Solved Multiple IPs in different subnets - default routing

Hello!
I have a weird setup here whereby I have two IP addresses available, say:
22.33.44.187, netmask 255.255.255.128, default gateway 22.33.44.129
13.33.44.92, netmask 255.255.255.0, default gateway 13.33.44.1

I'd like to set up the two IPs so that one (22.33.44.187 in this example) is used mainly for a VPN (both routing out (using IPNAT currently), and listening for VPN connections) and the other (13.33.44.92) for other things (as a primary IP address).

My problem is I can set one default route. Ideally I would like to set a different default route for outgoing packets for each IP rather than a default route for the whole system.

How can this be done?

Thanks in advance!
 
You can have multiple routing tables and thus default gateways for different processes, see setfib(1). I am not sure, if you need them, but may be the case if you want to send traffic originating from VPN clients via different interface that is default for local traffic etc.
 
You can have multiple routing tables and thus default gateways for different processes, see setfib(1). I am not sure, if you need them, but may be the case if you want to send traffic originating from VPN clients via different interface that is default for local traffic etc.

How would I do this with a NAT for the routing within the VPN? It sounds a bit awkward to setup.
 

junovitch@

Developer
If I understand your requirements right, I would explore something along the lines of this. I haven't tried anything quite like this so I would be glad to hear what you come up with and if this is helpful:

- 13.33.44.92, netmask 255.255.255.0, default gateway 13.33.44.1
Leave this in the default FIB since it's the primary IP.

- 22.33.44.187, netmask 255.255.255.128, default gateway 22.33.44.129
Make this in an alternate FIB. You do need to reboot the system after setting this since multiple routing tables can only be set at boot.
echo 'net.fibs=2' >> /boot/loader.conf

Set a default route on the FIB.
/etc/rc.conf
Code:
static_routes="fibdefault"
route_fibdefault="default 22.33.44.129 -fib 1

For the VPN, I believe this would be the correct syntax for something like OpenVPN. Hypothetically this would result in OpenVPN's tunnel being created in the same FIB the process runs in and this should just work. What I'm not sure of here is the firewall. I'm thinking since you aren't using the firewall to shift packets from one FIB to another then it may not matter.
Code:
openvpn_fib='1'
 
Last edited:
If I understand your requirements right, I would explore something along the lines of this. I haven't tried anything quite like this so I would be glad to hear what you come up with and if this is helpful:

- 13.33.44.92, netmask 255.255.255.0, default gateway 13.33.44.1
Leave this in the default FIB since it's the primary IP.

- 22.33.44.187, netmask 255.255.255.128, default gateway 22.33.44.129
Make this in an alternate FIB. You do need to reboot the system after setting this since multiple routing tables can only be set at boot.
echo 'net.fibs=2' >> /boot/loader.conf

Set a default route on the FIB.
/etc/rc.conf
Code:
static_routes="fibdefault"
route_fibdefault="default 22.33.44.129 -fib 1

For the VPN, I believe this would be the correct syntax for something like OpenVPN. Hypothetically this would result in OpenVPN's tunnel being created in the same FIB the process runs in and this should just work. What I'm not sure of here is the firewall. I'm thinking since you aren't using the firewall to shift packets from one FIB to another then it may not matter.
Code:
openvpn_fib='1'

It's been a long time since I posted this...
Anyway, I just tried it out and it works perfectly! Surprisingly easy to use too. I found once I had the fibs enabled I could simply manipulate them by placing setfib 1 in front of a command (like setfib 1 netstat -rn) which is really nice.

This is something I was going crazy trying to work out on a Linux box a while back and ended up having to use additional IPs on at the other end so I could set static routes. This FIB solution on FreeBSD is just incredible!

Thank you very much :)
 

junovitch@

Developer
...
This is something I was going crazy trying to work out on a Linux box a while back and ended up having to use additional IPs on at the other end so I could set static routes. This FIB solution on FreeBSD is just incredible!
...
The Linux and FreeBSD solutions both have their merits and sometimes the extra complexity of the Linux way has helped me solve problems in the past. At the same time for the simple stuff the FreeBSD FIBs just work and in my opinion are easier to understand and configure.

Thanks for the update by the way! It's good to hear months later that everything worked out so I went ahead and tagged this thread as solved for you.
 
Top