Ospf neighbor not accepted due to wrong mask?

gulweb · February 16, 2026, 10:44pm

Hello,

I am trying to debug an ospf over GRE configuration.

The have the tunnel up an working, and it is possible to exchange traffic
over the tunnel.

We have enabled ospf on both ends, using the tunnel interfaces. The "other end" is not openwrt.
Our end i openwrt. In our end the command trying to show the neighbor router fails.
In the other end it displays as "initializing".

Tcpdumping the helloes we get this

23:26:43.579362 IP (tos 0x0, ttl 58, id 56506, offset 0, flags [DF], proto GRE (47), length 92)
kthgw.sk0bu.amprnet.se > h-155-4-225-195.A444.priv.bahnhof.se: GREv0, Flags [none], length 72
IP (tos 0xc0, ttl 1, id 35620, offset 0, flags [none], proto OSPF (89), length 68)
44.5.7.114 > ospf-all.mcast.net: OSPFv2, Hello, length 48
Router-ID kthgw.sk0bu.amprnet.se, Backbone Area, Authentication Type: none (0)
Options [External]
Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.254, Priority 1
Neighbor List:
44.5.7.115
23:26:43.692541 IP (tos 0x0, ttl 63, id 48718, offset 0, flags [DF], proto GRE (47), length 88)
h-155-4-225-195.A444.priv.bahnhof.se > kthgw.sk0bu.amprnet.se: GREv0, Flags [none], length 68
IP (tos 0xc0, ttl 1, id 36842, offset 0, flags [none], proto OSPF (89), length 64)
44.5.7.115 > ospf-all.mcast.net: OSPFv2, Hello, length 44
Router-ID 44.5.7.115, Backbone Area, Authentication Type: none (0)
Options [External]
Hello Timer 10s, Dead Timer 40s, Mask 0.0.0.0, Priority 1

What differs is that at the openwrt end the Mask is 0.0.0.0, whereas at the other end the Mask is
255.255.255.254 (corresponding to the /31 scope the tunnel adresses have.

The interface in the openwrt end is gre4-kth, and the adresses are 44.5.7.115 Poitopoint 44.5.7.114 netmask 255.255.255.254.
As we have understood, the Mask item should be the network mask of the sender, but in the Hello it displays as 0.0.0.0. , and the Neighbor list is missing.
Do you have any hint of what is wrong here? Ideas how to debug this?

Gullik

anon63541380 · February 16, 2026, 10:56pm

Ehat odpf daemon are you using and what is configured for it?

Please use the "Preformatted text </>" button for logs, scripts, configs and general console output (red circle; this works best in the 'Markdown' composer view in the blue oval):

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):

Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall

gulweb · February 16, 2026, 11:37pm

We are using frr / ospfd
</>

frr version 10.2.1
frr defaults traditional
hostname OpenWrt
log syslog
!
password zebra
!
interface br-lan
ip ospf network broadcast
exit
!
interface gre4-kth
ip ospf network point-to-point
exit
!
router ospf
ospf router-id 44.5.7.115
network 44.5.0.0/20 area 0.0.0.0
exit
!
access-list vty seq 5 permit 127.0.0.0/8
access-list vty seq 10 deny any
!
line vty
access-class vty
exit

anon63541380 · February 16, 2026, 11:43pm

Read the previous post CAREFULLY. Your "conf*g files" are humanly unreadable.
I do not see a single /31 in your last post.

joelinux60 · February 17, 2026, 3:03am

I would think that netmask /31 is too small to allow ospf to work with. A /31 leaves no room for usable hosts within that subnet.
You may be better off with a netmask of /30.

gulweb · April 2, 2026, 1:17pm

´´´
ubus call system board
{
"kernel": "6.6.119",
"hostname": "OpenWrt",
"system": "MediaTek MT7621 ver:1 eco:3",
"model": "Ubiquiti EdgeRouter X",
"board_name": "ubnt,edgerouter-x",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.5",
"revision": "r29087-d9c5716d1d",
"target": "ramips/mt7621",
"description": "OpenWrt 24.10.5 r29087-d9c5716d1d",
"builddate": "1766005702"
}
}
cat /etc/config/network

