From owner-freebsd-stable@FreeBSD.ORG Fri Jan 13 18:20:38 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 97A0216A41F for ; Fri, 13 Jan 2006 18:20:38 +0000 (GMT) (envelope-from tomjobbins@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5CBE243D48 for ; Fri, 13 Jan 2006 18:20:37 +0000 (GMT) (envelope-from tomjobbins@gmail.com) Received: by wproxy.gmail.com with SMTP id 71so697458wra for ; Fri, 13 Jan 2006 10:20:36 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=ERNiTX9a1xuFzIdeVwDCrrRKW9SwDe43zIQIc6IvDFDUazCwGnOv8Qmb3/ZTsZFtJz+fjbVi3blft0odvrQbwWuwLn84z5oR8kW9WsVbtbfirWfmR9HkGVltv2qKMco2qK3Eq9raM0IiulLob43jAk5XC6FcU4siQT74kV0I49s= Received: by 10.65.194.17 with SMTP id w17mr1766185qbp; Fri, 13 Jan 2006 10:20:36 -0800 (PST) Received: by 10.65.185.7 with HTTP; Fri, 13 Jan 2006 10:20:35 -0800 (PST) Message-ID: Date: Fri, 13 Jan 2006 18:20:35 +0000 From: Tom Jobbins To: Daniel O'Connor , freebsd-stable@freebsd.org In-Reply-To: <200601131309.24446.doconnor@gsoft.com.au> MIME-Version: 1.0 References: <200601131309.24446.doconnor@gsoft.com.au> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: Two PPP connections to the same ISP with same remote gateway X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jan 2006 18:20:38 -0000 I'm not sure if my messages are being received to the mailing list ok. Jus= t in case the previous one didn't get through, the summary was: when tun0/tun1 are created with cat /dev/tun &, it is indeed possible to configure both with the same remote gateway. In all other circumstances, e.g. when they are created by ppp, it is not possible. I have found a solution. It's messy as hell, but it does seem to work. Here's what I do: 1. Bring up the first connection with ppp, or mpd 2. Bring up the second connection with mpd - it has to be mpd because ppp will shut the connection down when it fails to set the IP address. mpd leaves the connection open, just with no IP address set. At this point, ifconfig shows: tun0: flags=3D8051 mtu 1492 inet 87.74.2.230 --> 83.146.18.40 netmask 0xffffffff Opened by PID 879 ng0: flags=3D88d1 mtu 1492 inet6 fe80::20e:cff:fea1:bf55%ng1 prefixlen 64 scopeid 0x5 3. Manually ifconfig the mpd interface (ng0) setting the correct IP address (which I see in the mpd logs), and an incorrect gateway: [root@magrathea:~]$ /sbin/ifconfig ng1 87.74.29.242 83.146.18.99 netmask 0xffffffff -link0 [root@magrathea:~]$ 4. Using ipfilter + ipnat, I do source based routing, specifying the correc= t remote gateway to ipfilter: /etc/ipf.rules: pass in quick on em0 to ng0:83.146.18.40 from 192.168.0.212/32 to any /etc/ipnat.rules: map ng0 192.168.0.212/32 -> 0.0.0.0/32 map tun0 192.168.0.0/24 -> 0.0.0.0/32 And voila, it works - LAN machine 192.168.0.212 is using interface ng0, and all other machines are using interface tun0. I assume ipfilter ignores the remote gateway configured against ng0, and simply passes packets directly t= o the (correct) gateway I have configured it with. The main downside is that I have to manually ifconfig the ng0 interface every time that connection is brought up. However I can probably get this done automatically using a script that is executed by mpd every time the interface comes up. So it's not pretty, but it gets the job done. I would very much like to request a fix for future FreeBSD versions to allo= w the user to specify two point-to-point links with the same remote gateway :) I realise it's not standard and in many cases it's an error, but as you can see from the above there are cases where it's necessary, and where it works fine. Thanks again for your help Daniel Tom On 13/01/06, Daniel O'Connor wrote: > > On Fri, 13 Jan 2006 08:07, Tom Jobbins wrote: > > This can be demonstrated from the command line with the following: > > [root@magrathea:~]$ ifconfig tun0 1.2.3.5 1.2.3.250 > > [root@magrathea:~]$ ifconfig tun1 1.2.4.4 1.2.3.250 > > ifconfig: ioctl (SIOCAIFADDR): File exists > > This is really odd, because I don't see this on my machines (as per our > discussion on IRC which you mention below), I did.. > > midget# uname -a > FreeBSD midget.dons.net.au 5.4-STABLE FreeBSD 5.4-STABLE #4: Mon Aug 1 > 09:01:42 CST 2005 darius@midget.dons.net.au > :/usr/src/sys/i386/compile/MIDGET i386 > > midget# cat /dev/tun & > [1] 21524 > midget# cat /dev/tun & > [2] 21525 > midget# ifconfig tun0 > tun0: flags=3D8010 mtu 1500 > midget# ifconfig tun1 > tun1: flags=3D8010 mtu 1500 > Opened by PID 21524 > midget# ifconfig tun2 > tun2: flags=3D8010 mtu 1500 > Opened by PID 21525 > midget# ifconfig tun1 1.2.3.4 1.2.3.254 > midget# ifconfig tun2 1.2.3.5 1.2.3.254 > midget# ifconfig tun1 > tun1: flags=3D8051 mtu 1500 > inet 1.2.3.4 --> 1.2.3.254 netmask 0xff000000 > inet6 fe80::290:27ff:fe45:a94%tun1 prefixlen 64 scopeid 0x8 > Opened by PID 21524 > midget# ifconfig tun2 > tun2: flags=3D8051 mtu 1500 > inet 1.2.3.5 --> 1.2.3.254 netmask 0xff000000 > inet6 fe80::290:27ff:fe45:a94%tun2 prefixlen 64 scopeid 0x9 > Opened by PID 21525 > > I also tried with a netmask of 255.255.255.255 - same result. > > my sysctl.conf contains.. > net.inet.ip.fw.one_pass=3D0 > hw.intr_storm_threshold=3D15000 > hw.snd.maxautovchans=3D4 > hw.snd.pcm0.vchans=3D4 > > My kernel config is pretty standard - I've attached it if you want to loo= k > through it. > > I also tried it on a 6.0 amd64 machine - > FreeBSD eureka.gsoft.com.au 6.0-RC1 FreeBSD 6.0-RC1 #0: Wed Oct 26 > 13:29:47 UTC 2005 root@chungli-pr.gsoft.com.au > :/usr/obj/local0/src/sys/GENESIS amd64 > > Same result.. > > -- > Daniel O'Connor software and network engineer > for Genesis Software - http://www.gsoft.com.au > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > > >