| View previous topic :: View next topic |
| Author |
Message |
VPN-User
n00b
Joined: 03 Feb 2005
Posts: 46
|
 Posted: Mon Aug 14, 2006 9:01 am Post subject: |
 |
|
| UberLord wrote: | | VPN-User wrote: | | I wonder how a new baselayout can go stable when it has not been tested with all features? |
I use OpenVPN to create tap interfaces every day. I know of another Gentoo developer who uses tun instead.
Maybe we didn't have enough people testing with a wide variation of configs and hardware this time - care to help next time?
Do you have hotplug enabled in the kernel? |
I got it working again. I' ve had to add 'tuntap_tap0="tap"' to /etc/conf.d/net to get it to work. It defenitely worked without that line before.
This is something I hate when using Gentoo: Things got changed somewhere without letting the user know. One reboots and things go mad. I use x86 stable because I think it is and things don' t change every other day. And adding some comments to an ebuild is NOT enough, IMHO. Most users can' t even read these messages as they scroll by. Don' t take that personal! |
|
| Back to top |
|
 |
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6274
Location: Blighty
|
| Posted: Mon Aug 14, 2006 9:40 am Post subject: |
|
|
| VPN-User wrote: | | This is something I hate when using Gentoo: Things got changed somewhere without letting the user know. One reboots and things go mad. I use x86 stable because I think it is and things don' t change every other day. And adding some comments to an ebuild is NOT enough, IMHO. Most users can' t even read these messages as they scroll by. Don' t take that personal! |
OK, aside from emailing you personally about changes how do you suggest we inform you?
_________________
When baselayout tells you to update config files or things break WE REALLY DO MEAN IT
Please add SOLVED to the thread title if your issue has been
Strip comments from configs please |
|
| Back to top |
|
|
VPN-User
n00b
Joined: 03 Feb 2005
Posts: 46
|
| Posted: Mon Aug 14, 2006 11:29 am Post subject: |
|
|
| UberLord wrote: | | VPN-User wrote: | | This is something I hate when using Gentoo: Things got changed somewhere without letting the user know. One reboots and things go mad. I use x86 stable because I think it is and things don' t change every other day. And adding some comments to an ebuild is NOT enough, IMHO. Most users can' t even read these messages as they scroll by. Don' t take that personal! |
OK, aside from emailing you personally about changes how do you suggest we inform you? |
I think this is something portage should take care of. Aside from the updated files there should be a changelog available to the user which just shows important changes he should _really_ take care of. These are especially _important_ changes to config files or how options are handled or formatted. etc-update and just showing the differences between files is a way, but not a very user friendly one. For example when the syntax of some baselayout options got changed (this happened in the past and not only one time!), showing the differences between user' s customized /etc/conf.d/net and the updated /net/conf.d/net is just useless because it only consists of the defaults. That way the user will never know of the changed syntax until something gets wrong (most often when he reboots, which is perhaps days later so will he never find out what exactly may caused this). You understand what I mean? At least an emerge history would help partially.
I don' t have an exact idea of how this should be handled, but I think there is need for a solution of that problem. |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6274
Location: Blighty
|
| Posted: Mon Aug 14, 2006 11:38 am Post subject: |
|
|
| VPN-User wrote: | | I don' t have an exact idea of how this should be handled, but I think there is need for a solution of that problem. |
You could always diff the net.example (your current version and the new version) to see any network related changes easily.
But no, we don't have an easy way of informing the user about all the changes.
_________________
When baselayout tells you to update config files or things break WE REALLY DO MEAN IT
Please add SOLVED to the thread title if your issue has been
Strip comments from configs please |
|
| Back to top |
|
|
VPN-User
n00b
Joined: 03 Feb 2005
Posts: 46
|
| Posted: Mon Aug 14, 2006 12:03 pm Post subject: |
|
|
| What about the suggestest ebuild history? It should log when, who, what version and which configfiles have been updated by an emerge. |
|
| Back to top |
|
|
mrfree
Veteran
Joined: 15 Mar 2003
Posts: 1303
Location: Europe.Italy.Sulmona
|
| Posted: Mon Aug 14, 2006 12:55 pm Post subject: |
|
|
| UberLord wrote: | | Do you have hotplug enabled in the kernel? |
| Code: | # cat .config | grep HOTPLUG
CONFIG_HOTPLUG=y
# CONFIG_HOTPLUG_PCI is not set |
I suppose my config files (my prev post) are correct.
_________________
Please EU, pimp my country!
