate mesh routing from tinc in nodes with tinc and ospf. ----- Mail original ----- De: "R?zvan Sandu" <rsandu2007 at gmail.com> ?: tinc at tinc-vpn.org Envoy?: Jeudi 1 Octobre 2015 16:52:44 Objet: Tinc + OSPF - is it feasible? Hello, Please tell me if it's possible to use tinc together with OSPF (instead of static routes in LAN). By OSPF I mean Quagga's GNU/Linux daemon. Namely, I have a group of LANs (private 192.168.x.0/24 each). Each LAN has a GNU/Linux default gateway, 192.168.x.1, that also connects to the Internet via a public IP address (does NAT and firewall for the LAN "behind" it). tinc daemon runs on each default gateway, connecting all LANs in a mesh. Today, on each default gateway, the /etc/tinc/NETWORK/tinc-up looks like: ifconfig $INTERFACE 192.168.x.1 netmask 255.255.0.0 ip route replace 10.0.0.0/8 dev $INTERFACE ip route replace 172.16.0.0/12 dev $INTERFACE so all private addreses are routed via the mesh. Now other gateways/routers (non-tinc, non-defaut, with private adddreses only) are installed in each LAN, connecting them via ?backup? links (purely private Ethernets). What I need is to start an interior dynamic routing daemon (OSPF?) on all routers (tinc or non-tinc) and share the routing information between them all (*including* those over tinc tunnels). The final goal is that if some random router/gateway fails, the network reconfigures itself without manual intervention (without the need to modify static routes on non-tinc routers). Could you please point me to some good documentation / examples for accomplishing this (if technically possible) ? How do I "inject" tinc routes in OSPF and vice-versa? Should the tinc virtual NETWORK interface participate in a Quaga/OSPF process, together with the other physical Ethernet private interfaces? How should /etc/tinc/NETWORK/tinc-up look like in such cases? Thanks a lot, R?zvan _______________________________________________ tinc mailing list tinc at tinc-vpn.org http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
On Thu, 1 Oct 2015, R?zvan Sandu wrote:> What I need is to start an interior dynamic routing daemon (OSPF?) on all > routers (tinc or non-tinc) and share the routing information between them > all (*including* those over tinc tunnels). The final goal is that if some > random router/gateway fails, the network reconfigures itself without manual > intervention (without the need to modify static routes on non-tinc routers). > > Could you please point me to some good documentation / examples for > accomplishing this (if technically possible) ? > > How do I "inject" tinc routes in OSPF and vice-versa? Should the tinc > virtual NETWORK interface participate in a Quaga/OSPF process, together > with the other physical Ethernet private interfaces? How should > /etc/tinc/NETWORK/tinc-up look like in such cases?I think your best bet is to use tinc in switch mode instead of routing, and configure the tinc interface like if you had one big ethernet segment connecting all the tinc nodes - and then run you OSPF on it. (aka have one dedicticated subnet for all the tinc nodes, give each node one ip out of it, do not put static routes for your other subnets into the tinc config, and let the OSPF daemon add and remove those routes as needed) c'ya sven-haegar -- Three may keep a secret, if two of them are dead. - Ben F.