each of this two boxes are configured this way:
Router 1
Ether1 (WAN) DHCP Public Interface as default route (0.0.0.0/0)
Ether2 (MAN) 10.2.0.1 10.2.0.0/30 (this is a canopy link between the 2 boxes)
Ether3 (LAN) 192.168.10.100 192.168.10.0/24
PPTP-IN-0 (VPN0) 10.3.0.1 p-t-p 10.3.0.2
routes:
0.0.0.0/0 - gateway given by dhcp on public interface - iface ether1
10.2.0.0/30 - ether2
192.168.10.0/24 - ether3
an Static routes : 192.168.20.0/24 GW 10.2.0.2, 10.3.0.2 - ether2
Router 2
Ether1 (WAN) DHCP Public Interface as default route (0.0.0.0/0)
Ether2 (MAN) 10.2.0.2 10.2.0.0/30 (this is a canopy link between the 2 boxes)
Ether3 (LAN) 192.168.20.100 192.168.20.0/24
PPTP-IN-0 (VPN0) 10.3.0.2 p-t-p 10.3.0.1
routes:
0.0.0.0/0 - gateway given by dhcp on public interface - iface ether1
10.2.0.0/30 - ether2
192.168.20.0/24 - ether3
an Static routes : 192.168.10.0/24 GW 10.2.0.1, 10.3.0.1
each box doing NAT for the 192.168.x.0/24 network
So,
what i’d like to have is a failover route to each 192.168.x.x/24 network using PPTP,
so if the canopy link goes down, the router should be able to switch routes and use
the PPTP link…
right now i can use each route to communicate networks, the canopy link works great,
the pptp works good, but if i disable the canopy link, established connections become closed
and it takes too long to the routers to change the route between canopy and pptp…
So, i am asking for your help and wisdom, if out there is someone that could guide me setting up
a failover route that would do the trick?
And i appologize for my bad english..
Thanks in advance.
C. Boy
Well! after a few tweaks and testing stuff in this matter..
i finally did it!
It was not that hard after all…
The way i found to create this failover route is this:
Router 1:
Ether1 (WAN) DHCP Public Interface as default route (0.0.0.0/0)
Ether2 (MAN) 10.2.0.1 10.2.0.0/30 (this is a canopy link between the 2 boxes)
Ether3 (LAN) 192.168.10.100 192.168.10.0/24
PPTP-IN-0 (VPN0) 10.3.0.1 p-t-p 10.3.0.2
Changes:
Create an Ethernet-over-IP interface (EoIP0) local: 10.4.0.1/30
with addresses local=10.3.0.1 remote=10.3.0.2
this tunnel runs over the VPN tunnel (secure traffic).
Create an Bonding Interface (Bond0) with Slaves: MAN, EoIP0 with active fail-over
with IP Address 10.5.0.1/30 and ARP Monitoring to 10.5.0.2
Added Masquerade on src-nat to Bond0 and LAN.
Added a Static route:
net 192.168.20.0/24 → gateway 10.5.0.2 - interface bond0.
Router 2:
Ether1 (WAN) DHCP Public Interface as default route (0.0.0.0/0)
Ether2 (MAN) 10.2.0.2 10.2.0.0/30 (this is a canopy link between the 2 boxes)
Ether3 (LAN) 192.168.20.100 192.168.20.0/24
PPTP-IN-0 (VPN0) 10.3.0.2 p-t-p 10.3.0.1
Changes:
Create an Ethernet-over-IP interface (EoIP0) local: 10.4.0.2/30
with addresses local=10.3.0.2 remote=10.3.0.1
this tunnel runs over the VPN tunnel (secure traffic).
Create an Bonding Interface (Bond0) with Slaves: MAN, EoIP0 with active fail-over
with IP Address 10.5.0.2/30 and ARP Monitoring to 10.5.0.1
Added Masquerade on src-nat to Bond0 and LAN.
Added a Static route:
net 192.168.10.0/24 → gateway 10.5.0.1 - interface bond0.
Also, i added a bunch of firewall rules.. and that’s it…
If any of the interfaces goes down, the other one takes over with a minimal packet loss,
actually it only loses those packets already sent on the faulty interface..
Besides, is possible to use the interfaces that are bonded (EoIP0, Man) to route other traffic
without affecting the current inside the bonded interface…!!
This boxes are pretty cool!
Again, please forgive my bad english!