Failover routing
-
olsr can do this
you need a pfsense server with 3 network cards
wan,lan,opt1give all the pfsense opt1 network cards ipadress in the same network range
open a shell on the pfsense server
cd /usr/local/etc
nano olsrd.conf
type this in:DebugLevel 2
IpVersion 4
ClearScreen yesHNA IPv4 routes
syntax: netaddr netmask
Example Internet gateway:
0.0.0.0 0.0.0.0
Hna4
{
# Internet gateway:
# 0.0.0.0 0.0.0.0
# more entries can be added:
# 192.168.1.0 255.255.255.0
#10.141.254.0 255.255.255.0
10.141.250.0 255.255.255.0
0.0.0.0 0.0.0.0
}close the file with control + X
the 10.141.250.0 in the file is the local lan network you want to broadcast to the olsrd mesh so that clients on a other olsrd pfsense server can conect to that
the 0.0.0.0 in the file is telling the olsrd mesh that tiss olsrd node has a internet conection and that olsrd pfsense servers can use that one if don't have 1 or lost onestart olsrd
olsrd -i xl0 >> /dev/null &
replace xl0 with youre opt1 card -
do the other boxes with the ospf netowrk need to have oslr as well i guess to allow for the routing to go cleanly
is there anyway of importing oslr routes into ospf to stop a redesign of an already functioning ospf network.looks like you might have an answer is this theroy or practical. does it really work what sort of hardware requirements
-
all the pfsense servers need to run olsrd witch is all ready on the pfsense server instald by default
more info on olsrd you find here:
http://www.olsr.org/
olsrd is most used on wireless networks
so that you can put a node on a high tower and forget about the routing stuf
you do only the local routing stuf
the rest olsr will find out by him self
if one node breaks down the olsrd network will route the routes around the problem
if a new node is installed and has a faster route then a -> b then the network will use the faster route
so it's not only reporting of it has internet or not
its also reporting witch nodes it can see and how fast the route to them is and wat routes a laying behind the olsrd network node that don't use olsrd like the local lan network
so that that can be conect from all the olsrd serversyoure network will look somving like this:
lan 10.0.0.0/24
|
|
Wan1–------pfsense 1
|
|
192.168.1.1 opt1 (olsrd)------olsrd network ------|
|
|
|
Lan 10.0.1.0/24 |
| |
Wan1--------pfsense 2 |
| |
| |
192.168.1.2 opt1(olsrd)---------olsrd network-----|---(etc)
|
|
Lan 10.0.2.0/24 |
| |
| |
Wan1--------pfsense 3 |
| |
| |
192.168.1.3 opt1(olsrd)--------olsrd network--------|
|
|
Lan 10.0.3.0/24 |
| |
| |
-pfsense 4 |
| |
| |
192.168.1.4 wan(olsrd)--------olsrd network-------pfsense server 1 on 192.168.1.1 will report
it has internet and a direct route to 10.0.0.0/24
a route to node 192.168.1.2
a route to node 192.168.1.3
a route to node 192.168.1.4
a route to 10.0.1.0/24 via 192.168.1.2 / 192.168.1.3 / 192.168.1.4
a route to 10.0.2.0/24 via 192.168.1.3 / 192.168.1.2 / 192.168.1.4
a route to 10.0.3.0/24 via 192.168.1.4 / 192.168.1.2 / 192.168.1.3
a route to 0.0.0.0 via 192.168.1.2
a route to 0.0.0.0 via 192.168.1.3pfsense server 2 on 192.168.1.2 will report
it has internet and a direct route to 10.0.1.0/24
a route to node 192.168.1.1
a route to node 192.168.1.3
a route to node 192.168.1.4
a route to 10.0.0.0/24 via 192.168.1.1 / 192.168.1.3 / 192.168.1.4
a route to 10.0.2.0/24 via 192.168.1.3 / 192.168.1.1 / 192.168.1.4
a route to 10.0.3.0/24 via 192.168.1.4 / 192.168.1.1 / 192.168.1.3
a route to 0.0.0.0 via 192.168.1.3
a route to 0.0.0.0 via 192.168.1.1pfsense server 3 on 192.168.1.3 will report
it has internet and a direct route to 10.0.2.0/24
a route to node 192.168.1.1
a route to node 192.168.1.2
a route to node 192.168.1.4
a route to 10.0.0.0/24 via 192.168.1.1 / 192.168.1.2 / 192.168.1.4
a route to 10.0.1.0/24 via 192.168.1.2 / 192.168.1.1 / 192.168.1.4
a route to 10.0.3.0/24 via 192.168.1.4 / 192.168.1.1 / 192.168.1.2
a route to 0.0.0.0 via 192.168.1.1
a route to 0.0.0.0 via 192.168.1.2pfsense server 4 on 192.168.1.4 will report
it has a direct route to 10.0.3.0/24
a route to node 192.168.1.1
a route to node 192.168.1.2a route to node 192.168.1.3
a route to 10.0.0.0/24 via 192.168.1.1 / 192.168.1.2 / 192.168.1.3
a route to 10.0.2.0/24 via 192.168.1.3 / 192.168.1.1 / 192.168.1.2
a route to 10.0.1.0/24 via 192.168.1.2 / 192.168.1.1 / 192.168.1.3
a route to 0.0.0.0 via 192.168.1.1
a route to 0.0.0.0 via 192.168.1.2
a route to 0.0.0.0 via 192.168.1.3pfsense server 4 don't has internet and use pfserver 1,2 or 3 for its internet conections depending on witch one it can reache fast
if ospf can read the kernal routes then it can use the routes that olsrd add's or removes from the kernal routing tabels
olsrd self don't read from these tabels it has tabels with routing info and info of time it takes to make a conecting to a node on a route
and witch nodes has witch routes to witch nodes etc etc -
…[olsr] will always use ipadresses…
Is there any way to get OLSR to pass regular ethernet (MAC) traffic, such as using VPN over OLSR all done in pfSense, or other trick?
Another possibility if the above won't work: Can pfSense in Bridge mode also do "spanning tree protocol"? If so, is this possible solution worthy?
Thank you for the helpful replies,
-Pete -
Another possibility if the above won't work: Can pfSense in Bridge mode also do "spanning tree protocol"?
Yep, on non-wireless bridges it does this by default.
If so, is this possible solution worthy?
Not really sure.
-
on non-wireless bridges it does this by default.
How do you enable it on Wireless bridges? And, is using it over wireless known to be problematic? -
Why would you want it on wireless?
-
Why would you want [spanning tree protocol] on wireless?
I though it might route wireless bridged ethernet traffic around down wireless nodes. I guess not.My Goal: LANs in multiple buildings all linked together by ethernet Bridge over wireless Mesh (I assume olsr.org is the best).
Perhaps using OLSR plus "ethernet over IP" (such as VPN) to pass ethernet MAC traffic wirelessly between sites, all accomplished in pfSense, could make it appear to every PC in every building that they are on the same "local" ethernet LAN. Is this posssible? If so, how do I configure pfSense to do this?
Thanks, -pc
-
we are using a routed networ rather than a bridge network.
we have nodes with there own internet connection and a large
netowrk to link them all together.if an internet connection fails on a node then we manually reconfigure
the routes onto our ospf backbone to use another route.if you network is in anyway going to grow use routing and not bridging
it will be far more stable in our experiance.each of our nodes support 30 -100 wireless clients
we presently have 8 nodes and a 20 box backhaul system.
I think there are issues with oslr and ospf. from my recent reviews it seems that
oslr routes in the kernal are not recognised correctly by ospf. (but don't really know as
we dont really have any knowledge of oslr)We where thinking of working with the load balancing pool features in pfsense.
but this might not work to well either because it does not seem to touch the
routing table. Is this true.Maybe if we can consilidate some thoughts a little better we can do something here.
are there many more thoughts from the core team. would this be worth you spending
your time on. or are we a little to far over in the left field.we have no choice but to spend money on it so i would love to give some to the
fine pfsense team -
if you network is in anyway going to grow use routing and not bridging it will be far more stable in our experiance.
Thanks for the tip aldo! I'm a Programmer, but new to networking/wireless, and I appreciate any expert advice.
I had desired Bridging so a single Captive Portal could control all clients, but that may not be a good idea either.
-Pete -
you could still do this with routing. if you dont use nat on one side of the network
just route through it. captive portal could still work for you.i know the drama of design is a far differnet one that the doing of it though
continually fraught with try to do stuff but not spent money.i think i would prefer to be a prgrammer then maybe your only limitation is
how large your brain is.good luck i willl take some time with oslr in the next week and see what
it can do. i think it might be more powerful than i think, even if it
is a very immature product -
…[olsr] will always use ipadresses…
Is there any way to get OLSR to pass regular ethernet (MAC) traffic, such as using VPN over OLSR all done in pfSense, or other trick?
Another possibility if the above won't work: Can pfSense in Bridge mode also do "spanning tree protocol"? If so, is this possible solution worthy?
Thank you for the helpful replies,
-Peteolsrd will work on vpn just use the vpn interface as the interface for olsrd then on both sides of the vpn
if the interface can route then olsrd can work on it -
Is an olsr node capable of accepting RIP route information on its non-olsr interface?
Thanks, -pc -
yes but olsrd will not read the kernal routes
so info from rip can be rewirten by olrsdjust like rip is rewriting the kernal routes that olsrd has put in
-
just wondering about wheather anyone has come up with any great ideas here. it seems one of the core issues ould lie in how pfsense managed a dynamic routing table.
do we think that the changes made to olsrd would allow this to happen or that olsrd only works well within a subnet.has anyone had any time to test what scott has done so far. i am an ospf bgp player so this olsrd is new to me. we would definately consider it if it looks like it might be a practical solution.
-
i guess i could close this now i have managed to get quagga running a few months ago and it serves my purpose does anyone have any get extensions to this that would allow them to collect this bounty if not i will close the offer