Alexandre de Verteuil <alexandre@deverteuil.net> writes:
I was happily configuring static and dynamic networking in my home network using systemd.netdev and systemd.network unit files until I needed static routes for my site-to-site VPN setup. I'm still investigating the root cause, but basically routes don't get added and I get the following error message in the journal:
systemd-networkd[4468]: br0: Could not set route: Network is unreachable
* Simon Gomizelj <simon@vodik.xyz> [2016-04-26 01:07] :
What's the VPN technology?
If you're trying to add routes to traverse the VPN before the VPN connection is established, its going to fail. The robust thing to do is configure your VPN client software to add or remove routes. I know for sure that both OpenVPN and pptpclient have ways of doing that.
Le 26/04/2016 à 18:18, Alexandre de Verteuil a écrit :
I'm using OpenVPN. However, I'll need to set up static routes manually anyways for the following reasons:
- the VPN server is not on the same machine as the Internet gateway, so I also need to add static routes on the router with the OpenVPN server as the next hop.
- I also plan to create VLANS for management, testing and security. I know it's overkill for a home network but it's also a lab for learning so regardless of the VPN I'm going to need to configure static routes.
The router will soon be replaced by an Archlinux box. Right now I'm testing network configuration on virtual machines. My current router is an all-in-one residential DSL modem and doesn't support anything I want to do. In the meantime, my OpenVPN server does IP masquerade.
Regards,
* Bruno Pagani <bruno.pagani@ens-lyon.org> [2016-04-26 18:51] :
OpenVPN supports scripts as “hooks” to be run when the connection goes up or down. For instance, I have this at the end of my conf: up /etc/openvpn/dns.up
Where the dns.up file is a script I wrote, which contains the following: #!/usr/bin/sh ip route add table dns.out default dev $dev
Where dns.out is a custom routing table that I’ve created before.
You might want to take a look at OpenVPN doc to know what vars are available in those script.
I think this can help you do what you want to achieve in the most proper manner (that I’m aware of). ;)
Bruno
Hi Bruno, I didn't realize there were so many options to configure routing directly from OpenVPN! That's fanstastic and I'll look into it. I can probably even get my OpenVPN server to configure the router over SSH as well (eventually)! Also, by doing more tests, I was able to properly configure static routes with systemd-networkd after all. The interface must be statically configured and the next hop (Gateway) must be in an existing route, so it doesn't work well with DHCP or OpenVPN since the interfaces are not set up by the time systemd-networkd tries to set up routes. In the end you are right, it is cleaner and easier to let OpenVPN manage routes. Regards, -- Alexandre de Verteuil <alexandre@deverteuil.net> public key ID : 0xDD237C00 http://alexandre.deverteuil.net/