DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd September 2017
mefisto mefisto is offline
Port Guard
 
Join Date: Sep 2017
Posts: 20
Default Solved

Greetings all,

on my laptop, the wired interface is assigned a static IP address, with a proper defaultroute entry in the /etc/mygate. The wireless interface is configured to be assigned a dynamic IP address via DHCP.

I have configured an /etc/hostname.trunk0:
Code:
trunkproto failover trunkport wired_if0
trunkport wireles_if0
to be used for definition of:
Code:
ext_if = "trunk0"
in /etc/pf.conf.

All seems to be working, until I unplug the wired interface, at which point the defaultroute disappears from the routing table and I am unable to reach the Internet.

Any ideas how to resolve the problem?

Kindest regards,

M

Last edited by mefisto; 24th September 2017 at 08:59 PM.
Reply With Quote
  #2   (View Single Post)  
Old 24th September 2017
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,972
Default

You have a misconfigured trunk(4) device. It is the trunk pseudo-device which carries the shared IP address. The trunkports are not assigned IP addresses.

For failover between wired and wireless, they must be able to share the same IP address -- the wired and wireless Ethernet segments must be bridged to the same subnet.
Reply With Quote
  #3   (View Single Post)  
Old 24th September 2017
mefisto mefisto is offline
Port Guard
 
Join Date: Sep 2017
Posts: 20
Default

Hi jggimi,

thank you again for the answer.

Are you suggesting that I need to (1) remove the static address assignment form the wired_if0 and either (2) configure the /etc/hostname.trunk0 like:
Code:
trunkproto failover trunkport wired_if0
trunkport wireles_if0
dhcp
or (3) configure the /etc/hostname.trunk0 like:
Code:
trunkproto failover trunkport wired_if0
trunkport wireles_if0
inet 192.168.1.1 255.255.255.0
so that the tunk0 pseudo-device is assigned a single address?

If so, it appears that my goal of assigning a fixed IP address for the wired_if0 when I am on my home network and DHCP assigned address for the wireless_if0 when traveling is not achievable.

Let me ask a different question then. The primary motivation was that I do not have to modify the /etc/pf.conf every time the interface is switched because there is a danger that I forget. Is there another manner of achieving not having to modify the /etc/pf.conf?

Kindest regards,

M
Reply With Quote
  #4   (View Single Post)  
Old 24th September 2017
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,972
Default

Quote:
Originally Posted by mefisto View Post
...I need to (1) remove the static address assignment form the wired_if0...
Yes. Any NIC used as a trunkport must not have any IP address assigned, and also must be marked active. This is typically done by provisioning a trunkport with a hostname.if(5) file that contains only the ifconfig keyword "up" - as in this example from one of my firewalls that uses IEEE 802.3ad static trunking:
Code:
description "<< Trunk port >>"
up
Then, you would configure the trunk NIC to either have a static IP address or a dynamic IP address, using either "dhcp" or "inet" as you used in your reply above.
Quote:
If so, it appears that my goal of assigning a fixed IP address for the wired_if0 when I am on my home network and DHCP assigned address for the wireless_if0 when traveling is not achievable.
That isn't the purpose of a failover trunk. When a failover trunk is configured correctly, the user can switch between a primary (usually wired) and a backup (usually WiFi) physical segment that are bridged to the same LAN subnet, without loss of network sessions. That means one can move a laptop or netbook from a wired location on the LAN, and begin using WiFi on the same LAN, without stopping communication or changing IP addresses. This is different than any other form of trunk(4), as all of the others provide various means to achieve link aggregation over multiple physical links.
Quote:
Let me ask a different question then. The primary motivation was that I do not have to modify the /etc/pf.conf every time the interface is switched because there is a danger that I forget. Is there another manner of achieving not having to modify the /etc/pf.conf?
Oh, absolutely. Just put parentheses around the external NICs in your pf.conf file. From the PF User's Guide, highlight mine:
Quote:
The name of a network interface or group in parentheses ( ). This tells PF to update the rule if the IP address(es) on the named interface change. This is useful on an interface that gets its IP address via DHCP or dial-up as the ruleset doesn't have to be reloaded each time the address changes.

Last edited by jggimi; 24th September 2017 at 01:14 PM. Reason: typos - including one regarding external NICs, as there are two.
Reply With Quote
  #5   (View Single Post)  
Old 24th September 2017
mefisto mefisto is offline
Port Guard
 
Join Date: Sep 2017
Posts: 20
Default

Hi jggimi,

I think with you always setting me straight, I owe you a beer. Thank you.

Regarding you quote to the PF User's Guide, I am aware of change of the IP address on a (physical) interface, I am actually using this in my rules. But what I am asking is, what if the (physical) interface itself changes, from e.g., bge0 to ath. How do I deal with the need with re-defining the ext_if in /etc/pf.conf. Currently, I comment/uncomment them, but I tend to forget. . .

Code:
. . . 
ext _if = "bge"
#ext_if = "ath"
. . .
Kindest regards,

M
Reply With Quote
  #6   (View Single Post)  
Old 24th September 2017
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,972
Default

There are many solutions. Here are four that come to mind.
  1. Don't write rules associated with specific interfaces. Use addressing instead (from and/or to).
  2. Use the egress group to define your external interfaces. The group's definition is any interface currently operating a default route.
  3. Use lists of interfaces in your pass/block/match rules. PF will expand them into multiple rules, one per interface.
  4. Use a failover trunk interface for the purpose of consolidating rules.
Reply With Quote
  #7   (View Single Post)  
Old 24th September 2017
mefisto mefisto is offline
Port Guard
 
Join Date: Sep 2017
Posts: 20
Default

Hi jggimi,

success. Thank you once again.

Kindest regards,

M
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing Which Interface Is Assigned To Network Interface (physical) Port EverydayDiesel OpenBSD General 2 18th July 2014 10:25 AM
wired and wifi sharing but cant use bridging domdurocher OpenBSD General 8 6th October 2011 01:47 AM
pf.conf / Which interface ? xinform3n OpenBSD Security 3 8th March 2010 06:23 PM
Wired/Optical Microsoft IntelliMouse Explorer 3.0 installation vigol FreeBSD General 2 17th November 2009 12:34 PM
Wireless + wired = confused network setup davidgurvich FreeBSD General 3 27th May 2008 06:10 PM


All times are GMT. The time now is 11:09 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick