Unroutable packer to specific IP forces process to run
aryeh.friedman at gmail.com
Thu Aug 6 22:13:56 UTC 2020
On Thu, Aug 6, 2020 at 5:58 PM Don Wilde <dwilde1 at gmail.com> wrote:
> On 8/6/20 2:40 PM, Aryeh Friedman wrote:
> On Thu, Aug 6, 2020 at 5:39 PM Don Wilde <dwilde1 at gmail.com> wrote:
>> On 8/6/20 2:35 PM, Aryeh Friedman wrote:
>> On Thu, Aug 6, 2020 at 5:33 PM Don Wilde <dwilde1 at gmail.com> wrote:
>>> On 8/6/20 2:30 PM, Aryeh Friedman wrote:
>>> > I have VPN that has stability problems (the fault of the ISP and they
>>> > it) I have set up one my FreeBSD machine as a router for that specific
>>> > # on non-gateway machines in /etc/rc.conf
>>> > static_routes="internalnet2"
>>> > route_internalnet2="-net 10.31.10.0/24 192.168.11.60"
>>> > Is there any way to force the gateway machine to run a preset command
>>> > 10.31.10.0/24 is unreachable? (i.e. reset the connection)
>>> What about a simple scripted cron-job ping, Aryeh? Sometimes the
>>> simplest solutions are the best.
>> The amount time the connection stays up is unpredictable and due to the
>> use case it needs to be repaired immediately if down (not even a 5 min
>> delay for cron to do its normal wake up and look for a job is acceptable)
>> So how about a simple C daemon that pings every ten seconds? Just set the
>> ping count to 1.
> System load. (the gateway also hosts 3 moderately used VM's)
> Okay, so forget a system() call to ping. Send a packet directly to
> something on the target from the C code. Even simpler, just call
> getaddrinfo() on host:port of a machine at the "other" end.
I have written ICMP (clone of ping with some extras covered by a NDA) in
the past and this is not as simple as it sounds (I thought it was a
afternoon project it ended up taking 3 weeks [I learned a lot though])
> Honestly, I don't think you can get any simpler than this, Aryeh. There's
> only so much you can juggle, and no existing package is going to be any
> faster or more specifically better than what you code yourself.
I know a site that has done just this and gone a step farther and have a
per user ACL for access to the net (it is a public access free shell
provider m-net.arbornet.org) and it works perfectly with almost zero system
load (they did say it took a kernel modification and thus me looking for a
> We also, IIRC, talked about how your bosses are screwing you out of
> necessary resources. Sooner or later you're going to have to address that
> issue head-on, but YMMV and beyond what we've already discussed it's not my
Client and not boss in this case (I am a freelancer) and in this case the
cost of a second license is greater than their annual income (the vendor
has a really odd pricing model since the first license is quite affordable
and everyone after 2 is affordable but the second one is not) and thus I
actually agree with them that it is not an option.
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
More information about the freebsd-questions