Thanks Claer! I will check next week. Regards,
Toni On Fri, May 13, 2016 at 11:34:18AM +0200, Claer wrote: > On Thu, May 12 2016 at 47:18, Info wrote: > > Hello, this is my first post on OpenBSD, so do not riddle me, please... > Hello, > > Welcome to the lists. > > > I have one infrastructure with one tunnel IPSEC. This works ok, but I think > > I > > can duplicate the transfers. My topology is like this: > > > > * One ADSL 20Mb on Site A > > * Two ADSL 10Mb on Site B > > * Consists on one OpenBSD by site, attached the router directly > > > > I need share Network A with Network B with ipsec like now, but > > balanced/failovered. I search solutions and found 3 methods, but I'm not > > sure > > which use and this seems a little complicated: > > > > * CARP (I haven't two server by site) > > * PF (with ipsec i'm lost) > > * ifstated (I dont know nothing of this) > > > > I will send my topology graphically on attachment (it will read with system > > or fixed font). > > I implemented solutions like that in the past. The easier method with IPSEC is > using encapsulation. I tried two different setups: gif(4)+ifstated and > gif(4)+OSPF > The latter is simpler to maintain, and for us scaled over 50 sites. > > With just 2 sites, you can use gre(4) encapsulation instead of gif and use gre > keepalives instead of setting up ospfd. We didn't use that solution because > GRE keepalives are not implemented on Linux and we needed interoperability. > > Basically, you create 2 ipsec tunnels between A and your 2 pub IP addresses > on B. > Then you setup 2 GRE tunnels above IPSEC. On site A, you configure 2 routes > with > different weights to access your network on B. Do the same on site B. > In case of failure, the primary GRE tunnel will go down (because of missing > keepalives).Your BSD boxes will disable the 1st GRE tunnel interface and > use the 2nd route entry available. > > > > # 20.0.0.0 > > ######## # --- ###### > > ## ## # 10Mb |DSL|--------\ ## > > ## > > ######## # --- | ###### > > ## ## # / | ## > > ## > > ## ## 20Mb ########## / |.2 ###### > > --- .2 --- .1 # #----------/ --- > > |BSD|-------|DSL|------------# INET # |BSD|--- > > --- --- # #----------\ --- \ > > | ########## \ |.2 | > > | 10.0.0.0 # \ | --- > > --- # --- | NET > > NET # 10Mb |DSL|--------/ --- > > --- # --- > > 101.0.0.0 > > 100.0.0.0 # 21.0.0.0 > > Best regards, > > Claer
