Thanks to both of you for the advice Just to followup I ended up with the relayd 'routers' setup as described in man page but with a script monitor rather than icmp. The monitor finds gateway for interface in route table and pings it with "-I" interface source address. Seems to work as desired. I also got it to work with ifstated but it seemed like more script and also a 2nd process when I have to run relayd for other purpose anyway.
-----Original Message----- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Stuart Henderson Sent: Friday, October 10, 2014 4:56 PM To: misc@openbsd.org Subject: Re: Route-to with a dynamic 'next hop' On 2014-10-09, Justin Mayes <jma...@careered.com> wrote: > Ok I got it working. Here is what I did > > Enabled multipath routing (sysctl) > Added the relayd anchor to pf.conf > Created a relayd.conf with this in it > > gw1="fxp0" > gw2="fxp1" > > table <gateways> { $gw1 ip ttl 1, $gw2 ip ttl 1 } router "uplinks" { > route 0.0.0.0/0 > forward to <gateways> check icmp > } Your relayd test here just pings your own interface's local IP addresses. For example if fxp0's address is 10.0.0.2, it is pinging 10.0.0.2. "ifconfig fxp0 down" will cause it to be detected, but it won't even notice you pulling out the cable. Also I don't believe it will track your dynamic address. One thing you could do in your situation is to use a route-to for the connection where you have a static address, and use a "probability" PF rule to load balance, allowing other traffic to be hit the normal default route. Another thing you could do is to use multiple route tables, and similarly use pf rules to direct traffic to use one table or another. For failover you can have some external checker (maybe run from ifstated, or maybe a simple shell script run from cron) that adjusts the PF ruleset as appropriate. You could either switch the whole ruleset out by pointing pfctl -f to a different file, or put the relevant route-to pieces in an anchor.
