I had a similar issue years ago which I solved by putting 'up' as the first line in the hostname.pairX files, so the pair interfaces come up without any config first.
But that was probably even before the ordering improvements mentioned by David above, and is probably not ideal anymore. I used one rdomain for internal clients/VLAN, which has multipath default routes pointing to a bunch of pair tunnels/patches. Each patch connects to a different rdomain (with no physical interfaces attached) where I have wireguard tunnel endpoints. This allows load balancing over multiple wireguard or openvpn tunnels where tunnel addresses might overlap. The tricky part was getting the tunnel daemon to use rdomain 0 for the outer encrypted connection, but place the tunnel endpoint into different rdomains for the clients. So it does work, and it works really well. But I remember spending weeks getting it to work ;) Never knew about rport! will have to try that :) Good luck On Mon, 31 Mar 2025 at 14:57, Philipp Buehler < e1c1bac6253dc54a1e89ddc046585...@posteo.net> wrote: > Am 31.03.2025 03:49 schrieb David Gwynne: > > you can also try rport(4) to replace pair(4) for p2p links between > > rdomains. > > Has been some years since i dug through all this - and rport is > pretty brand new , thanks for the hint. Unsure why no .Xr .. > > > PS: i would debate if I want a failed IP-config leading to an "up > anyway", > but as an option, sure. > > -- > pb > >
