"Recent posts
#1
General Discussion / Re: How to use a /29 network w...
Last post by Patrick M. Hausen - Today at 11:54:03 AMAnd behind the uplinks you have a globally routable /29, right? You need to connect both BGP routers in that network.
#2
General Discussion / Re: How to use a /29 network w...
Last post by maartenc - Today at 11:50:48 AMThe uplinks on the routers belong to different ISPs
#3
General Discussion / Re: How to use a /29 network w...
Last post by Patrick M. Hausen - Today at 11:48:44 AMIMHO that is not how it's supposed to work. I have run the setup I outlined for two decades as an ISP with full tables and the only thing I can say is that my topology works.
#4
General Discussion / Re: How to use a /29 network w...
Last post by maartenc - Today at 11:46:52 AMHi Patrick,
The WAN interfaces and the router interfaces are in a different subnet. There is no connection between the routers, they are connected to different interfaces on the firewall. They push the 0.0.0.0/0 route to the firewall.
The WAN interfaces and the router interfaces are in a different subnet. There is no connection between the routers, they are connected to different interfaces on the firewall. They push the 0.0.0.0/0 route to the firewall.
#5
General Discussion / Re: How to use a /29 network w...
Last post by Patrick M. Hausen - Today at 11:33:28 AMI don't understand. Typically both routers and the WAN interface of OPNsense would share that /29. Additionally the two routers would have a CARP/HSRP/VRRP address in that /29. OPNsense would use that as its default gateway and the publicly visible address of your infrastructure would be OPNsense's.
The two routers would speak eBGP to their peers and iBGP to each other so in case the router with the active HA address is not the correct uplink it can resend the packets to its partner. Preferably a direct high bandwidth link between the two.
A /29 is enough for two uplink routers plus one HA address for them plus two firewalls and a HA address for them.
HTH,
Patrick
The two routers would speak eBGP to their peers and iBGP to each other so in case the router with the active HA address is not the correct uplink it can resend the packets to its partner. Preferably a direct high bandwidth link between the two.
A /29 is enough for two uplink routers plus one HA address for them plus two firewalls and a HA address for them.
HTH,
Patrick
#6
General Discussion / How to use a /29 network with ...
Last post by maartenc - Today at 11:22:26 AMHi,
I want to be able to use my /29 network on both interfaces/routers, but I can't seem to find how to do it.
My setup is the following:
2 routers connected to an OPNsense firewall with BGP, the routers push a default route to the firewall to let the internet traffic go out.
I have a /29 network which works on both routers.
At the moment I created 2 virtual IPs tied to the interface of each router and do the outgoing NAT that way.
But this of course means that if the primary router changes my outgoing IP changes which I'm trying to prevent.
How can I use my /29 without tying it to a specific interface?
Thanks for your help.
Best Regards,
Maarten
I want to be able to use my /29 network on both interfaces/routers, but I can't seem to find how to do it.
My setup is the following:
2 routers connected to an OPNsense firewall with BGP, the routers push a default route to the firewall to let the internet traffic go out.
I have a /29 network which works on both routers.
At the moment I created 2 virtual IPs tied to the interface of each router and do the outgoing NAT that way.
But this of course means that if the primary router changes my outgoing IP changes which I'm trying to prevent.
How can I use my /29 without tying it to a specific interface?
Thanks for your help.
Best Regards,
Maarten
#7
Virtual private networks / Re: Gateway monitoring and pro...
Last post by Bob.Dig - Today at 10:59:13 AMQuote from: rumshot on Today at 02:16:47 AMProton tunnels reuse the same local tunnel IP (10.2.0.2), which may contribute to routing/state ambiguityWhat do you mean by that.
And my observations are, that those tunnels stay up almost all the time, only ICMP gets dropped from time to time, nothing else.
#8
26.1, 26,4 Series / Re: DEC2770 Update issues.
Last post by franco - Today at 10:11:13 AMA few boxes shipped with faulty 26.4 factory images and it has since been fixed.
We've put a page here for users to fix the situation in situ:
https://docs.opnsense.org/troubleshooting/reset_firmware.html
Cheers,
Franco
We've put a page here for users to fix the situation in situ:
https://docs.opnsense.org/troubleshooting/reset_firmware.html
Cheers,
Franco
#9
General Discussion / Re: NUT is Broken After Udatin...
Last post by franco - Today at 10:08:41 AMInstead of a dozen reports for OPNsense I think one to NUT may make a lot more sense:
https://github.com/networkupstools/nut/issues
FreeBSD ports doesn't appear to have an reports or movement on that particular subject.
Cheers,
Franco
https://github.com/networkupstools/nut/issues
FreeBSD ports doesn't appear to have an reports or movement on that particular subject.
Cheers,
Franco
#10
26.1, 26,4 Series / Re: OPNcentral NAT sync crash ...
Last post by franco - Today at 09:55:29 AMCan you try this test package? Best to install on all systems:
# opnsense-revert -z os-OPNBEcore
Cheers,
Franco
# opnsense-revert -z os-OPNBEcore
Cheers,
Franco
