The OSPF part is not complicated:
- Make sure the mapping between remote address and vpn name are correct!!!! You should be able to ping the other ends of the tunnel. Are the routers on the other end Juniper? If they are then NHTB takes care of the mappings. If not, you only need to configure the mappings manually like this:
set interfaces st0 unit 0 multipoint
set interfaces st0 unit 0 family inet next-hop-tunnel 10.10.1.2 ipsec-vpn VPN_SITE2
set interfaces st0 unit 0 family inet next-hop-tunnel 10.10.1.3 ipsec-vpn VPN_SITE3
set interfaces st0 unit 0 family inet address 10.10.1.1/24
- OSPF interface should automatically be point-to-multipoint with no issues
(one time I had to configure it manually just to make the adjacency come up - probably old version of Junos)
- Make sure the st interface is an security zone and host-inbound-traffic allows ospf
For the VPNs:
- Make sure you do route based VPNs.
- PHASE 1 you need 1) proposal 2) policy 3) gateway
- PHASE 2 you need 1) proposal 2) policy 3) VPN
proposal and policies can be the same. You need one VPN and gateway per remote site.
instead of your own proposal you can reference one the prebuilt proposal-sets (within the policy)
- Don't forget things like (typical misconfiguration places):
- establish-tunnels immediately
- bind-interface st0.0
- host-inbound-traffic system-services ike
- external-interface
- security policies.
- matching keys
Give it a try and come back if you need any help.
Regards,