I have a 3 node network with OSPF Quagga running on each of them.
Each node connected with p2p, OpenVPN: http://vetal.ca/Download/img/Network_loop.png
(Will embed picture here when have reputation > 10)
pfSense has two OpenVPN clients, with ip 10.0.1.2 and 10.0.2.2, going to server 1 and 2 respectively.
Now, connection C (10.0.2.1 - 10.0.2.2) dies. What happens is, network is adapted and pfSence receives OSPF update that (10.0.2.1 - 10.0.2.2) is accessible via [B->A] route, instead of just [C] pfSense has information about 10.0.2.1 - 10.0.2.2 link and knows it exists 2 hops away.
Result is, when OpenVPN, C-tunnel client is trying to restart, it can't. Since it can't assign ip address which is in routing table:
Quote
/sbin/ifconfig ovpnc1 10.0.2.1 - 10.0.2.2 mtu 1500 netmask 255.255.255.255 up
FreeBSD ifconfig failed: external program exited with error status: 1
Manual call tells
ifconfig: ioctl (SIOCAIFADDR): Address already in use
Which way I can prevent this? Can I probe the dead link somehow? So, if tunnel C dies, Server 2 removes it and not advertise
I already tried link-detect, it shows link as up on Server 2 (OpenVPN listening side) anyway:
interface tun1
description VPS link C
link-detect
ipv6 nd suppress-ra
!
Shall it be separated with zones, e.g. A - backbone, ? Or is there a tcp-probe inset to quagga to tell if link is pingable?
If there is a probe, it will help to deal with another case:
On the picture above, if segment A is down. Traffic will be rerouted via pfSense (B->C instead of A) and stuck there. Since traffic is disabled (intentionally) from passing between tunnels by pfSense.
I am new to dynamic routing and believe there is a standard way to deal with this loop
