Description:
In the interests of load distribution and redundancy, the headquarters can operate several VPN gateways to be used by the branches to establish a VPN connection. A routing protocol like RIP (Routing Information Protocol) is used to synchronize the routing entries between the VPN gateways.
As of LCOS 10.40, RIP is no longer able to select the routes used for simplified certificate dial-in from the routing table. For this scenario, an alternative routing protocol named OSPF (Open Shortest Path First) has to be used instead.
This article describes how to change from RIP to OSPF.
Requirements:
- LCOS as of version 10.40 (download latest version) on the VPN gateways at the headquarters
- LANtools as of version 10.40 (download latest version)
- At least two VPN gateways at the headquarters
- Fully configured and functioning scenario with simplified certificate dial-in
Scenario:
- Two VPN gateways at the headquarters terminate the VPN connections from the branches.
- The VPN dial-in operates with simplified certificate dial-in.
- Up to and including LCOS 10.34, the routing entries were propagated via RIP. From LCOS 10.40 the routes have to be propagated via OSPF.
Procedure:
The following steps need to be carried out on all of the VPN gateways at the headquarters. No configuration changes are required on the VPN routers at the branches!
1) Open the configuration of the VPN gateway at the headquarters and switch to the menu item Routing protocols → RIP → RIP networks).
2) Mark the RIP network being used (in this example the network INTRANET) and click on Edit.
3) Set the RIP type to Off to disable RIP for this network.
4) Switch to the menu Routing protocols → OSPF and set a checkmark for Open Shortest Path First (OSPF) enabled.
5) Go to the menu OSPF instance.
6) Select the entry DEFAULT and click on Edit.
7) Make sure that the entry Activate OSPF instance is checked and, under Router ID, enter the IP address of the router on the network used to propagate routes via OSPF.
8) Go to the menu OSPF instances.
9) Modify the following parameters:
- OSPF interface: From the drop-down menu, select the network for which the routing entries are to be propagated by OSPF.
- OSPF instance: From the drop-down menu, select the OSPF instance modified in step 7.
10) Go to the menu Connected.
11) Modify the following parameters:
- OSPF instance: From the drop-down menu, select the OSPF instance modified in step 7.
- Metric source: From the drop-down menu, select Protocol.
12) This concludes the changes on the first VPN gateway. Write the configuration back to the router.
13) Repeat these steps for the second VPN gateway.
