Here’s a puzzle for you networking specialists:
I’m coding an IP tunnel for our laser communication system. Basically it’s a pair of lasers that send / receive raw serial data, and I’m coding a simple TUN wrapper to send/receive IP packets over the laser link. Think of it as PPP but customized for the idiosyncrasies of our laser system.
It works fine: I have one laser connected to one machine with one instance of my IP tunnel software running on that machine, the same setup on another machine, and I can network just fine between the two.
But here’s my problem: those machines are at work and I’m currently sitting at home and working remotely, the second machine has crashed and I have no intention to go to the office just to reboot the damn thing.
But all is not lost!
The first machine happens to have another, unused laser aimed at the same target connected to it. Technically, I can open a serial terminal on one laser’s serial device file, another serial terminal on the second laser’s serial device file, and send / receive data between the two - to / from the same machine.
My question is this: can I somehow create two TUN network interfaces - one for one laser, one for the other laser - on the same machine, and somehow configure them so one is only reachable through the tunnel and not directly?
Or more concretely, here are the two tunnels setup on the first machine:
tun10: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 172.17.3.10 netmask 255.255.255.0 destination 172.17.3.10
inet6 fe80::48a7:298c:c6dc:bae prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 4 bytes 192 (192.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5 bytes 240 (240.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun11: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 172.17.3.11 netmask 255.255.255.0 destination 172.17.3.11
inet6 fe80::82b2:44f6:d510:c227 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 2 bytes 96 (96.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4 bytes 192 (192.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
I want to telnet to 172.17.3.10 through 172.17.3.11 and vice-versa. But of course, as it is now, if I telnet to either of those IPs, the kernel basically talks to itself and doesn’t route anything out.
Naturally, I could setup a virtual machine and install a guest Linux OS just to run the second tunnel. But it seems like a sledgehammer approach to what should be a simple configuration job.
Can it be done? I can’t think of a way. But then I’m not much of a networking guy 🙂
BTW, from your username, are you familiar with !Dullsters@dullsters.net ?
Okay so I did that, ran a shell in the alternate namespace, but the networking was pretty much blank. So I gave tun11 an IP again with ifconfig, then added a host route to the first machine, and ta-da: I can SSH to tun10 through the serial loop. Nice!
Thanks, I learned something new today.
I am a member of !dull_mens_club@lemmy.world 🙂 There’s more than one venue for dull men.
Out of curiosity, what were these commands? I’m a bit confused because I figured that just adding the IP+mask would be sufficient, without having to explicitly add a host route.
I did this (after the two tun devices were up):
ip netns add tun11 ip link set tun11 netns tun11 ip netns exec tun11 /usr/bin/bash ifconfig tun11 172.17.3.11 route add -host 172.17.3.10 gw 172.17.3.11Ah, I see. That works too, but I usually find it easier to set the subnet mask for the first interface, so that there’s no hard-coding of a route to every intended destination, even if it’s just one.
With ifconfig, that might look like:
With the moden “ip” command, it’s even less typing:
ip addr add 172.17.3.11/24 dev tun11