VPN and OSPF problems

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

VPN and OSPF problems

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VPN and OSPF problems
VPN and OSPF problems
2023-11-15 13:49:33 - last edited 2023-11-20 16:06:14
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version:

I have several question, maybe someone can help me out. 

 

1)

I was trying to setup GRE VPN + OSP with 2 ER605 routers, but OSPF fails. GRE is working fine, but OSPF does not find it's neighbor. I enabled OSPF on the GRE Interface (passive mode = disable). Did someone get OSPF running on a Omada router? 

 

2)

It looks like I cannot setup User Authentication when using Wireguard VPN or IPSec (Client-Server). Can someone please confirm or corrcect me? 

 

3)

When using Site-2-Site VPN with IPSec, GRE or Wireguard, I can only add a single remote Subnet. Is that by design and I cannot add more?? How can I connect 2 sites when a site has more than 1 subnets? 

  0      
  0      
#1
Options
1 Accepted Solution
Re:VPN and OSPF problems-Solution
2023-11-17 03:22:59 - last edited 2023-11-20 16:06:14

Hi @ReneM 

Thanks for posting in our business forum.

You should add the GRE subnet to both routers' network tables.

Your config is supposed to be 10.254.0.0, 0.0.0.255, area ID 100.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#4
Options
3 Reply
Re:VPN and OSPF problems
2023-11-16 02:24:15

Hi @ReneM 

Thanks for posting in our business forum.

1. Please share the topology and the config for GRE and OSPF. Screenshots.

2. Unrelated two features. WG does not have the client option. I don't think the WG officially provides such a feature. IPsec does not use User Authentication, instead it uses the preshared key.

Look at the SSL VPN. That's what you are looking for. Other high-end models support them.

3. S2S and WG should allow you to set more than 1 subnet in the peer configuration in the Controller mode.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:VPN and OSPF problems
2023-11-16 21:48:07

  @Clive_A 

 

Thanks for your input!

 

I did not know that standalone mode has less features that controller mode. I thought it was vice verca. So I have to decide to use controller mode but not ospf but additional subnets in s2s configuration or standalone mode and ospf (whenever it is working...).

 

 

Regarding OSPF, what I have done is setting up a little lab with 2 ER-605 routers. they are in the same WAN segment (router A 1.0.0.1, router B 1.0.0.2) and for LAN I configured 2 different subnet. Router A has 192.168.2.0/24, router B has 192.168.20.0/24. Then I setup GRE which seems to be working fine.

 

 

Here is the OSP config for router A:

 

 

 

 

On router B it is the same setup with the same Area ID, only the Network table has a different IP address (192.168.20.0)

 

  0  
  0  
#3
Options
Re:VPN and OSPF problems-Solution
2023-11-17 03:22:59 - last edited 2023-11-20 16:06:14

Hi @ReneM 

Thanks for posting in our business forum.

You should add the GRE subnet to both routers' network tables.

Your config is supposed to be 10.254.0.0, 0.0.0.255, area ID 100.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#4
Options