How do I show loopback on LuCI to add an virtual IP address on it?

This will make sense later, hopefully:

I'm trying to puzzling out a pathway to a remote pfSense gateway that runs over a 2:1 ECMP link. More or less like eg1, above.

Inbound it's handled automatically by OSPF, no problems there. Outbound to the Internet, I attempted to do load balancing possibly weighted/tiered, and failover simultaneously per traffic selector/rule like I had before.

This is very easy to do and itself a very basic setup task on the other platform but it's been a more "involved" tasked, so to speak, in OpenWRT. mwan3 was just a bit cumbersome, rigid and seems broken anyway (in regards of ipsets.)

pbr is much more feasible but it only does PBR, no LB nor FO. It's fine though, I can rely on OSPF for those since the links that need loadbalacing are also the ones I'd need to failover from, and the default gateway the only thing pbr can failover to, matches my conditions as well. I got lucky.

Since I was doing something similar to that before, I already have the a /31 point-to-point virtual IP address on the loopback interface of the remote gateway, I just need the other half on the local loopback, I think. I already added the loopback to OSPF. (turns out I didn't, but it's trivial though) I'm not sure if it'll work, but as I mentioned, I'm puzzling it out, but it won't appear on LuCI, despite it's defined on /etc/config/network (see eg1) and I discovered I can create a zone with the loopback interface in it. It's still hidden LuCI, but… but I don't know what it means.

How may I create a virtual IP address in the loopback? If I add it directly on /etc/config/network will it be hidden as well? Will it work at all?

The only other option I can think of is macvlan, ipvlan, something along those lines but it seems like OpenWRT sees it's own traffic or a duplicate/conflicting MAC address, something like that and the console becomes chaotic printing alerts while you try type something, it's becomes unusable.

You can add as many aliases as you want to a physical device. Including hidden "lo" device.


Edit: To be more clear: You normally just assign an /32 IPv4 address on loopback, or an /128 IPv6 addresses.

If you have OSPF running... why do you need PBR between the OpenWrt and pfSense box?

Regarding loopback addresses:
You can more or less assign any address you like on loopback. OSPF "makes this address available" within the network. Don't nail me on the technical details, but as long has you have some interconnections between your routers, the addresses on loopback get available within the network...
If you have multiple paths, and your routing deamon which speaks ospf, is able to do ecmp, then you got ecmp.

What do you want to actually achive I may ask...

Yeah, I forgot about that. For some reason OpenWRT is refusing to send traffic out to over the tunnels, it's just dead. That tripped me up.

I realized this was happening when I was able to route from another router also in OSPF that would pass traffic business as usual. I'm aware ECMP is functional but I need to force traffic over a gateway for some stuff and OSPF doesn't create gateways you can used for policies. They can be used to set up tunnels and other stuff like that though, and a tunnel is an enforceable gateway. :smiley: But like I said, I got sort of a bigger problem in my hands right now. I need to find out why OpenWRT is refusing to pass traffic. I assume it's the whole zones nightmare, but I need to rule out things first. It's still too early.

The /31 I got it from this VyOS guide but it was for tunnels and from there it became force of habit and I got it mixed up I guess, thanks for setting me right. OMG, I hope I never said it out loud.

Describe your topology, and post the content from /etc/config/firewall. I think we should be able to sort that out :wink:

