[arch-general] Advantages of netctl over systemd-networkd?
Bruno Pagani
bruno.pagani at ens-lyon.org
Tue Apr 26 16:51:16 UTC 2016
Le 26/04/2016 à 18:18, Alexandre de Verteuil a écrit :
> * Simon Gomizelj <simon at vodik.xyz> [2016-04-26 01:07] :
>> Alexandre de Verteuil <alexandre at deverteuil.net> writes:
>>> I was happily configuring static and dynamic networking in my home
>>> network using systemd.netdev and systemd.network unit files until
>>> I needed static routes for my site-to-site VPN setup. I'm still
>>> investigating the root cause, but basically routes don't get added and I
>>> get the following error message in the journal:
>>>
>>> systemd-networkd[4468]: br0: Could not set route: Network is unreachable
>>>
>> What's the VPN technology?
>>
>> If you're trying to add routes to traverse the VPN before the VPN
>> connection is established, its going to fail. The robust thing to do is
>> configure your VPN client software to add or remove routes. I know for
>> sure that both OpenVPN and pptpclient have ways of doing that.
> I'm using OpenVPN. However, I'll need to set up static routes manually
> anyways for the following reasons:
>
> - the VPN server is not on the same machine as the Internet gateway, so
> I also need to add static routes on the router with the OpenVPN server
> as the next hop.
>
> - I also plan to create VLANS for management, testing and security. I
> know it's overkill for a home network but it's also a lab for learning
> so regardless of the VPN I'm going to need to configure static routes.
>
> The router will soon be replaced by an Archlinux box. Right now I'm
> testing network configuration on virtual machines. My current router is
> an all-in-one residential DSL modem and doesn't support anything I want
> to do. In the meantime, my OpenVPN server does IP masquerade.
>
> Regards,
OpenVPN supports scripts as “hooks” to be run when the connection goes
up or down. For instance, I have this at the end of my conf:
up /etc/openvpn/dns.up
Where the dns.up file is a script I wrote, which contains the following:
#!/usr/bin/sh
ip route add table dns.out default dev $dev
Where dns.out is a custom routing table that I’ve created before.
You might want to take a look at OpenVPN doc to know what vars are
available in those script.
I think this can help you do what you want to achieve in the most proper
manner (that I’m aware of). ;)
Bruno
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20160426/70424af4/attachment.asc>
More information about the arch-general
mailing list