Re: CARP & PPPo
On Jan 31, 2008 7:32 PM, Sevan / Venture37 <[EMAIL PROTECTED]> wrote: > Is it possible to have a 2 node firewall using carp & be able to use > pppoe? > so if one node dies the other one picks up the & reinitiates the > connection > for example. > > > > Sevan / Venture37 > _ > Free games, great prizes - get gaming at Gamesbox. > http://www.searchgamesbox.com > > Yes. I don't know how it would work in the sense of the 'conventional' way. I do it with dynamic IP's, which even have MAC address reservations and works good for me... I'm considering posting an undeadly.org article on it with my scripts on how I do it, just not sure if anyone would be interested?
Re: CARP & PPPo
On Jan 31, 2008 8:36 PM, Sevan / Venture37 <[EMAIL PROTECTED]> wrote: > > > Yes. > > > > I don't know how it would work in the sense of the 'conventional' way. I > do > > it with dynamic IP's, which even have MAC address reservations and works > > good for me... I'm considering posting an undeadly.org article on it > with my > > scripts on how I do it, just not sure if anyone would be interested? > > > > I definitely would be! I don't have my ISP that does PPPoE anymore, so I have no way to test it... Is there something specific you're looking to do with CARP? I *assume* the only thing that wouldn't work properly would be the [pfsync] porition (assuming your IP changes on each reconnect?). If that is the case, then in that sense, you could still have redundant Firewall & NAT, etc. in the event one goes down or you shut-down for maintenance, etc. and the other will just kick in and continue routing, filtering, etc. without any user intervention...
Re: CARP & PPPo
On January 31, 2008 07:30:32 pm Richard Daemon wrote: > On Jan 31, 2008 7:32 PM, Sevan / Venture37 <[EMAIL PROTECTED]> wrote: > > Is it possible to have a 2 node firewall using carp & be able to use > > pppoe? > > so if one node dies the other one picks up the & reinitiates the > > connection > > for example. > > > > > > > > Sevan / Venture37 > > _ > > Free games, great prizes - get gaming at Gamesbox. > > http://www.searchgamesbox.com > > Yes. > > I don't know how it would work in the sense of the 'conventional' way. I do > it with dynamic IP's, which even have MAC address reservations and works > good for me... I'm considering posting an undeadly.org article on it with > my scripts on how I do it, just not sure if anyone would be interested? I would be very interested in reading such an article or if appropriate, helping write one. I have two PPPoE connections -- one with static addresses and framed routes and another with dynamic IP -- and will be happy to help in any way I can. -- Vijay Sankar, M.Eng., P.Eng. President & CEO ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6 Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]
Re: CARP & PPPo
On Jan 31, 2008 8:58 PM, Vijay Sankar <[EMAIL PROTECTED]> wrote: > On January 31, 2008 07:30:32 pm Richard Daemon wrote: > > On Jan 31, 2008 7:32 PM, Sevan / Venture37 <[EMAIL PROTECTED]> > wrote: > > > Is it possible to have a 2 node firewall using carp & be able to use > > > pppoe? > > > so if one node dies the other one picks up the & reinitiates the > > > connection > > > for example. > > > > > > > > > > > > Sevan / Venture37 > > > _ > > > Free games, great prizes - get gaming at Gamesbox. > > > http://www.searchgamesbox.com > > > > Yes. > > > > I don't know how it would work in the sense of the 'conventional' way. I > do > > it with dynamic IP's, which even have MAC address reservations and works > > good for me... I'm considering posting an undeadly.org article on it > with > > my scripts on how I do it, just not sure if anyone would be interested? > > I would be very interested in reading such an article or if appropriate, > helping write one. I have two PPPoE connections -- one with static > addresses > and framed routes and another with dynamic IP -- and will be happy to help > in > any way I can. > > -- > Vijay Sankar, M.Eng., P.Eng. > President & CEO > ForeTell Technologies Limited > 59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6 > Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED] Wow, thank you for the offer! Help would be great, it's mostly the article, howto or presentation that I'm not sure how to format yet... I have most of it already done, but I think it could be better presented. It's not fully on the website yet and ways on improving the scripts too, would be great from anyone. It just needs a few mods for PPPoE, but the working concept and model is in place and fully functional here. How's the weather in Winnipeg? :-) I'm in Montreal.
Re: CARP & PPPo
Richard Daemon wrote: > On Jan 31, 2008 8:36 PM, Sevan / Venture37 > <[EMAIL PROTECTED]> wrote: > >> >> I definitely would be! > I don't have my ISP that does PPPoE anymore, so I have no way to test > it... Carp on pppoe doesn't really make sense, unless I'm missing something. For fun, I tried it a while back (http://marc.info/?l=openbsd-misc&m=113940624732259&w=2). I suspect the "solution" to a redundant firewall cluster with a pppoe interface will involve ifstated. -Steve S.
Re: CARP & PPPo
On Jan 31, 2008 9:24 PM, Steven Surdock <[EMAIL PROTECTED]> wrote: > Richard Daemon wrote: > > On Jan 31, 2008 8:36 PM, Sevan / Venture37 > > <[EMAIL PROTECTED]> wrote: > > > >> > >> I definitely would be! > > I don't have my ISP that does PPPoE anymore, so I have no way to test > > it... > > Carp on pppoe doesn't really make sense, unless I'm missing something. > For fun, I tried it a while back > (http://marc.info/?l=openbsd-misc&m=113940624732259&w=2). I suspect the > "solution" to a redundant firewall cluster with a pppoe interface will > involve ifstated. > > -Steve S. > I'm not sure what doesn't make sense? The thing is, some people just want the redundancy regardless of protocol. :-)
Re: CARP & PPPo
On Thu, Jan 31 2008 at 24:21, Steven Surdock wrote: > Richard Daemon wrote: > > On Jan 31, 2008 8:36 PM, Sevan / Venture37 > > <[EMAIL PROTECTED]> wrote: > > > >> > >> I definitely would be! > > I don't have my ISP that does PPPoE anymore, so I have no way to test > > it... > > Carp on pppoe doesn't really make sense, unless I'm missing something. > For fun, I tried it a while back > (http://marc.info/?l=openbsd-misc&m=113940624732259&w=2). I suspect the > "solution" to a redundant firewall cluster with a pppoe interface will > involve ifstated. It's the way I solved the same problem. All interfaces are carped but pppoe. I use ifstated to track carp status. If the master goes down, then shutdown isakmpd and pppoe If the slave goes up, then activate pppoe and wait till fully functionnal (got an ip address) If the pppoe link become OK, start isakmpd and reapply pf just in case For the moment, I didn't have any issues on the primary :) Claer
