Menu

#2 DMVPN without cisco)

v1.0_(example)
open
Timo Teras
None
5
2015-06-05
2015-05-27
Vyacheslav
No

I have been trying to develop an opennhrp test network, with 1 linux hub and 2 linux spoke, having Ubuntu 12.04.1, kernel 3.2.0-29-generic

Hub :- eth0:192.168.100.111/24 , gre1:10.10.0.1/24
spoke1:- eth0:192.168.100.11/24 , gre1:10.10.0.2/24
spoke2:- eth0:192.168.0.12/24 , gre1:10.10.0.3/24

I have configured the GRE interface with following commands in hub and spokes

ip tunnel add gre1 mode gre local 192.168.100.111 key 1234 ttl 64
ip addr add 10.10.0.1/29 dev gre1
ip link set gre1 arp on
ip link set gre1 up

Ipsec configuration is same for both spokes and hub, as followed:

/etc/ipsec.conf:
    spdflush;
    spdadd 0.0.0.0/0 0.0.0.0/0 gre -P out ipsec esp/transport//require;
    spdadd 0.0.0.0/0 0.0.0.0/0 gre -P in  ipsec esp/transport//require;

Racoon configuration is same for both spokes and hub, as followed:

/etc/racoon/racoon.conf:
path pre_shared_key "/etc/racoon/psk.txt";
remote anonymous {
    exchange_mode main, aggressive;
    lifetime time 24 hour;
    script "/etc/opennhrp/racoon-ph1dead.sh" phase1_dead;
    proposal {
        encryption_algorithm 3des;
        hash_algorithm sha1;
        authentication_method pre_shared_key;
        dh_group 2;
    }        
}
sainfo anonymous {
    pfs_group 2;
    lifetime time 1 hour;
    encryption_algorithm 3des, blowfish 448, rijndael;
    authentication_algorithm hmac_sha1, hmac_md5;
    compression_algorithm deflate;
}

/etc/racoon/pskey.txt:

Hub:
192.168.100.11 1234
192.168.100.12 1234
Spoke:
192.168.100.111 1234

/etc/opennhrp/opennhrp.conf

Hub:
interface gre1
holding-time 3600
multicast dynamic
shortcut
redirect
non-caching

Spokes: interface gre1
holding-time 3600
map 10.10.0.1/24 192.168.200.111 register
multicast dynamic
shortcut
redirect
non-caching

interface lo:1
shortcut-destination

I have configured IP_net_forwarding = 1.

Each spoke is successfully dynamically registered to linux hub.

Both spokes ping Hub,but between spoke1 and spoke2 no ping.

It would be really appreciated, If you could help me to get the any solutions to above problems and get them working.

Discussion

  • Vyacheslav

    Vyacheslav - 2015-05-27

    Can I get a full list of values ​​for opennhrp.conf

     

  • Vyacheslav

    Vyacheslav - 2015-06-05

    Not relevant.He understood himself.

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.