Hi all,
I am trying to establish default routes on an openbsd firewall using ospfd
instead of use multipath+route to param under pf.conf without luck.
My topology is:
Internet ------- ExtFw1 ----------------|
|
OpenBSDFw ----- Internal Network
|
Internet ------- ExtFw2 ----------------|
ExtFw1 and ExtFw2 are commercial products with different versions. I have put
a rule to pass all traffic genereated by OpenBSD on both external firewalls.
My interfaces config are:
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:50:56:29:f2:2c
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet 172.25.50.1 netmask 0xffffffe0 broadcast 172.25.50.31
inet6 fe80::250:56ff:fe29:f22c%em0 prefixlen 64 scopeid 0x1
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:50:56:0f:7b:b0
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet6 fe80::250:56ff:fe0f:7bb0%em1 prefixlen 64 scopeid 0x2
enc0: flags=0<> mtu 1536
priority: 0
vlan15: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:50:56:0f:7b:b0
description: Management Interface
priority: 0
vlan: 15 priority: 0 parent interface: em1
groups: vlan
inet6 fe80::250:56ff:fe0f:7bb0%vlan15 prefixlen 64 scopeid 0x5
inet 172.25.65.1 netmask 0xfffffff0 broadcast 172.25.65.15
vlan25: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:50:56:0f:7b:b0
description: VPN Interface
priority: 0
vlan: 25 priority: 0 parent interface: em1
groups: vlan
inet6 fe80::250:56ff:fe0f:7bb0%vlan25 prefixlen 64 scopeid 0x6
inet 172.25.85.1 netmask 0xfffffff8 broadcast 172.25.85.7
vlan35: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1496
lladdr 00:50:56:0f:7b:b0
description: Primary Outgoing Interface
priority: 0
vlan: 35 priority: 0 parent interface: em1
groups: vlan egress
inet6 fe80::250:56ff:fe0f:7bb0%vlan35 prefixlen 64 scopeid 0x7
inet 192.168.100.66 netmask 0xfffffffc broadcast 192.168.100.67
vlan45: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1496
lladdr 00:50:56:0f:7b:b0
description: Secondary Outgoing Interface
priority: 0
vlan: 45 priority: 0 parent interface: em1
groups: vlan
inet6 fe80::250:56ff:fe0f:7bb0%vlan45 prefixlen 64 scopeid 0x8
inet 10.10.10.201 netmask 0xfffffff8 broadcast 10.10.10.207
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33204
priority: 0
groups: pflog
My ospfd.conf:
router-id 192.168.100.66
fib-update yes
redistribute connected
redistribute default
area 0.0.0.0 {
auth-type none
interface vlan35
interface vlan45 { metric 20 }
}
Output of "ospctl show database" command is:
Router Link States (Area 0.0.0.0)
Link ID Adv Router Age Seq# Checksum
192.168.100.66 192.168.100.66 641 0x80000001 0x3bdc
Type-5 AS External Link States
Link ID Adv Router Age Seq# Checksum
0.0.0.0 192.168.100.66 641 0x80000001 0x11cf
172.25.50.0 192.168.100.66 641 0x80000001 0x3ccb
172.25.65.0 192.168.100.66 641 0x80000001 0xf6f1
172.25.85.0 192.168.100.66 641 0x80000001 0x4a82
Output of "ospctl show n" command is:
r...@obsdintfw:~# ospfctl show n
ID Pri State DeadTime Address Iface Uptime
r...@obsdintfw:~#
Output of "ospctl show r" command is:
r...@obsdfwint:~# ospfctl show r
Destination Nexthop Path Type Type Cost Uptime
r...@obsdfwint:~#
Is this configuration correct? Why can't I establish my default routes with
multipath using ospfd? Or I am wrong and only I can use multipath+route to with
pf.conf??
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
