Issues setting up failover with scripts for DHCP WAN connections

I currently have 2 WAN connections, which both get their IPs through DHCP.
I only need failover, no load-balancing.
@marc_s provided me with some scripts he is using, for setting the failover routes, after DHCP lease changes.
Unfortunately I am having trouble, getting this set up.
WAN1 (main link): eth0
WAN2 (failover link): eth0.70

I set up my scripts accordingly:
/config/scripts/dhcp-client/pre-hooks.d/01-no-default-route

RUN="yes"
SCRIPTNAME="pre-hooks.d/01-no-default-route"
LOGFILE="/tmp/01-no-default-route.log"
NOW="$(date)"

echo -e "\n--- ${NOW} --- [ ENTER ${SCRIPTNAME} ]---\n" >> ${LOGFILE}

# Use FD 19 to capture the debug stream caused by "set -x":
exec 19>>${LOGFILE}

# Tell bash about it  (there's nothing special about 19, its arbitrary)
export BASH_XTRACEFD=19

set -x
env >> ${LOGFILE}

# Setting new_routers to an empty string avoids the installation
# of the default routes and allows to properly setup failover rules.
# That applies only to eth0, DHCP WAN.
#
# See /config/scripts/setup-failover-routes.sh
# See /config/scripts/dhcp-client/post-hooks.d/01-failover
# See https://vyos.dev/T5724

if [ "$RUN" = "yes" ]; then
    if [ "$interface" = "eth0.70" ]; then
        case "$reason" in
            BOUND|RENEW|REBIND|REBOOT)
                export new_gw="$new_routers"
                export old_gw="$old_routers"
                new_routers=""
                ;;

            EXPIRE|FAIL|STOP)
                old_ip_address=""
                old_routers=""
                ;;
        esac
    fi
fi

set +x

/config/scripts/dhcp-client/post-hooks.d/01-failover

RUN="yes"
SCRIPTNAME="post-hooks.d/01-failover"
LOGFILE="/tmp/01-failover.log"
NOW="$(date)"

echo -e "\n--- ${NOW} --- [ ENTER ${SCRIPTNAME} ]---\n" >> ${LOGFILE}

# Use FD 19 to capture the debug stream caused by "set -x":
exec 19>>${LOGFILE}

# Tell bash about it  (there's nothing special about 19, its arbitrary)
export BASH_XTRACEFD=19

set -x

# Execute the script to configure the failover mechanism in case of a
# BOUND, RENEW, REBIND, REBOOT.
# That applies only to eth0, the DHCP WAN.
#
# See /config/scripts/setup-failover-routes.sh
# See /config/scripts/dhcp-client/pre-hooks.d/01-no-default-route
# See https://vyos.dev/T5724

if [ "$RUN" = "yes" ]; then
    if [ "$interface" = "eth0.70" ]; then
        case $reason in
            BOUND|RENEW|REBIND|REBOOT)
            sudo /config/scripts/setup-failover-routes.sh $old_gw $new_gw
            ;;
        esac
    fi
fi

set +x

echo -e "\n--- ${NOW} --- [ EXIT ${SCRIPTNAME} ]---\n" >> ${LOGFILE}

/config/scripts/dhcp-client/post-hooks.d/01-failover

#!/bin/vbash

if [ "$(id -g -n)" != 'vyattacfg' ] ; then
    exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $1 $2"
fi

# Save arguments

OLD_GW="$1"
NEW_GW="$2"

source /opt/vyatta/etc/functions/script-template

SCRIPTNAME="sudo setup-failover-routes.sh"
LOGFILE="/tmp/failover.log"
DHCP_INT="eth0.70"
PPPOE_INT="eth0"
NEW_IP="$( ${vyos_op_scripts_dir}/interfaces.py show --raw --intf-name "${DHCP_INT}" | jq -r '.[].addr_info[] | select( .family == "inet" and .scope == "global" ) | .local' )"
PPPOE_IP="$( ${vyos_op_scripts_dir}/interfaces.py show --raw --intf-name "${PPPOE_INT}" | jq -r '.[].addr_info[] | select( .family == "inet" and .scope == "global" ) | .local' )"
PPPOE_GW="$( ${vyos_op_scripts_dir}/interfaces.py show --raw --intf-name "${PPPOE_INT}" | jq -r '.[].addr_info[] | select( .family == "inet" and .scope == "global" ) | .address' )"

function logit {
    local NOW="$(date)"
    echo -e "\n${NOW} [${SCRIPTNAME}] $*\n" >> ${LOGFILE}
}

