On 2025-09-07, Tom Smyth <[email protected]> wrote:
> what I mean interims of Networking is an Address on an Interface that is
> always up, either a Loopback interface, and on which I can run services
> such as SShd and
> have OSPF / BGPd originate messages from ... having it on a loopback eg
> lo1 means the IP address should always be up (as the Interface is always
> up (no physical dependencies) (useful for routers with multiple physical
> nics and multiple paths from which to reach the loopback,
"always up" is the key point here and people who don't do dynamic routing
might find this a strange concept. you can't use an address of a network
interface is dependent on a link being up, otherwise all services on
that machine will fail if one of possibly many viable links is out
of action.
> then refer to the loopback address in pf.conf
you can just use the interface name ("lo1" or whatever) in rules here.
(some of the daemons will accept that syntax too).
> then refer to the loopback address in bgpd.conf (the routerID and the Local
> Address for MultihopBGP sessions
> and then refer to the loopback address in Ospfd.conf Router ID
IME bgpd/ospfd config isn't easily shared between machines anyway..
I would either use config management + templating, or "includes"
for repeatable sections.
> and if the router ID was to be an any cast DNS server you would refer to
> the Loopback Address as a listen on in Relayd,conf nsd.conf or unbound
> .conf also ..
listening on 0.0.0.0 can work for some of these - there can be issues
with software using UDP sending replies from the wrong address
(unbound has "interface-automatic" which helps but that's fairly
unusual) - however you might find that "route sourceaddr <address of
loopback interface>" is enough to workaround this.
generally I'd suggest some config management software with template
support for places where you need to insert the actual IP into config
files though.
> On Thu, 4 Sept 2025 at 21:41, Tom Smyth <[email protected]>
> wrote:
>
>> Hi Ingo, Pascale,
>>
>> thanks for your very helpful responses... Ill give it a go
>>
>> much obliged,
>>
>> Tom Smyth
>>
>> On Thu, 4 Sept 2025 at 21:00, Ingo Schwarze <[email protected]> wrote:
>>
>>> Hi Tom,
>>>
>>> Tom Smyth wrote on Thu, Sep 04, 2025 at 08:17:04PM +0100:
>>>
>>> > sometimes in my router configs I would like to be able to declare
>>> > a macro in one location and refer to it across multiple files,
>>> > for instance a loopback address might be refered to in BGP, OSPF
>>> > and IPSEC and PF configuration,
>>> >
>>> > is there a way in OpenBSD of configuring aliases / variables like
>>> > that and then using them in config files where they would be
>>> > expanded / understood by the parser of the config file ...
>>>
>>> I don't think there is a method that is going to work with
>>> absolutely all config files one might come up with - but many
>>> of the daemons you mention are based on parse.y, hence they have
>>> reasonably similar configuration syntax, and many of them support
>>> the "include" directive:
>>>
>>> $ man -s 5 -k Ic=include
>>> acme-client.conf(5) - acme-client configuration file
>>> bgpd.conf(5) - BGP routing daemon configuration file
>>> eigrpd.conf(5) - EIGRP routing daemon configuration file
>>> hostapd.conf(5) - configuration file for the Host Access Point daemon
>>> httpd.conf(5) - HTTP daemon configuration file
>>> iked.conf(5) - IKEv2 configuration file
>>> ipsec.conf(5) - IPsec configuration file
>>> iscsi.conf(5) - ISCSI daemon configuration file
>>> ldapd.conf(5) - LDAP daemon configuration file
>>> ldpd.conf(5) - LDP routing daemon configuration file
>>> man.conf(5) - configuration file for man
>>> ospf6d.conf(5) - OSPF for IPv6 routing daemon configuration file
>>> ospfd.conf(5) - OSPF routing daemon configuration file
>>> pf.conf(5) - packet filter configuration file
>>> rad.conf(5) - router advertisement daemon configuration file
>>> relayd.conf(5) - relay daemon configuration file
>>> smtpd.conf(5) - SMTP daemon configuration file
>>> snmpd.conf(5) - SNMP daemon configuration file
>>> unwind.conf(5) - validating DNS resolver configuration file
>>> vm.conf(5) - virtual machine configuration
>>>
>>> So you *might* get away with putting *some* macros into *one*
>>> configuration file that you #include from configuration files
>>> for *some* different daemons - provided that you carefully
>>> study the documentation about which configuration file supports
>>> exactly what, be careful to not put stuff into the common file
>>> that makes any of the including daemons choke, and carefully
>>> test every daemon after every change.
>>>
>>> Disclaimer 1: as usual with apropos(1), do not take the above list
>>> at face value - instead, actually RTFM. For example, man.conf(5)
>>> supports an "includes" directive with a very different syntax that
>>> does soemthing very different but also matches the search
>>> expression "Ic=include".
>>>
>>> Disclaimer 2: i never did this myself, but i see no reason why it
>>> shouldn't work.
>>>
>>> > or am I asking for too much and just script the changes through
>>> > in config generators (which is what I do presently ?
>>>
>>> That's not completely unreasonable either; i did such things in
>>> the past when i had multiple firewalls separating various network
>>> segments and wanted conistent config files across more than one
>>> machine.
>>>
>>> Yours,
>>> Ingo
>>>
>>
>>
>> --
>> Kindest regards,
>> Tom Smyth.
>>
>
>
--
Please keep replies on the mailing list.
