Multiple instances openvpn

Message

VPN-User · Post by **VPN-User** » Mon Aug 14, 2006 9:01 am

UberLord wrote:
VPN-User wrote:I wonder how a new baselayout can go stable when it has not been tested with all features?
I use OpenVPN to create tap interfaces every day. I know of another Gentoo developer who uses tun instead.

Maybe we didn't have enough people testing with a wide variation of configs and hardware this time - care to help next time?

Do you have hotplug enabled in the kernel?

I got it working again. I' ve had to add 'tuntap_tap0="tap"' to /etc/conf.d/net to get it to work. It defenitely worked without that line before.

This is something I hate when using Gentoo: Things got changed somewhere without letting the user know. One reboots and things go mad. I use x86 stable because I think it is and things don' t change every other day. And adding some comments to an ebuild is NOT enough, IMHO. Most users can' t even read these messages as they scroll by. Don' t take that personal!

UberLord · Post by **UberLord** » Mon Aug 14, 2006 9:40 am

VPN-User wrote:This is something I hate when using Gentoo: Things got changed somewhere without letting the user know. One reboots and things go mad. I use x86 stable because I think it is and things don' t change every other day. And adding some comments to an ebuild is NOT enough, IMHO. Most users can' t even read these messages as they scroll by. Don' t take that personal!

OK, aside from emailing you personally about changes how do you suggest we inform you?

VPN-User · Post by **VPN-User** » Mon Aug 14, 2006 11:29 am

UberLord wrote:
VPN-User wrote:This is something I hate when using Gentoo: Things got changed somewhere without letting the user know. One reboots and things go mad. I use x86 stable because I think it is and things don' t change every other day. And adding some comments to an ebuild is NOT enough, IMHO. Most users can' t even read these messages as they scroll by. Don' t take that personal!
OK, aside from emailing you personally about changes how do you suggest we inform you?

I think this is something portage should take care of. Aside from the updated files there should be a changelog available to the user which just shows important changes he should _really_ take care of. These are especially _important_ changes to config files or how options are handled or formatted. etc-update and just showing the differences between files is a way, but not a very user friendly one. For example when the syntax of some baselayout options got changed (this happened in the past and not only one time!), showing the differences between user' s customized /etc/conf.d/net and the updated /net/conf.d/net is just useless because it only consists of the defaults. That way the user will never know of the changed syntax until something gets wrong (most often when he reboots, which is perhaps days later so will he never find out what exactly may caused this). You understand what I mean? At least an emerge history would help partially.

I don' t have an exact idea of how this should be handled, but I think there is need for a solution of that problem.

UberLord · Post by **UberLord** » Mon Aug 14, 2006 11:38 am

VPN-User wrote:I don' t have an exact idea of how this should be handled, but I think there is need for a solution of that problem.

You could always diff the net.example (your current version and the new version) to see any network related changes easily.

But no, we don't have an easy way of informing the user about all the changes.

VPN-User · Post by **VPN-User** » Mon Aug 14, 2006 12:03 pm

What about the suggestest ebuild history? It should log when, who, what version and which configfiles have been updated by an emerge.

mrfree · Post by **mrfree** » Mon Aug 14, 2006 12:55 pm

UberLord wrote:Do you have hotplug enabled in the kernel?

Code: Select all

# cat .config | grep HOTPLUG
CONFIG_HOTPLUG=y
# CONFIG_HOTPLUG_PCI is not set

I suppose my config files (my prev post) are correct.

UberLord · Post by **UberLord** » Mon Aug 14, 2006 1:29 pm

You need tuntap_tun0="tun" in your config

mrfree · Post by **mrfree** » Fri Aug 18, 2006 10:46 am

UberLord wrote:You need tuntap_tun0="tun" in your config

Ok now tun0 coming up correcly using net.tun0 script, thanks

But... I noticed that openvpn however try to setup device

Code: Select all

Fri Aug 18 12:39:35 2006 us=160261 TUN/TAP device tun0 opened
Fri Aug 18 12:39:35 2006 us=160463 TUN/TAP TX queue length set to 100
Fri Aug 18 12:39:35 2006 us=160643 /sbin/ifconfig tun0 10.11.12.1 pointopoint 10.11.12.2 mtu 1500
Fri Aug 18 12:39:35 2006 us=185171 /sbin/route add -net 192.168.3.0 netmask 255.255.255.0 gw 10.11.12.2
Fri Aug 18 12:39:35 2006 us=208422 /sbin/route add -net 10.11.12.0 netmask 255.255.255.0 gw 10.11.12.2
SIOCADDRT: Il file esiste
Fri Aug 18 12:39:35 2006 us=231530 ERROR: Linux route add command failed: shell command exited with error status: 7

I simply used dev tun0 instead of dev tun in openvpn.conf, do I need to change something else?

UberLord · Post by **UberLord** » Fri Aug 18, 2006 12:00 pm

Looks it's bailing on adding the 2nd route - is that set somewhere else already?

mrfree · Post by **mrfree** » Fri Aug 18, 2006 3:00 pm

Ok the problem was the server parameter in openvpn.conf

man openvpn wrote:--server network netmask
A helper directive designed to simplify the configuration of OpenVPN's server mode. This directive will set up an OpenVPN server which will allocate addresses to clients out of the given network/netmask. The server itself will take the ".1" address of the given network for use as the server-side endpoint of the local TUN/TAP interface.

For example, --server 10.8.0.0 255.255.255.0 expands as follows:

mode server
tls-server

if dev tun:
ifconfig 10.8.0.1 10.8.0.2
ifconfig-pool 10.8.0.4 10.8.0.251
route 10.8.0.0 255.255.255.0
if client-to-client:
push "route 10.8.0.0 255.255.255.0"
else
push "route 10.8.0.1"

I simply split "server 10.8.0.0 255.255.255.0" over openvpn.conf

Code: Select all

mode server
tls-server
ifconfig-pool 10.8.0.4 10.8.0.251
push "route 10.8.0.0 255.255.255.0"

and net.tun0

Code: Select all

tuntap_tun0="tun"
config_tun0=( "10.8.0.1 pointopoint 10.8.0.2 mtu 1500" )
routes_tun0=( "10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2 metric 0")

Now all seems to works well

Helix · Post by **Helix** » Tue Jul 01, 2008 9:58 pm

Two years later, and still the same problem:

Doing exactly the thing above I do not get a connection, when I split the commands. The logs look identical and so do the routing tables on both ends. Still, the "server" directive is working, while the other commands are not. I have no idea what this might be. Any idea ?

Thanks.

Helix · Post by **Helix** » Fri Jul 04, 2008 3:25 pm

Ok, problem was solved:
Instead of using

Code: Select all

tuntap_tun0="tun"
config_tun0=( "10.8.0.1 pointopoint 10.8.0.2 mtu 1500" )
routes_tun0=( "10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2 metric 0")

one has to use

Code: Select all

tuntap_tun0="tun"
config_tun0=( "10.8.0.1 peer 10.8.0.2 mtu 1500" )
routes_tun0=( "10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2 metric 0")

which uses iproute2 instead of ifconfig. Now everything is working.