# Use FD 19 to capture the debug stream caused by "set -x":
exec 19>>"${LOGFILE}"

# Tell bash about it (there's nothing special about 19, its arbitrary)
export BASH_XTRACEFD=19

logit "START"

logit "DHCP interface ${DHCP_INT}: OLD_GW=${OLD_GW}, NEW_GW=${NEW_GW}, NEW_IP=${NEW_IP}"
logit "PPPOE interface ${PPPOE_INT}: PPPOE_GW=${PPPOE_GW}, PPPOEIP=${PPPOE_IP}"

# Sanity checks, we need everything declared
if [[ -z "${OLD_GW}" ]] || [[ -z "${NEW_GW}" ]] || [[ -z "${NEW_IP}" ]] || [[ -z "${PPPOE_IP}" ]] || [[ -z "${PPPOE_GW}" ]]
then
    logit "One or more variables are not defined, aborting."
else
    configure

    logit "executing VyOS protocol failover commands"

    delete protocols failover route 0.0.0.0/0

    set protocols failover route 0.0.0.0/0 next-hop ${NEW_GW} check target '1.1.1.1'
    set protocols failover route 0.0.0.0/0 next-hop ${NEW_GW} check target '4.2.2.1'
    set protocols failover route 0.0.0.0/0 next-hop ${NEW_GW} check timeout '5'
    set protocols failover route 0.0.0.0/0 next-hop ${NEW_GW} check type 'icmp'
    set protocols failover route 0.0.0.0/0 next-hop ${NEW_GW} interface "${DHCP_INT}"
    set protocols failover route 0.0.0.0/0 next-hop ${NEW_GW} metric '254'

    set protocols failover route 0.0.0.0/0 next-hop ${PPPOE_GW} check target '1.0.0.1'
    set protocols failover route 0.0.0.0/0 next-hop ${PPPOE_GW} check target '4.2.2.2'
    set protocols failover route 0.0.0.0/0 next-hop ${PPPOE_GW} check timeout '5'
    set protocols failover route 0.0.0.0/0 next-hop ${PPPOE_GW} check type 'icmp'
    set protocols failover route 0.0.0.0/0 next-hop ${PPPOE_GW} interface "${PPPOE_INT}"
    set protocols failover route 0.0.0.0/0 next-hop ${PPPOE_GW} metric '1'

    delete protocols static route 1.1.1.1/32
    delete protocols static route 4.2.2.1/32
    delete protocols static route 1.0.0.1/32
    delete protocols static route 4.2.2.2/32
    delete protocols static route ${OLD_GW}/32

    # Set a static route for eth0's nexthop, otherwise it'll go out pppoe0 :-)
    set protocols static route ${NEW_GW}/32 interface eth0

    # Set static routes for the healthchecks
    set protocols static route 1.1.1.1/32 next-hop ${NEW_GW} interface "${DHCP_INT}"
    set protocols static route 4.2.2.1/32 next-hop ${NEW_GW} interface "${DHCP_INT}"
    # You don't really need to specify a next-hop for a pppoe interface, so we leave it out
    set protocols static route 1.0.0.1/32 interface "${PPPOE_INT}"
    set protocols static route 4.2.2.2/32 interface "${PPPOE_INT}"

    # PBR
    delete policy local-route rule 10
    delete policy local-route rule 20
    set policy local-route rule 10 set table '124'
    set policy local-route rule 10 source address "${NEW_IP}"
    set policy local-route rule 20 set table '125'
    set policy local-route rule 20 source address "${PPPOE_IP}"

