From owner-freebsd-questions@FreeBSD.ORG Fri Feb 1 23:47:04 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0422616A417 for ; Fri, 1 Feb 2008 23:47:04 +0000 (UTC) (envelope-from freebsd@violetlan.net) Received: from mail.violetlan.net (www.violetlan.net [80.81.242.8]) by mx1.freebsd.org (Postfix) with ESMTP id 7345213C442 for ; Fri, 1 Feb 2008 23:47:03 +0000 (UTC) (envelope-from freebsd@violetlan.net) Received: from mail.violetlan.net (localhost [127.0.0.1]) by mail.violetlan.net (Postfix) with ESMTP id 26DED11439 for ; Fri, 1 Feb 2008 23:42:00 +0000 (GMT) Received: from www.violetlan.net (mbali.violetlan.net [10.0.100.150]) by mail.violetlan.net (Postfix) with ESMTP id E93441142B for ; Fri, 1 Feb 2008 23:41:59 +0000 (GMT) Received: from 89.240.61.114 (SquirrelMail authenticated user freebsd@violetlan.net) by www.violetlan.net with HTTP; Fri, 1 Feb 2008 23:45:33 -0000 (GMT) Message-ID: <2489.89.240.61.114.1201909533.squirrel@www.violetlan.net> Date: Fri, 1 Feb 2008 23:45:33 -0000 (GMT) From: "Reinhold" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.5.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV using ClamSMTP Subject: mpd with a dual pppoe setup X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Feb 2008 23:47:04 -0000 Hi, I'm building a new router/firewall for my work, I have installed freebsd7 and updated it and compiled pf into the kernel and installed mpd5 for pppoe. Before I make this system life I would like your input on my mpd settings. We have 2 adsl lines and I want to use the new firewall to do load balancing between them. I've been searching all over the net to find out more about how I can use mpd for this but all I can find is single pppoe or mlppp conections, our isp does not support mlppp so thats not an option. PF will be used for the load balancing and I want to use ancors for when one of the dsl lines goes down. For now I have only configured mpd but I'm not sure if its done corectly, I can't test it because that will mean that I will have to take our current system off line and that is not an option. Here is what I've done so far. /usr/local/etc/mpd5/mpd.conf default: load wan1 load wan2 wan1: new -i ng0 provider PPPoE0 set iface route default set iface up-script /usr/local/etc/mpd/script-wan1.sh set iface down-script /usr/local/etc/mpd/script-wan1.sh set bundle authname "username0@provider" set bundle password "passwd" set ipcp ranges static-ip-0/32 isp-gateway-0/32 load common_setting wan2: new -i ng1 wan2 PPPoE1 set iface route default set iface up-script /usr/local/etc/mpd/script-wan2.sh set iface down-script /usr/local/etc/mpd/script-wan2.sh set bundle authname "username1@provider" set bundle password "passwd" set ipcp ranges static-ip-1/32 isp-gateway-1/32 load common_setting common_setting: set iface addrs 1.1.1.1 2.2.2.2 set iface disable on-demand set iface idle 0 set iface enable tcpmssfix set bundle disable multilink set link no acfcomp protocomp set link disable pap chap set link accept chap set link keep-alive 10 60 set link max-redial -1 set link mtu 1492 set link mru 1492 set ipcp yes vjcomp set ipcp enable req-sec-dns open iface # PPTP pptpd: load pt0 load pt1 load pt2 load pt3 load pt4 load pt5 load pt6 load pt7 load pt8 load pt9 load pt10 load pt11 load pt12 load pt13 load pt14 load pt15 pt0: new -i ng2 pt0 pt0 set ipcp ranges 192.168.2.1/32 192.168.1.240/32 load pts pt1: new -i ng3 pt1 pt1 set ipcp ranges 192.168.2.1/32 192.168.1.241/32 load pts pt2: new -i ng4 pt2 pt2 set ipcp ranges 192.168.2.1/32 192.168.1.242/32 load pts pt3: new -i ng5 pt3 pt3 set ipcp ranges 192.168.2.1/32 192.168.1.243/32 load pts pt4: new -i ng6 pt4 pt4 set ipcp ranges 192.168.2.1/32 192.168.1.244/32 load pts pt5: new -i ng7 pt5 pt5 set ipcp ranges 192.168.2.1/32 192.168.1.245/32 load pts pt6: new -i ng8 pt6 pt6 set ipcp ranges 192.168.2.1/32 192.168.1.246/32 load pts pt7: new -i ng9 pt7 pt7 set ipcp ranges 192.168.2.1/32 192.168.1.247/32 load pts pt8: new -i ng10 pt8 pt8 set ipcp ranges 192.168.2.1/32 192.168.1.248/32 load pts pt9: new -i ng11 pt9 pt9 set ipcp ranges 192.168.2.1/32 192.168.1.249/32 load pts pt10: new -i ng12 pt10 pt10 set ipcp ranges 192.168.2.1/32 192.168.1.250/32 load pts pt11: new -i ng13 pt11 pt11 set ipcp ranges 192.168.2.1/32 192.168.1.251/32 load pts pt12: new -i ng14 pt12 pt12 set ipcp ranges 192.168.2.1/32 192.168.1.252/32 load pts pt13: new -i ng15 pt13 pt13 set ipcp ranges 192.168.2.1/32 192.168.1.253/32 load pts pt14: new -i ng16 pt14 pt14 set ipcp ranges 192.168.2.1/32 192.168.1.254/32 load pts pt15: new -i ng17 pt15 pt15 set ipcp ranges 192.168.2.1/32 192.168.1.255/32 load pts pts: set iface disable on-demand set iface enable proxy-arp set iface enable tcpmssfix set iface idle 1800 set iface up-script /usr/local/sbin/vpn-linkup set iface down-script /usr/local/sbin/vpn-linkdown set bundle enable multilink set bundle enable crypt-reqd set link yes acfcomp protocomp set link no pap chap set link enable chap-msv2 set link mtu 1460 set link keep-alive 10 60 set ipcp yes vjcomp set bundle enable compression set ccp yes mppc set ccp yes mpp-e128 set ccp yes mpp-stateless set ipcp nbns set ipcp dns 208.67.220.220 208.67.222.222 /usr/local/etc/mpd5/mpd.links # mpd.links PPPoE0: set link type pppoe set pppoe iface fxp0 set pppoe service "BTconnect0" set pppoe disable incoming set pppoe enable originate PPPoE1: set link type pppoe set pppoe iface fxp1 set pppoe service "BTconnect1" set pppoe disable incoming set pppoe enable originate # PPTP pt0: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 pt1: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 pt2: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 pt3: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 pt4: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 pt5: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 pt6: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 pt7: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 pt8: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 pt9: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 pt10: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 pt11: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 pt12: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 pt13: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 pt14: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 pt15: set link type pptp set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp self 127.0.0.1 This is an untested config and would love any input on if this will work or not and any tips on any part of the config. The parts that I'm not to clear on is these places set iface route default set ipcp ranges static-ip-1/32 isp-gateway-1/32 Any help will be apreseated Regards Reinhold