I have a/24 from ARDC 44 net. I put that/24 into a different rdomain, makes it easier for me to move it off to a different router in the future. I have ipsec tunnels from various amateur radio remote stations which terminate in the rdomain, this system is used as a hub for these sites.
diana On March 30, 2025 10:47:26 PM MDT, Andrew Lemin <andrew.le...@gmail.com> wrote: >I had a similar issue years ago which I solved by putting 'up' as the first >line in the hostname.pairX files, so the pair interfaces come up without >any config first. > >But that was probably even before the ordering improvements mentioned by >David above, and is probably not ideal anymore. > >I used one rdomain for internal clients/VLAN, which has multipath default >routes pointing to a bunch of pair tunnels/patches. Each patch connects to >a different rdomain (with no physical interfaces attached) where I have >wireguard tunnel endpoints. This allows load balancing over multiple >wireguard or openvpn tunnels where tunnel addresses might overlap. >The tricky part was getting the tunnel daemon to use rdomain 0 for the >outer encrypted connection, but place the tunnel endpoint into different >rdomains for the clients. > >So it does work, and it works really well. But I remember spending weeks >getting it to work ;) > >Never knew about rport! will have to try that :) > >Good luck > > > >On Mon, 31 Mar 2025 at 14:57, Philipp Buehler < >e1c1bac6253dc54a1e89ddc046585...@posteo.net> wrote: > >> Am 31.03.2025 03:49 schrieb David Gwynne: >> > you can also try rport(4) to replace pair(4) for p2p links between >> > rdomains. >> >> Has been some years since i dug through all this - and rport is >> pretty brand new , thanks for the hint. Unsure why no .Xr .. >> >> >> PS: i would debate if I want a failed IP-config leading to an "up >> anyway", >> but as an option, sure. >> >> -- >> pb >> >>