    # Static routing tables for PBR
    delete protocols static table 124
    delete protocols static table 125
    # For some reason, for table 124, we need to use next-hop instead of dhcp-interface
    set protocols static table 124 description 'Route traffic through cable (eth0)'
    set protocols static table 124 route 0.0.0.0/0 next-hop "${NEW_GW}"
    set protocols static table 125 description 'Route traffic through fiber (pppoe0)'
    set protocols static table 125 route 0.0.0.0/0 interface "${PPPOE_INT}"

    commit

    logit "DONE"
fi

exit

in /tmp/faillover.log I get:

Fri Aug  2 21:45:26 CEST 2024 [sudo setup-failover-routes.sh] START


Fri Aug  2 21:45:26 CEST 2024 [sudo setup-failover-routes.sh] DHCP interface eth0.70: OLD_GW=149.xxx.xxx.xxx, NEW_GW=149.xxx.xxx.xxx, NEW_IP=


Fri Aug  2 21:45:26 CEST 2024 [sudo setup-failover-routes.sh] PPPOE interface eth0: PPPOE_GW=, PPPOEIP=


Fri Aug  2 21:45:26 CEST 2024 [sudo setup-failover-routes.sh] One or more variables are not defined, aborting.

I tried debugging it by running the interfaces.py myself and see whats going on in the JSON response there.
I get the following JSON, when running this script for eth0 (which is using the PPPOE_GW variable in the bash script):

{
    "ifindex": 2,
    "ifname": "eth0",
    "flags": [
        "BROADCAST",
        "MULTICAST",
        "UP",
        "LOWER_UP"
    ],
    "mtu": 1500,
    "qdisc": "mq",
    "operstate": "UP",
    "group": "default",
    "txqlen": 1000,
    "link_type": "ether",
    "address": "00:1b:21:38:50:3d",
    "broadcast": "ff:ff:ff:ff:ff:ff",
    "altnames": [
        "enp0s16",
        "ens16"
    ],
    "addr_info": [
        {
            "family": "inet",
            "local": "178.xxx.xxx.xxx",
            "prefixlen": 30,
            "broadcast": "178.xxx.xxx.xxx",
            "scope": "global",
            "dynamic": true,
            "label": "eth0",
            "valid_life_time": 391,
            "preferred_life_time": 391
        },
        {
            "family": "inet6",
            "local": "fe80::21b:21ff:fe38:503d",
            "prefixlen": 64,
            "scope": "link",
            "valid_life_time": 4294967295,
            "preferred_life_time": 4294967295
        }
    ],
    "counters_last_clear": 0,
    "description": "WAN1",
    "stats": {
        "rx_bytes": 29209287,
        "rx_packets": 62705,
        "rx_errors": 0,
        "rx_dropped": 0,
        "rx_over_errors": 0,
        "multicast": 1425,
        "tx_bytes": 14209189,
        "tx_packets": 46174,
        "tx_errors": 0,
        "tx_dropped": 0,
        "tx_carrier_errors": 0,
        "collisions": 0
    }
}

From my understanding, there should be a value called “address” inside of the “addr_info” block, but that doesnt exist, so probably, thats why there is no value provided for PPPOE_GW.

Were there changes to the interfaces.py script or something, why it doesn’t work like that anymore or is that an error on my side?

Could it be an issue, that my 2nd WAN is just a VLAN interface?

Hi @cr-insane!
Sorry to say I dont have a answer to your particular question above, but i’m wanting to propose an alternative solution for your problem.

I think your issue can be circumvented by using static route dhcp-interface, in conjunction with some “some sure to be on the internet” ip-addresses, blackhole routes and failover routes.

For first, i think you dont need tracking on your secondary internet connection.
As the backup connection will be unused until it the primary fails and then you will not have anywhere else to failover to if it fails. If you have 3 isp’s you need tracking on both primary and secondary but not the third and so on.

consider this:
in your failover configuration, as you’ve already done, track some known-to-be-there adresses. i use 1.0.0.1 and 4.2.2.2 as you did in your example

for 1.0.0.1 and 4.2.2.2 you will create a /32 dhcp-interface route pointing to your primary isp and a blackhole route with 255 as cost. This will make sure you always points these routes to your primary isp, and in an instance of a failover these adresses will be offline until connection is re-established on the primary ip.

