Re: Changing from a P2P connection to his backup's link (a VPN)

[Joachim Schipper <j_(_dot_)_schipper_(_at_)_math_(_dot_)_uu_(_dot_)_nl>]

On Mon, Apr 17, 2006 at 02:49:35PM -0300, Pablo Halamaj wrote:
> Hi, i have a Point to point  conection which has a VPN conection in Backup.
> More specific, what i have is a i386 OpenBSD 3.8 routing between 3 NICs.
> 1 NIC: Connection to the Corporate LAN
> 2 NIC: Connection to the Factory LAN
> 3 NIC : Connection to the Cisco interface of the P2P Link
> 
> Drawed:
> 
>                                          VPN
>                                             |
> Factory LAN|--------|OBSD 3.8|----Corp LAN----|Internet
>                           |
>                           |
>                        P2P
> 
> The VPN (ipsec with isakmp) connects perfect , following 'man vpn',
> i see the routes using netstat with enfcap as parameter , also with
> tcpdump i see the esp paquets between the VPN's gateways
> Mi Problems is:
> 
> What i should do to change the flow of data in order to make it flow
> throught the VPN connection when the P2P links goes down?
> Should i use pf's nat , route ? In which manner?
> 
> I will detect the status of the P2P link with a periodic ping through
> his interface.
> 
> I try to simulate this scenario, dropping the P2P link using
> ifconfig(ifconfig $PAP down) but the result to ping was 'no route to
> host: interface down'

At least two solutions come to mind: ifstated(8) and some routing daemon
(most likely bgpd(8) or ospfd(8), but support for older protocols is
also present).

		Joachim