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd9d:2ac7:7c9d::/48'
option packet_steering '1'

config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'eth2'
list ports 'eth3'
list ports 'eth4'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '44.5.5.224'
option netmask '255.255.255.240'
option ip6assign '60'

config interface 'wan'
option device 'eth0'
option proto 'dhcp'

config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'

config interface 'kth'
option proto 'gre'
option peeraddr '44.5.7.255'
option ipaddr '192.168.1.250'
option netmask '255.255.255.0'

config interface 'kth_addr'
option proto 'static'
option peeraddr '44.5.7.114'
option ipaddr '44.5.7.115'
option device '@kth'
option netmask '255.255.255.254'
option gateway '44.5.5.114'
option defaultroute '0'

as for dhcp.conf and firewall.conf, these are good, since the GRE tunnel is up and the other end replies to ping.

The problem is that while the other end does accept me as neighbor, my end does not accept it.
This can be seen in that the other end OSPF hello contains me as Neighbor, but my end does NOT have any neighbor.

{
	"kernel": "6.6.119",
	"hostname": "OpenWrt",
	"system": "MediaTek MT7621 ver:1 eco:3",
	"model": "Ubiquiti EdgeRouter X",
	"board_name": "ubnt,edgerouter-x",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "24.10.5",
		"revision": "r29087-d9c5716d1d",
		"target": "ramips/mt7621",
		"description": "OpenWrt 24.10.5 r29087-d9c5716d1d",
		"builddate": "1766005702"
	}
}
cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd9d:2ac7:7c9d::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'
	list ports 'eth2'
	list ports 'eth3'
	list ports 'eth4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '44.5.5.224'
	option netmask '255.255.255.240'
	option ip6assign '60'

config interface 'wan'
	option device 'eth0'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth0'
	option proto 'dhcpv6'

config interface 'kth'
	option proto 'gre'
	option peeraddr '44.5.7.255'
	option ipaddr '192.168.1.250'
	option netmask '255.255.255.0'

config interface 'kth_addr'
	option proto 'static'
	option peeraddr '44.5.7.114'
	option ipaddr '44.5.7.115'
	option device '@kth'
	option netmask '255.255.255.254'
	option gateway '44.5.5.114'
	option defaultroute '0'
´´´
as for dhcp.conf and firewall.conf, these are good, since the GRE tunnel is up and the other end replies to ping.

The problem is that while the other end does accept me as neighbor, my end does not accept it.
This can be seen in that the other end OSPF hello contains me as Neighbor, but my end does NOT have any neighbor.

_bernd · April 2, 2026, 1:59pm

Dude. /31 is supported since mid 90ies. Maybe not with Cisco but everyone else is using that for peer links. Omfg.

gulweb · April 3, 2026, 1:29pm

For some reason my end of frr / ospf does NOT send an ospf neighbor field. I can tcpdump the exchanges, and they look good, but my peer sends a neighbor field at the end, so his packets are 48 bytes long, but my end refuses to send HIS address as my neighbor, som the ospf at the other end stays "initializing". I can see no config errors, my Helloes is 44 bytes and there is no neighbor info. Do I have to enable transmission of neighbor info somehow????
G

_bernd · April 3, 2026, 1:37pm

Are you sure that all addresses and net masks are correct? I'm pretty sure it is just a config error.

If you need a second pair of eyes please post relevant configs with proper code format here.

gulweb · April 3, 2026, 2:03pm

Hello Bernd,
Yes, I have the GRE tunnel up, I can see the OSPF helloes going both ways, only difference is that my helloes DO NOT CONTAIN a neighbor, and thus are 44 bytes long as opposed to the peer which has 48 bytes long helloes, but WITH me as neighbor.

this is my frr.conf
'''frr version 10.2.1
frr defaults traditional
hostname OpenWrt
log syslog
!
password zebra
!
interface br-lan
ip ospf network broadcast
exit
!
interface gre4-kth
ip ospf network point-to-point
no ip ospf passive
exit
!
router ospf
ospf router-id 44.5.5.224
network 44.5.5.224/28 area 0.0.0.0
network 44.5.7.114/31 area 0.0.0.0
neighbor 44.5.7.114
router-info area
exit
!
access-list vty seq 5 permit 127.0.0.0/8
access-list vty seq 10 deny any
!
line vty
access-class vty
exit
'''
Gullik

_bernd · April 3, 2026, 2:40pm

Not sure about frr config but the neighbor needs to go to gre interface or not?