Two PPP connections to the same ISP with same remote gateway

Tom Jobbins tomjobbins at gmail.com
Fri Jan 13 10:20:38 PST 2006 

I'm not sure if my messages are being received to the mailing list ok.  Just
in case the previous one didn't get through, the summary was:
when tun0/tun1 are created with cat /dev/tun &, it is indeed possible to
configure both with the same remote gateway.  In all other circumstances,
e.g. when they are created by ppp, it is not possible.

I have found a solution.  It's messy as hell, but it does seem to work.

Here's what I do:

1. Bring up the first connection with ppp, or mpd
2. Bring up the second connection with mpd - it has to be mpd because ppp
will shut the connection down when it fails to set the IP address.  mpd
leaves the connection open, just with no IP address set.

At this point, ifconfig shows:

tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
        inet 87.74.2.230 --> 83.146.18.40 netmask 0xffffffff
        Opened by PID 879
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1492
        inet6 fe80::20e:cff:fea1:bf55%ng1 prefixlen 64 scopeid 0x5

3. Manually ifconfig the mpd interface (ng0) setting the correct IP address
(which I see in the mpd logs), and an incorrect gateway:

[root at magrathea:~]$ /sbin/ifconfig ng1 87.74.29.242 83.146.18.99 netmask
0xffffffff -link0
[root at magrathea:~]$

4. Using ipfilter + ipnat, I do source based routing, specifying the correct
remote gateway to ipfilter:
/etc/ipf.rules:
pass in quick on em0 to ng0:83.146.18.40 from 192.168.0.212/32 to any
/etc/ipnat.rules:
map ng0 192.168.0.212/32 -> 0.0.0.0/32
map tun0 192.168.0.0/24 -> 0.0.0.0/32

And voila, it works - LAN machine 192.168.0.212 is using interface ng0, and
all other machines are using interface tun0.  I assume ipfilter ignores the
remote gateway configured against ng0, and simply passes packets directly to
the (correct) gateway I have configured it with.

The main downside is that I have to manually ifconfig the ng0 interface
every time that connection is brought up.  However I can probably get this
done automatically using a script that is executed by mpd every time the
interface comes up.

So it's not pretty, but it gets the job done.

I would very much like to request a fix for future FreeBSD versions to allow
the user to specify two point-to-point links with the same remote gateway
:)  I realise it's not standard and in many cases it's an error, but as you
can see from the above there are cases where it's necessary, and where it
works fine.

Thanks again for your help Daniel


Tom



On 13/01/06, Daniel O'Connor <doconnor at gsoft.com.au> wrote:
>
> On Fri, 13 Jan 2006 08:07, Tom Jobbins wrote:
> > This can be demonstrated from the command line with the following:
> > [root at magrathea:~]$ ifconfig tun0 1.2.3.5 1.2.3.250
> > [root at magrathea:~]$ ifconfig tun1 1.2.4.4 1.2.3.250
> > ifconfig: ioctl (SIOCAIFADDR): File exists
>
> This is really odd, because I don't see this on my machines (as per our
> discussion on IRC which you mention below), I did..
>
> midget# uname -a
> FreeBSD midget.dons.net.au 5.4-STABLE FreeBSD 5.4-STABLE #4: Mon Aug  1
> 09:01:42 CST 2005    darius at midget.dons.net.au
> :/usr/src/sys/i386/compile/MIDGET  i386
>
> midget# cat /dev/tun &
> [1] 21524
> midget# cat /dev/tun &
> [2] 21525
> midget# ifconfig tun0
> tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
> midget# ifconfig tun1
> tun1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
>         Opened by PID 21524
> midget# ifconfig tun2
> tun2: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
>         Opened by PID 21525
> midget# ifconfig tun1 1.2.3.4 1.2.3.254
> midget# ifconfig tun2 1.2.3.5 1.2.3.254
> midget# ifconfig tun1
> tun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
>         inet 1.2.3.4 --> 1.2.3.254 netmask 0xff000000
>         inet6 fe80::290:27ff:fe45:a94%tun1 prefixlen 64 scopeid 0x8
>         Opened by PID 21524
> midget# ifconfig tun2
> tun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
>         inet 1.2.3.5 --> 1.2.3.254 netmask 0xff000000
>         inet6 fe80::290:27ff:fe45:a94%tun2 prefixlen 64 scopeid 0x9
>         Opened by PID 21525
>
> I also tried with a netmask of 255.255.255.255 - same result.
>
> my sysctl.conf contains..
> net.inet.ip.fw.one_pass=0
> hw.intr_storm_threshold=15000
> hw.snd.maxautovchans=4
> hw.snd.pcm0.vchans=4
>
> My kernel config is pretty standard - I've attached it if you want to look
> through it.
>
> I also tried it on a 6.0 amd64 machine -
> FreeBSD eureka.gsoft.com.au 6.0-RC1 FreeBSD 6.0-RC1 #0: Wed Oct 26
> 13:29:47 UTC 2005     root at chungli-pr.gsoft.com.au
> :/usr/obj/local0/src/sys/GENESIS  amd64
>
> Same result..
>
> --
> Daniel O'Connor software and network engineer
> for Genesis Software - http://www.gsoft.com.au
> "The nice thing about standards is that there
> are so many of them to choose from."
>   -- Andrew Tanenbaum
> GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
>
>
>

More information about the freebsd-stable mailing list