Date: Thu, 6 Aug 2020 18:13:43 -0400 From: Aryeh Friedman <aryeh.friedman@gmail.com> To: Don Wilde <dwilde1@gmail.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Unroutable packer to specific IP forces process to run Message-ID: <CAGBxaXkscrRQDLmijrSrxBkRR5m_1Xhi_h47%2BucGZ4-CtSbqww@mail.gmail.com> In-Reply-To: <af53089c-34ea-696a-eff5-2cfd6a09a26a@gmail.com> References: <CAGBxaX=yaBuz35VmfH4WypGz7v3LuvP52Sfwd1hfmwEy7YkCdQ@mail.gmail.com> <89e3f48c-74a1-4198-6b17-7e13a026225b@gmail.com> <CAGBxaX=fonb5R0OhnV8r8KGmqxe7F18FNzXFT2VhNu_dq1cYhQ@mail.gmail.com> <491b2176-7886-7c90-a9a4-f3a6a6a98c08@gmail.com> <CAGBxaX=%2BX1un=w_moJsKO9tmgP6E1XW2jkeLj8vKmPmNAgaS0Q@mail.gmail.com> <af53089c-34ea-696a-eff5-2cfd6a09a26a@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 6, 2020 at 5:58 PM Don Wilde <dwilde1@gmail.com> wrote: > > On 8/6/20 2:40 PM, Aryeh Friedman wrote: > > > > On Thu, Aug 6, 2020 at 5:39 PM Don Wilde <dwilde1@gmail.com> wrote: > >> >> On 8/6/20 2:35 PM, Aryeh Friedman wrote: >> >> >> >> On Thu, Aug 6, 2020 at 5:33 PM Don Wilde <dwilde1@gmail.com> wrote: >> >>> >>> On 8/6/20 2:30 PM, Aryeh Friedman wrote: >>> > I have VPN that has stability problems (the fault of the ISP and they >>> admit >>> > it) I have set up one my FreeBSD machine as a router for that specific >>> VPN: >>> > # on non-gateway machines in /etc/rc.conf >>> > static_routes="internalnet2" >>> > route_internalnet2="-net 10.31.10.0/24 192.168.11.60" >>> > >>> > Is there any way to force the gateway machine to run a preset command >>> if >>> > 10.31.10.0/24 is unreachable? (i.e. reset the connection) >>> What about a simple scripted cron-job ping, Aryeh? Sometimes the >>> simplest solutions are the best. >>> >> >> The amount time the connection stays up is unpredictable and due to the >> use case it needs to be repaired immediately if down (not even a 5 min >> delay for cron to do its normal wake up and look for a job is acceptable) >> >> Understood. >> >> So how about a simple C daemon that pings every ten seconds? Just set the >> ping count to 1. >> > > System load. (the gateway also hosts 3 moderately used VM's) > > > Okay, so forget a system() call to ping. Send a packet directly to > something on the target from the C code. Even simpler, just call > getaddrinfo() on host:port of a machine at the "other" end. > I have written ICMP (clone of ping with some extras covered by a NDA) in the past and this is not as simple as it sounds (I thought it was a afternoon project it ended up taking 3 weeks [I learned a lot though]) > Honestly, I don't think you can get any simpler than this, Aryeh. There's > only so much you can juggle, and no existing package is going to be any > faster or more specifically better than what you code yourself. > I know a site that has done just this and gone a step farther and have a per user ACL for access to the net (it is a public access free shell provider m-net.arbornet.org) and it works perfectly with almost zero system load (they did say it took a kernel modification and thus me looking for a better way). > We also, IIRC, talked about how your bosses are screwing you out of > necessary resources. Sooner or later you're going to have to address that > issue head-on, but YMMV and beyond what we've already discussed it's not my > business. > Client and not boss in this case (I am a freelancer) and in this case the cost of a second license is greater than their annual income (the vendor has a really odd pricing model since the first license is quite affordable and everyone after 2 is affordable but the second one is not) and thus I actually agree with them that it is not an option. -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGBxaXkscrRQDLmijrSrxBkRR5m_1Xhi_h47%2BucGZ4-CtSbqww>