I have a/24 from ARDC 44 net. I put that/24 into a different rdomain, makes it easier for me to move it off to a different router in the future. I have ipsec tunnels from various amateur radio remote stations which terminate in the rdomain, this system is used as a hub for these sites.
diana
diana
On March 30, 2025 10:47:26 PM MDT, Andrew Lemin <andrew.lemin@gmail.com> wrote:
I had a similar issue years ago which I solved by putting 'up' as the first line in the hostname.pairX files, so the pair interfaces come up without any config first.But that was probably even before the ordering improvements mentioned by David above, and is probably not ideal anymore.I used one rdomain for internal clients/VLAN, which has multipath default routes pointing to a bunch of pair tunnels/patches. Each patch connects to a different rdomain (with no physical interfaces attached) where I have wireguard tunnel endpoints. This allows load balancing over multiple wireguard or openvpn tunnels where tunnel addresses might overlap.The tricky part was getting the tunnel daemon to use rdomain 0 for the outer encrypted connection, but place the tunnel endpoint into different rdomains for the clients.So it does work, and it works really well. But I remember spending weeks getting it to work ;)Never knew about rport! will have to try that :)Good luckOn Mon, 31 Mar 2025 at 14:57, Philipp Buehler <e1c1bac6253dc54a1e89ddc046585792@posteo.net> wrote:Am 31.03.2025 03:49 schrieb David Gwynne:
> you can also try rport(4) to replace pair(4) for p2p links between
> rdomains.
Has been some years since i dug through all this - and rport is
pretty brand new , thanks for the hint. Unsure why no .Xr ..
PS: i would debate if I want a failed IP-config leading to an "up
anyway",
but as an option, sure.
--
pb
No comments:
Post a Comment