Support on SonicWall Products, Services and Solutions
Browse Knowledgebase by Category
How to create a mesh VPN network using Tunnel Interfaces and OSPF
12/20/2019 
756 
10932
DESCRIPTION:
It is quite easy to implement a Hub and Spoke VPN network using both Tunnel Interface and OSPF but the transition to a mesh network can be troublesome if you want to redistribute the SonicWall’s firewalled subnets.
RESOLUTION:
If you simply use the option “Redistribute Connected Network” in your OSPF configuration, it will perfectly work in hub and spoke environment but will prevent transition to a mesh environment as a tunnel interface is considered a connected interface by the SonicWall, hence the “spoke to spoke” VPN tunnel will fail to be created as both spokes will try to contact each other via the already existing VPN tunnel to the Hub.
Figure 1
Figure 2
In figure 1, you can see that a route exist to the second spoke (#6). In Figure 2, it should the equivalent on Spoke 2 (route #6).
The solution in to create a fully mesh environment is to use the OSPF “Passive” mode on the connected interface of all the mesh network’s nodes.
When OSPF passive mode is enabled on an interface, neither OSPF packets are sent nor any received on this interface. It only results in that interface’s network being advertised by OSPF to other OSPF peers as LSA 1 (Router) instead of LSA5 (External) when using “Redistribute Connected Networks”.
To Activate the Passive mode on your SonicWall’s internal networks, simply go to Network, Routing.
Then configure an internal network
Then simply choose the mode “Passive”
See Also:
Implementing Hub and Spoke Site-to-Site VPN on SonicOS Enhanced