ICE: /etc/init.d/iptables panic |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6274
Location: Blighty
|
| Posted: Mon Aug 14, 2006 1:29 pm Post subject: |
|
|
You need tuntap_tun0="tun" in your config
_________________
When baselayout tells you to update config files or things break WE REALLY DO MEAN IT
Please add SOLVED to the thread title if your issue has been
Strip comments from configs please |
|
| Back to top |
|
|
mrfree
Veteran
Joined: 15 Mar 2003
Posts: 1303
Location: Europe.Italy.Sulmona
|
| Posted: Fri Aug 18, 2006 10:46 am Post subject: |
|
|
| UberLord wrote: | | You need tuntap_tun0="tun" in your config |
Ok now tun0 coming up correcly using net.tun0 script, thanks 
But... I noticed that openvpn however try to setup device
| Code: | Fri Aug 18 12:39:35 2006 us=160261 TUN/TAP device tun0 opened
Fri Aug 18 12:39:35 2006 us=160463 TUN/TAP TX queue length set to 100
Fri Aug 18 12:39:35 2006 us=160643 /sbin/ifconfig tun0 10.11.12.1 pointopoint 10.11.12.2 mtu 1500
Fri Aug 18 12:39:35 2006 us=185171 /sbin/route add -net 192.168.3.0 netmask 255.255.255.0 gw 10.11.12.2
Fri Aug 18 12:39:35 2006 us=208422 /sbin/route add -net 10.11.12.0 netmask 255.255.255.0 gw 10.11.12.2
SIOCADDRT: Il file esiste
Fri Aug 18 12:39:35 2006 us=231530 ERROR: Linux route add command failed: shell command exited with error status: 7
|
I simply used dev tun0 instead of dev tun in openvpn.conf, do I need to change something else?
_________________
Please EU, pimp my country!
ICE: /etc/init.d/iptables panic |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6274
Location: Blighty
|
| Posted: Fri Aug 18, 2006 12:00 pm Post subject: |
|
|
Looks it's bailing on adding the 2nd route - is that set somewhere else already?
_________________
When baselayout tells you to update config files or things break WE REALLY DO MEAN IT
Please add SOLVED to the thread title if your issue has been
Strip comments from configs please |
|
| Back to top |
|
|
mrfree
Veteran
Joined: 15 Mar 2003
Posts: 1303
Location: Europe.Italy.Sulmona
|
| Posted: Fri Aug 18, 2006 3:00 pm Post subject: |
|
|
Ok the problem was the server parameter in openvpn.conf
| man openvpn wrote: | --server network netmask
A helper directive designed to simplify the configuration of OpenVPN's server mode. This directive will set up an OpenVPN server which will allocate addresses to clients out of the given network/netmask. The server itself will take the ".1" address of the given network for use as the server-side endpoint of the local TUN/TAP interface.
For example, --server 10.8.0.0 255.255.255.0 expands as follows:
mode server
tls-server
if dev tun:
ifconfig 10.8.0.1 10.8.0.2
ifconfig-pool 10.8.0.4 10.8.0.251
route 10.8.0.0 255.255.255.0
if client-to-client:
push "route 10.8.0.0 255.255.255.0"
else
push "route 10.8.0.1"
|
I simply split "server 10.8.0.0 255.255.255.0" over openvpn.conf
| Code: | mode server
tls-server
ifconfig-pool 10.8.0.4 10.8.0.251
push "route 10.8.0.0 255.255.255.0" |
and net.tun0
| Code: | tuntap_tun0="tun"
config_tun0=( "10.8.0.1 pointopoint 10.8.0.2 mtu 1500" )
routes_tun0=( "10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2 metric 0") |
Now all seems to works well 
_________________
Please EU, pimp my country!
ICE: /etc/init.d/iptables panic |
|
| Back to top |
|
|
Helix
n00b
Joined: 09 Jun 2005
Posts: 24
|
| Posted: Tue Jul 01, 2008 9:58 pm Post subject: |
|
|
Two years later, and still the same problem:
Doing exactly the thing above I do not get a connection, when I split the commands. The logs look identical and so do the routing tables on both ends. Still, the "server" directive is working, while the other commands are not. I have no idea what this might be. Any idea ?
Thanks. |
|
| Back to top |
|
|
Helix
n00b
Joined: 09 Jun 2005
Posts: 24
|
| Posted: Fri Jul 04, 2008 3:25 pm Post subject: |
|
|
Ok, problem was solved:
Instead of using
| Code: | tuntap_tun0="tun"
config_tun0=( "10.8.0.1 pointopoint 10.8.0.2 mtu 1500" )
routes_tun0=( "10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2 metric 0") |
one has to use
| Code: | tuntap_tun0="tun"
config_tun0=( "10.8.0.1 peer 10.8.0.2 mtu 1500" )
routes_tun0=( "10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2 metric 0") |
which uses iproute2 instead of ifconfig. Now everything is working. |
|
| Back to top |
|
|
|
Networking & Security
