On Sun, Jul 24, 2005 at 10:37:29PM -0700, Jonathan Walther wrote: > I've read the carp manpage, but am not clear if carp is able to help in > the following scenario: > > A box at a high availability colo site forwards some traffic to a > company LAN using a VPN. There are two VPN connections it could route > packets through, one going through the LAN's Cable connection, the other > through its DSL connection. Both VPN's connect to the same end host on > the other side of the two connections. > > If the DSL connection goes down, I want all connections and traffic to > be shunted to the Cable connection. I control both ends of the VPN, > which are OpenBSD Soekris boxes. > > Is this possible out of the box and supported by OpenBSD, or is it the > wrong approach to trying to keep packets getting into the LAN when one > of the external connections fail?
You could run ospfd (or quagga) on each host. (You'll need to use gif or gre tunnels to give a multicast capable link over the vpns). Make the dsl tunnel the lower cost route and ospf will change the routing tables to use the other link if it goes down. When it comes back up, ospfd will switch the routing table back to the lower cost route. I use precisely this method to provide a backup to a 100Mb WAN link using ipsec/adsl. Actually, for something as simple as this you could probably get away with writing a script to change the routing table when some condition occurs, like failure of a ping over the dsl link, but using ospf is a neater way to do it. -- stephen
