Permanent Routing Issues

Kernels & Hardware, configuring network, installing services

Permanent Routing Issues

Postby Pilferererer » 2018-01-26 15:29

Hello,

I have the following setup for my debian VPN server with two physical NICs. I can get all of the following to issue and routing works perfectly with some ip NAT tables and FORWARD tables but these won't stick on reboot.
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback

allow hot-plug eth0
iface eth0 inet static
hwaddress ether ##:##:##:##:##:##
adddress 192.168.2.2
netmask 255.255.255.0
network 192.168.2.0
broadcast 19.168.2.255
gateway 192.168.2.1
dns-servers 208.67.220.220 208.67.222.222
post-up ip route add default gw 192.168.2.1 eth0
post-up ip route add 192.168.2.0/24 dev eth0 src 192.168.2.2 NIC_eth0
post-up ip route add default via 192.168.2.1 dev eth0 table NIC_eth0
post-up ip rule add from 192.168.2.2/32 table NIC_eth0
post-up ip rule add to 192.168.2.2/32 table NIC_eth0

allow hot-plug eth1
iface eth1 inet static
hwaddress ether ##:##:##:##:##:##
address 192.168.3.1
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255
gateway 192.168.3.1
dns-nameservers 208.67.220.220 208.67.222.222
post-up ip route add default gw 192.168.3.1 eth1

Nothing is sticking for some reason I don't see any errors in dmesg - maybe logging isn't high enough or something?
Pilferererer
 
Posts: 3
Joined: 2018-01-26 14:58

Re: Permanent Routing Issues

Postby bw123 » 2018-01-26 16:23

allow hot-plug eth0


Code: Select all
man interfaces | grep 'allow hot-plug'
echo $?
1
User avatar
bw123
 
Posts: 2748
Joined: 2011-05-09 06:02
Location: TN_USA

Re: Permanent Routing Issues

Postby Pilferererer » 2018-01-26 16:56

Soooo. the cryptic response is telling me the allow hot-plug is returning a 1 which is meaning it is wrong, thanks - not sure if you are being a smartass or what but thanks for pointing me in the right direction
Pilferererer
 
Posts: 3
Joined: 2018-01-26 14:58

Re: Permanent Routing Issues

Postby bw123 » 2018-01-26 17:36

Pilferererer wrote:Soooo. the cryptic response is telling me the allow hot-plug is returning a 1 which is meaning it is wrong, thanks - not sure if you are being a smartass or what but thanks for pointing me in the right direction


Yeah, maybe I was a little short, but I thought your "Nothing is sticking for some reason" cryptic.

I like ifupdown, but it is unforgiving with syntax. Also it has some strange quirks, sometimes I use something like this with post-up commands

Code: Select all
post-up domystuff.sh || true


The allow-hotplug works better for me most of the time. This doesn't seem to actually bring the network up immediately thouthg when using systemd. Maybe auto would be better for you, so try that. The way I understand it, the interfaces file is ran as one big event by systemd. Some services you expect to 'up' might not be available yet.

Also, when using static with ifupdown, I have found it is really necessary to use an address outside of the range of any dhcp server that is running. I haven't setup any vpn myself this way, so I can't help more with that.

ifupdown has seen a lot of use, so there should be a huge amount of information for you to look through on the forum, and the internet. There is really great documentation available in the man pages for interfaces, ifup, ifdown as well as /usr/share/doc/ifupdown

Hang in there, it's all a learning process.

Good Luck.
User avatar
bw123
 
Posts: 2748
Joined: 2011-05-09 06:02
Location: TN_USA

Re: Permanent Routing Issues

Postby Pilferererer » 2018-01-26 18:16

Thank you, I didn't mean to be cryptic, I guess what I meant was the resulting network interface configuration and rules and routing left me _without_ some of the post-up routes and rules. Meaning that the post-up stuff is being skipped completely for some reason and it seems to just be doing configuration based on ARP. The configuration of the individual interfaces eth0 and eth1 is taking successfully. It is just the route and rules.

I see so much reference to using a script and calling that on startup, to do it in /etc/network/interfaces, to do it with iproute2, all over the place but nothing seems to work :(

Seems like it should just work in /etc/network/interfaces - I'll try some of the things you recommended. The VPN stuff interestingly enough works fine when openvpn daemons are kicked off, the iptables stuff all works too for FORWARD and MASQUERADE and entries created by the daemon which setting up is so much more complex. Just wish this other stuff would work.

thanks!
Pilferererer
 
Posts: 3
Joined: 2018-01-26 14:58


Return to System configuration

Who is online

Users browsing this forum: No registered users and 8 guests

fashionable