I've been banging my head against this for a week, on and off.
I have a pair of pfSense firewalls (2.6.0-RELEASE) configured for high availability. They support an internal LAN, a DMZ, an OpenVPN server, the SYNC interface and are multi-homed (although one is not yet active).
I've been trying to get them to advertise routes to the DMZ and the OpenVPN connection onto the LAN interface with RIP. This is the configuration reported by FRR:
###################################################################
# This file was created by an automatic configuration generator. #
# The contents of this file will be overwritten without warning! #
###################################################################
!
frr defaults traditional
hostname pfsfw-a.xxx.com
password xxxxxxxx
service integrated-vtysh-config
!
ip router-id 192.168.7.243
!
interface igb4
ip rip send version 2
ip rip receive version 2
!
router rip
version 2
network 192.168.128.0/24
network 192.168.131.0/24
!
line vty
!
end
igb4
is the LAN interface, the DMZ is 192.168.128.0/24 on igb0
, and OpenVPN is using 192.168.131.0.
I see no sign of any RIP packets on other routers, or using WireShark. Wireshark does capture other packets from the igb4
interface.
I've tried setting up prefix lists and ACLs, but I'm not clear how these relate to the RIP configuration. Changing them doesn't seem to affect the configuration I've listed, and it makes no difference whether I configure them or not.
I haven't set up any Firewall rules for this. I'd be happy if I can get broadcasts sent out for now.
I'm sure I'm missing something, but I don't know what.