Testing an IP tunnel with a single Linux machine

Here's a puzzle for you networking specialists:

I'm coding an IP tunnel for our laser communication system. Basically it's a pair of lasers that send / receive raw serial data, and I'm coding a simple TUN wrapper to send/receive IP packets over the laser link. Think of it as PPP but customized for the idiosyncrasies of our laser system.

It works fine: I have one laser connected to one machine with one instance of my IP tunnel software running on that machine, the same setup on another machine, and I can network just fine between the two.

But here's my problem: those machines are at work and I'm currently sitting at home and working remotely, the second machine has crashed and I have no intention to go to the office just to reboot the damn thing.

But all is not lost!

The first machine happens to have another, unused laser aimed at the same target connected to it. Technically, I can open a serial terminal on one laser's serial device file, another serial terminal on the second laser's serial device file, and send / receive data between the two - to / from the same machine.

My question is this: can I somehow create two TUN network interfaces - one for one laser, one for the other laser - on the same machine, and somehow configure them so one is only reachable through the tunnel and not directly?

Or more concretely, here are the two tunnels setup on the first machine:

    
tun10: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500  
        inet 172.17.3.10  netmask 255.255.255.0  destination 172.17.3.10  
        inet6 fe80::48a7:298c:c6dc:bae  prefixlen 64  scopeid 0x20<link>  
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)  
        RX packets 4  bytes 192 (192.0 B)  
        RX errors 0  dropped 0  overruns 0  frame 0  
        TX packets 5  bytes 240 (240.0 B)  
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0  

tun11: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500  
        inet 172.17.3.11  netmask 255.255.255.0  destination 172.17.3.11  
        inet6 fe80::82b2:44f6:d510:c227  prefixlen 64  scopeid 0x20<link>  
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)  
        RX packets 2  bytes 96 (96.0 B)  
        RX errors 0  dropped 0  overruns 0  frame 0  
        TX packets 4  bytes 192 (192.0 B)  
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0  
  

  

I want to telnet to 172.17.3.10 through 172.17.3.11 and vice-versa. But of course, as it is now, if I telnet to either of those IPs, the kernel basically talks to itself and doesn't route anything out.

Naturally, I could setup a virtual machine and install a guest Linux OS just to run the second tunnel. But it seems like a sledgehammer approach to what should be a simple configuration job.

Can it be done? I can't think of a way. But then I'm not much of a networking guy 🙂