Failover with Ospf and OpenVpn

From ImageStream Router Documentation

Revision as of 23:32, 3 December 2014 by Josh (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

In this tech note we will setup link failover between a Wireless link and VPN that takes a different path to the internet. To do this we will first setup an OpenVpn Link between the two routers. Then we will configure Quagga Ospf to distribute a default route and learn the networks at the remote site.

We have two locations, Site A which has an existing internet connection and is the normal default route for Site B. Site B has a microwave link(connected via Ethernet to the router). Site B also has a second independent Internet connection.

OpenVpn Configuration

The OpenVpn configuration below is a simple peer to peer setup.

Site B OpenVpn configuration

!
interface Tunnel0
 description Tunnel to Site A 
 tunnel mode openvpn
 tunnel source 10.10.20.1 1194
 tunnel destination 205.168.66.1 1194
 tunnel key b232292562bde187ae65431ecc643147
 tunnel options --float --passtos --dev-type tap
 pointopoint address 192.168.45.1
 ip address 192.168.45.2 255.255.255.252
!
ip route add 205.168.66.1 via 10.10.20.2 dev eth7 

This establishes a OpenVpn Tunnel to Site A. One thing to note, in this example we what to direct traffic for the Site A router out a specific secondary Internet connection. In this case the secondary Internet connection is connected to Ethernet7 and the secondary router has an Ip address of 10.10.20.2. So we add a static host route to the remote Internet IP address that we are using as the tunnel destination. This will force the Vpn traffic to use the secondary Internet connection.

Site A OpenVpn configuration

!
interface Tunnel0
 description Tunnel to Site B 
 tunnel mode openvpn
 tunnel source 205.168.66.1 1194
 tunnel destination 0.0.0.0 1194
 tunnel key b232292562bde187ae65431ecc643147
 tunnel options --float --passtos --dev-type tap
 pointopoint address 192.168.45.2
 ip address 192.168.45.1 255.255.255.252
!

This configuration will listen to incoming Vpn requests from Site B. In this example Site B is behind a Router that is performing NAT. So we are unable to initiate the VPN from the Site A location.

This finishes the OpenVpn Configuration.

Quagga and OSFP configuration

Personal tools
Router software releases