Em 14-10-2015 10:31, C.L. Martinez escreveu: > Nop. It is a CentOS 7.x I don't remember if the default dhclient from CentOS works with classless static routes (code 121), but you can install dhcpcd and use it, it certainly works with it.
> Yes because sometimes I will need two or more tunX interfaces up > (created by openvpn or openconnect) or enc interface. I think you are confusing gateways with default gateways. > In the case of openconnect and openvpn, IP's are served by the > gateways (out of my control). With IPSec tunnels, I use fixed ips in > configuration files. Either way, the VPN servers, normally, will be gateways for specific networks, not the entire internet. So they are not "default" gateways. > All tunnels will be generated by this OpenBSD vm, not from my CentOS > host os. >From the point of view of the CentOS machine, your OpenBSD vm can "reach" the internet and also the networks behind the VPN's. There is one thing to remember though, if your VPN servers do not know how to get back to your LAN network (the one your CentOS is), you'll need to use nat on the OpenBSD firewall. > Well, due to this is a vm, I need to keep OpenBSD synced. Yes, I run > ntpd in this vm. Well, you should always use ntpd. Not just because it's a vm. > But, ifstated is not need it in this scenario. If some of the tunnels > goes down, I will loose some connections, but other connections will > keep alive, for example DNS requests to our internal servers. > Meanwhile I don't loose default gateway in the primary routing table, > I can live with it. Exactly why I said you're mixing gateways with default gateways. You would use mpath if you have, lets say, two ISP's and you want your OpenBSD machine to use both, for connections originating from it. Of course mpath aren't used just for default gateways (0.0.0.0/0 routes). If you have, lets say, two tunnels that give you access to the same network, you could use mpath and add two routes to it, using different gateways. If they have the same routing priority, OpenBSD would round-robin between them. This is where ifstated can be used, to detect failures and add/remove the routes as needed. Cheers, Giancarlo Razzolini