As you should be allowed to use indirect next-hops in linux, you could point your failover 0.0.0.0/0 route to 1.0.0.1 as a next-hop. this way the failover-nexthop will always point to the next-hop that 1.0.0.1 points towards when it is active.

in a normal senario your failover-route will then point to 1.0.0.1 that in turn points to your primary-isp gateway via the dhcp-interface route. Then the primary ISP fails, the checks towards 1.0.0.1 and 4.2.2.2 will both fail, and it will trigger a removal of the 0.0.0.0/0 route installed by failover route.

You will then start using your secondary isp’s gateway that you got from dhcp directly

Consider this configuration:

Disclaimer: This configuration is not tested, so it might be that it do not work and/or needs modifications before it is usable.

# Disable DHCP installed default route from primary isp
set interfaces ethernet eth0 dhcp-options no-default-route

# Add route so failover route targets are not available on secondary isp
set protocols static route 1.0.0.1/32 blackhole distance 255
set protocols static route 4.2.2.2/32 blackhole distance 255

# Add failover routes
set protocols static route 1.0.0.1/32 dhcp-interface eth0
set protocols static route 4.2.2.2/32 dhcp-interface eth0

# Configure failover route to use your static/32. as a next-hop, this to bind it to the next-hop of your primary isp gateway
set protocols failover route 0.0.0.0/0 next-hop 1.0.0.1 check target 1.0.0.1
set protocols failover route 0.0.0.0/0 next-hop 1.0.0.1 check target 4.2.2.2
set protocols failover route 0.0.0.0/0 next-hop 1.0.0.1 timeout 5
set protocols failover route 0.0.0.0/0 next-hop 1.0.0.1 check type icmp
set protocols failover route 0.0.0.0/0 next-hop 1.0.0.1 metic 1

if you want you could do the same for the secondary isp, but i do not think it should not be needed. you also need other adresses as tracking-addresses as you cannot use the same tracking-destination on more than one isp’s.

I hope this can solve your issue!

2 Likes

@cr-insane in your case, because you have 2 DHCP interfaces, the DHCP script will be called twice, once for each DHCP interface. You would need to adapt the scripts to accept eth0 and eth0.70 in the interface checks. Those DHCP default routes need to be kept out of the routing table. Using the dhcp-options method did not work with my ISP for some strange reason, that’s why the DHCP hook script was required.

I really like the blackhole trick @runar is suggesting. Hadn’t thought of that :exploding_head: I will try their suggestion sometime in the coming months to see if that works.

1 Like

Hi @runar!
Thanks for your suggestion.

I tried doing the settings you suggested, but now it looks like, all of the 0.0.0.0/0 traffic goes through the 2nd ISP on eth0.70. The only traffic routed through eth0 are the static routes for 1.0.0.1 and 4.2.2.2.
I think, since the second ISP is still installing it’s default route for 0.0.0.0/0 it is still using this one as the primary outgoing interface. When I set the default-route-distance for the secondary ISP to 255 on eth0.70 I don’t have a connection to any IP except the 2 health-check targets.

This is my routing table currently and I also don’t see the route, which should be installed through the failover protocol.

S>* 0.0.0.0/0 [210/0] via 149.x.x.x, eth0.70, weight 1, 00:00:26
S>* 1.0.0.1/32 [1/0] via 178.x.x.x.x, eth0, weight 1, 00:08:05
S   1.0.0.1/32 [255/0] unreachable (blackhole), weight 1, 00:23:58
S>* 4.2.2.2/32 [1/0] via 178.x.x.x.x, eth0, weight 1, 00:08:05
S   4.2.2.2/32 [255/0] unreachable (blackhole), weight 1, 00:23:58
C>* 149.x.x.x/23 is directly connected, eth0.70, 00:00:26
C>* 172.27.63.0/24 is directly connected, eth1.2763, 00:24:04
C>* 178.x.x.x.x/30 is directly connected, eth0, 00:08:08
C>* 192.168.1.0/24 is directly connected, eth1, 00:24:04

I will post my config below, because maybe I am just missing something obvious.

set firewall global-options state-policy established action 'accept'
set firewall global-options state-policy invalid action 'drop'
set firewall global-options state-policy related action 'accept'
set firewall group interface-group LAN interface 'eth1'
set firewall group interface-group WAN interface 'eth0'
set firewall group interface-group WAN interface 'eth0.70'
set firewall group interface-group WAN interface 'eth0.70,eth0'
set firewall group network-group NET-LAN-v4 network 'xxx.xxx.1.0/24'
set firewall group network-group NET-LAN-v4 network 'xxx.xxx.63.0/24'
set firewall ipv4 forward filter rule 100 action 'jump'
set firewall ipv4 forward filter rule 100 destination group network-group 'NET-LAN-v4'
set firewall ipv4 forward filter rule 100 inbound-interface group 'WAN'
set firewall ipv4 forward filter rule 100 jump-target 'OUTSIDE-IN'
set firewall ipv4 input filter default-action 'drop'
set firewall ipv4 input filter rule 20 action 'jump'
set firewall ipv4 input filter rule 20 destination port '22'
set firewall ipv4 input filter rule 20 jump-target 'vyos_mgmt'
set firewall ipv4 input filter rule 20 protocol 'tcp'
set firewall ipv4 input filter rule 30 action 'accept'
set firewall ipv4 input filter rule 30 icmp type-name 'echo-request'
set firewall ipv4 input filter rule 30 protocol 'icmp'
set firewall ipv4 input filter rule 30 state 'new'
set firewall ipv4 input filter rule 40 action 'accept'
set firewall ipv4 input filter rule 40 destination port '53'
set firewall ipv4 input filter rule 40 protocol 'tcp_udp'
set firewall ipv4 input filter rule 40 source group network-group 'NET-LAN-v4'
set firewall ipv4 input filter rule 50 action 'accept'
set firewall ipv4 input filter rule 50 source address 'xxx.xxx.0.0/8'
set firewall ipv4 name OUTSIDE-IN default-action 'drop'
set firewall ipv4 name vyos_mgmt default-action 'return'
set firewall ipv4 name vyos_mgmt rule 15 action 'accept'
set firewall ipv4 name vyos_mgmt rule 15 inbound-interface group 'LAN'
set firewall ipv4 name vyos_mgmt rule 20 action 'drop'
set firewall ipv4 name vyos_mgmt rule 20 inbound-interface group 'WAN'
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 description 'WAN1'
set interfaces ethernet eth0 dhcp-options no-default-route
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:3d'
set interfaces ethernet eth0 offload gro
set interfaces ethernet eth0 offload gso
set interfaces ethernet eth0 offload sg
set interfaces ethernet eth0 offload tso
set interfaces ethernet eth0 vif 70 address 'dhcp'
set interfaces ethernet eth0 vif 70 description 'WAN2'
set interfaces ethernet eth0 vif 70 dhcp-options
set interfaces ethernet eth1 address 'xxx.xxx.1.1/24'
set interfaces ethernet eth1 description 'LAN'
set interfaces ethernet eth1 hw-id 'xx:xx:xx:xx:xx:3c'
set interfaces ethernet eth1 offload gro
set interfaces ethernet eth1 offload gso
set interfaces ethernet eth1 offload sg
set interfaces ethernet eth1 offload tso
set interfaces ethernet eth1 vif 2763 address 'xxx.xxx.63.1/24'
set interfaces ethernet eth1 vif 2763 description 'VLAN2763-IOT'
set interfaces loopback lo
set load-balancing
set nat source rule 100 outbound-interface name 'eth0'
set nat source rule 100 source group network-group 'NET-LAN-v4'
set nat source rule 100 translation address 'masquerade'
set nat source rule 110 outbound-interface name 'eth0.70'
set nat source rule 110 source group network-group 'NET-LAN-v4'
set nat source rule 110 translation address 'masquerade'
set policy
set protocols failover route xxx.xxx.0.0/0 next-hop xxx.xxx.0.1 check target 'xxx.xxx.0.1'
set protocols failover route xxx.xxx.0.0/0 next-hop xxx.xxx.0.1 check target 'xxx.xxx.2.2'
set protocols failover route xxx.xxx.0.0/0 next-hop xxx.xxx.0.1 check type 'icmp'
set protocols failover route xxx.xxx.0.0/0 next-hop xxx.xxx.0.1 interface 'eth0'
set protocols failover route xxx.xxx.0.0/0 next-hop xxx.xxx.0.1 metric '1'
set protocols static route xxx.xxx.0.1/32 blackhole distance '255'
set protocols static route xxx.xxx.0.1/32 dhcp-interface 'eth0'
set protocols static route xxx.xxx.2.2/32 blackhole distance '255'
