Hello,
I am a little confused on ho to make a backup ppp connection work
with a routed subnet. Here's the setup:
ADSL <--> ADSL router <--> switch <--> FW (OBSD) <--> LAN
aa.bb.cc.2| aa.bb.cc.3
|
VPN BOX
aa.bb.cc.6
Under normal conditions, we have an ADSL and a /29 public subnet,
the ADSL router being the default gateway.
I'm trying to do what the ISP would otherwise do with an expensive
sizzco: bring up a backup connection via ISDN, and have *all* the
subnet available (not just one IP). As you can see, there is one VPN
box which we do not manage and over which we have no control. The box
is set with a default gateway of aa.bb.cc.2, so there isn't really
much I can do about it.
So, I decided to use an old ISDN modem connected to a serial
port on the firewall. First I kill the ADSL router, wait a little
while, then fire up ppp. The ppp.conf is as follows:
MyISP:
set phone 1234567
set authname
set authkey
set login
set timeout 120
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
add default HISADDR
And I get a link on tun0, like this:
192.168.16.75 <-->
I can ping the gateway, but nothing else. This is a bit unusual: the
(very few and long ago) times I used ppp on OpenBSD was to connect
to my home ISP, but always with a *single* dynamic IP assigned by
the ISP. And you could surf the 'net immediately after the ppp link
went up.
This situation (a whole public subnet, not a single IP) appears to
be a different beast: for one thing, you cannot access the 'net
unless you assign one of your public IPs as an alias to the tun0
interface.
So I did: ifconfig tun0 alias aa.bb.cc.3
Then a route flush, then a route add default gw aa.bb.cc.3. And *now*
I can surf the 'net, at least from the firewall.
First question: am I doing this correctly so far?
If so, now comes the fun part. I killed power to the ADSL router
before, but I still have the VPN box on vr0, which under normal
circumstances is my public interface. This interface has a /29 subnet,
but I am assigning a specific IP (gateway, aa.bb.cc.2) to *another*
interface (tun0). This doesn't look right!
So I thought I could try bridging together tun0 and vr0. But when I
do so, I get a SIOCFLAGSsomething error message: apparently, the ppp
interface (tun0) refuses to be bridged, although I can bridge say,
vr1 and tun1 or vr0 and tun1.
This is a production system, so I have limited time to test. I can
post more details (error etc.) later.
In the meanwhile, can anybody point me in the right direction?
Many thanks in advance!
--Vic
