I'm drawing a topology for a challenging environment where the rutx09 will provide a backup internet 4G connection to the branch office.
The rutx09 is connected to the internet via 4G (single SIM card) and with ethernet to a local switch. Via the USB/Serial connection I can get access from the rutx09 to the local firewall for backup purposes. I'm building an IPSEC VPN tunnel from the rutx09 towards the central management firewall. The 4G internet connection delivers a 10.x.x.x address from the ISP which uses CGNAT to translate all traffic to a public internet ip address. So inbound access to the rutx09 is only possible over the VPN, not directly to the rutx09 outside interface. I can build it by using the eth0 local internal ip addres for rutx09 management purposes, but when the physical port/switch goes down, so is my management. Now I'm trying to build an additional loopback interface with a /32 local ip on it, so I can use that to reach the rutx09 regardless of the physical ethernet connection. Is that possible? When I try to create an additional loopback interface, it remains in the "stopped" state.
This is the relevant config from /etc/config/network
config interface 'mgmt'
option ifname 'mgmt0'
option proto 'static'
option ipaddr '10.101.3.254'
option netmask '255.255.255.255'
When I run "ifup mgmt" nothing happens. Interface does not show in the ifconfig output.
Maybe I'm looking at it from a wrong angle, but how can I achieve an always up interface in the rutx09 to use for management purposes over VPN?