Press "Enter" to skip to content

OSPF stuck in Exchange state – Point-to-point setting is ignored?

I am participating in the DN42 project. In the scope of this project, i have my own (virtual) AS. It contains the IP range of 172.23.211.0/24, and currently two hosts. A server, with the IP 172.23.211.129 and a home router with the IP 172.23.211.1. The server has a bird daemon running, and connects to other DN42 AS via BGP. Since the DN42 is encapsulated in the "real" internet, the connections are usually VPN connections where the DN42 traffic is routed. I only use OpenVPN site-to-site for this.

The server bird works fine. Now i want to connect the home router (a Unifi Security Gateway by Ubiquiti) to the server, and establish an OSPF session so that my home network has access to the DN42 as well. Therefore, i have successfully created an OpenVPN Site-to-Site connection between the router and the server.

The server has the following configuration for the OSPF endpoint, which is already proven right. This is because i had an OpenWRT router earlier, also with bird, which connected via OSPF to the server quite easy. This is the server config snippet:

protocol ospf {
  description "Intra-AS";
  debug {states, routes, interfaces};
  import filter dn42_import;
  export filter dn42_export;
  area 0 {
    interface "tun3" 172.23.211.0/24 {
      cost 10;
      hello 10;
      retransmit 5;
      # type ptp;
      wait 40;
      dead 40;
      authentication none;
    };

  };
}

The only setting i have added was the type ptp setting. Why i did this will i explain later on. The two filters just define the acceptable DN42 ip ranges, and reject all routes into other ranges.

As you probably know, you configure Unifi products with more deeper configuration with a config.gateway.json which is provisioned by the controller to the devices, if the web frontend isn't enough. This is the content of my config.gateway.json regarding the OSPF connection:

"interfaces": {
        "openvpn": {
                "vtun64": {
                        "description": "DN42",
                        "firewall": {
                                "in": {
                                        "ipv6-name": "LANv6_IN",
                                        "name": "LAN_IN"
                                },
                                "local": {
                                        "ipv6-name": "LANv6_LOCAL",
                                        "name": "LAN_LOCAL"
                                },
                                "out": {
                                        "ipv6-name": "LANv6_OUT",
                                        "name": "LAN_OUT"
                                }
                        },
                        "ip": {
                                "ospf": {
                                        "cost": "10",
                                        "dead-interval": "40",
                                        "hello-interval": "10", 
                                        "priority": "1",
                                        "retransmit-interval": "5",
                                        "transmit-delay": "1"
                                }
                        },
                        "local-address": {
                                "172.23.211.1": "''"
                        },
                        "local-port": "42003",
                        "mode": "site-to-site",
                        "openvpn-option": [
                                "--up-delay",
                                "--comp-lzo"
                        ],
                        "remote-address": "172.23.211.129",
                        "remote-host": [
                                "xyz"
                        ],
                        "remote-port": "42003",
                        "shared-secret-key-file": "/config/auth/secret_591c81bce4b04280c0197c94_5b7fcefa066d4113cfb87e76"

                }
        }
},
"protocols": {
        "ospf": {
                "area": {
                        "0.0.0.0": {
                                "network": [
                                        "172.23.211.0/24"
                                ]
                        }
                },
                "log-adjacency-changes": "''",
                "parameters": {
                        "router-id": "172.23.211.1"
                }
        }
},

I currently have the following situation: Both server and router see each other via OSPF, but they are stuck in the exchange state.

This is the OSPF neighbor state of the server:

bird> show ospf neighbors
ospf1:
Router ID       Pri          State      DTime   Interface  Router IP
172.23.211.1      1     Exchange/PtP    00:40   tun3       172.23.211.1

And this is the neighbor state of the router:

[email protected]:~$ show ip ospf neighbor 

    Neighbor ID Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
172.23.211.129    1 Exchange/DROthe   32.397s 172.23.211.129  vtun64:172.23.211.1      0     0   339

As you can see, the router sees the server as Exchange/DROther and the router sees the server as Exchange/PtP. As far as my understanding of OSPF election methods goes, they are stuck here, since they have different network type config. And this is where i am out of ideas because:

  • When i comment the type ptp in the server bird config in, and restart bird, the router still sees the server as Exchange/DROther.
  • The router hasn't even set the network to point-to-point. Why is the server seeing the router as Exchange/PtP?

As i have mentioned, i previously had an OpenWRT router with bird, and the server had not specified any network type. The connection was successful. So, maybe it is just a configuration error of the Unifi system (which is very similar to the EdgeOS system)..

So my goal is to create the OSPF connection, and my question is: Why are the hosts apparently ignoring the network type setting? Is this even the real reason that the connection cannot succeed? If there are any other big mistakes in the config, feel free to tell me. I am new to the Unifi system and selected it so that i can learn something new, but apparently learning isn't always possible with the help from outside.

Thanks for helping.

Be First to Comment

Leave a Reply

%d bloggers like this: