Home

OpenNHRP implements NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create dynamic multipoint VPN Linux router using NHRP, GRE and IPsec. It aims to be Cisco DMVPN compatible.

Project Admins:

• Timo Teras

[raghavendar]

Is there any patch available for opennhrp to work with strongswan ?

[Timo Teras]

Quagga/NHRP and frr/nhrpd supercede opennhrp and integrate with strongswan. For further information see:
- https://wiki.alpinelinux.org/wiki/Dynamic_Multipoint_VPN_(DMVPN)_Phase_3_with_Quagga_NHRPd
- https://git.alpinelinux.org/cgit/dmvpn-tools/about/

[raghavendar]

So there is no patch available to make opennhrp work with strongswan ?

[Timo Teras]

No. The strongSwan patches at https://git.alpinelinux.org/cgit/user/tteras/strongswan/log/?h=tteras-release will enable writing opennhrp-script that would work mostly (with some restrictions). The exercise to do the script is left for the reader. I strongly recommend using quagga or frr nrhpd because it solves several issues opennhrp had and superior in almost any aspect. See also: http://git.savannah.gnu.org/cgit/quagga.git/tree/nhrpd/README.nhrpd

[raghavendar]

Thanks timo for that info, actually i'm using patched strongswan, BGPD(FRR) and OPENNHRP at HUB(it doesn't initiate a tunnel request ,when it gets tunnel establishing request, it responds to that. ).
At initiator side i'm using NHRPD(FRR), patched strongswan, BGPD(FRR). so with this i'm able to establish phase 1 tunnel but when i ping from one spoke to another spoke my hub is not initiating redirect messge itself.
What i think which causing the problem to initiate a redirect request from opennhrp is, as i have to configure gre interface IP with /24 host prefix at responder(OPENNHRP) side and with /32 host prefix at initiator side (FRR NHRPD). Is this the problem?

sorry for grammatical mistakes.

[raghavendar]

I hope you understood my scenario @Timo Teras.