set protocols static route xxx.xxx.2.2/32 dhcp-interface 'eth0'
set protocols static table 10 route xxx.xxx.0.0/0 dhcp-interface 'eth0'
set protocols static table 11 route xxx.xxx.0.0/0 dhcp-interface 'eth0.70'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 option default-router 'xxx.xxx.63.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 option domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 option name-server 'xxx.xxx.63.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 range 0 start 'xxx.xxx.63.50'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 range 0 stop 'xxx.xxx.63.100'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.63.201'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 static-mapping xxxxxx mac 'xx:xx:xx:xx:xx:72'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.63.205'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 static-mapping xxxxxx mac 'xx:xx:xx:xx:xx:31'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.63.204'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 static-mapping xxxxxx mac 'xx:xx:xx:xx:xx:00'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.63.203'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 static-mapping xxxxxx mac 'xx:xx:xx:xx:xx:83'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.63.206'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 static-mapping xxxxxx mac 'xx:xx:xx:xx:xx:50'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.63.0/24 subnet-id '2'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 option default-router 'xxx.xxx.1.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 option domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 option name-server 'xxx.xxx.1.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 range 0 start 'xxx.xxx.1.100'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 range 0 stop 'xxx.xxx.1.200'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.1.220'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 static-mapping xxxxxx mac 'xx:xx:xx:xx:xx:34'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.1.115'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 static-mapping xxxxxx mac 'xx:xx:xx:xx:xx:5f'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.1.90'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 static-mapping xxxxxx mac 'xx:xx:xx:xx:xx:46'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.1.0/24 subnet-id '1'
set service dns forwarding allow-from 'xxx.xxx.1.0/24'
set service dns forwarding allow-from 'xxx.xxx.63.0/24'
set service dns forwarding cache-size '0'
set service dns forwarding listen-address 'xxx.xxx.1.1'
set service dns forwarding listen-address 'xxx.xxx.63.1'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/8'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/16'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/8'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/12'
set service ntp allow-client xxxxxx 'xxx.xxx.0.0/16'
set service ntp allow-client xxxxxx '::1/128'
set service ntp allow-client xxxxxx 'fe80::/10'
set service ntp allow-client xxxxxx 'fc00::/7'
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ssh listen-address 'xxx.xxx.1.1'
set service ssh port '22'
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system host-name xxxxxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system option keyboard-layout 'de'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.1.220'
set system syslog global facility all level 'info'
set system syslog global facility local7 level 'debug'

I’ve been investigating a bit, and it actually looks like the linux kernel does not support adding indirect nexthop routes directly… :confused:
i confirmed this using:

#ip route add 1.0.0.1/32 via [my-gateway]
#ip route add 1.1.1.1/32 via 1.0.0.1
Error: Nexthop has invalid gateway.

if there is no way to add indirect nexhops, i’m afraid that my solution does not work… :confused:

Damn, thats a bummer. Thanks anyway for your input :slight_smile:
Looks like I have to look into making those scripts work with my 2 DHCP interfaces

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.