| View previous topic :: View next topic |
| Author |
Message |
ksool
Guru
Joined: 27 May 2006
Posts: 337
Location: Cambridge, MA
|
 Posted: Tue Aug 28, 2007 4:21 pm Post subject: dhcpcd clobbers OpenVPN routes |
 |
|
Hey all,
I've recently switched over to using resolvconf to keep my local djddns dns cache happy and things have been going fairly smoothly (thanks to uberlord). My one problem now though, is that when using openvpn on a dhcpcd connection, every so often my route to the vpn server will be removed as well as my dns information in resolvconf.
I've currently set dhcpcd to use the -N -R flags, and I've tried adjusting the requested lease times, but I can't get an infinite lease and the problem persists with anything else. I can't tell if this is a problem with dhcp rebinding/leasing or if I'm losing the dhcp connection and being forced to re-establish it.
Any ideas?
Also, on a perhaps relevant sidenote: I've been having trouble with the wireless init scripts and I don't know if its a script problem, a wpa_supplicant problem or a driver problem. When I call the init script, it generally times out, but then connects in the background. /var/log/messages looks like this: (I'm using bcm43xx but this seems to occur with ndiswrapper as well)
| Code: |
Aug 28 11:54:45 doris bcm43xx: Keys cleared
Aug 28 11:54:45 doris bcm43xx: Selected 802.11 core (phytype 2)
Aug 28 11:54:46 doris SoftMAC: Open Authentication completed with 00:01:f4:7c:f7:e0
Aug 28 11:54:46 doris bcm43xx: set security called, .level = 0, .enabled = 0, .encrypt = 0
Aug 28 11:54:46 doris bcm43xx: set security called, .level = 0, .enabled = 0, .encrypt = 0
Aug 28 11:54:46 doris bcm43xx: set security called, .level = 0, .enabled = 0, .encrypt = 0
Aug 28 11:54:46 doris bcm43xx: set security called, .level = 0, .enabled = 0, .encrypt = 0
Aug 28 11:55:16 doris rc-scripts: Failed to configure wlan0 in the background
Aug 28 11:55:17 doris SoftMAC: Open Authentication completed with 00:01:f4:7c:f7:e0
Aug 28 11:55:17 doris wpa_cli: interface wlan0 CONNECTED
Aug 28 11:55:18 doris dhcpcd[23008]: wlan0: dhcpcd 3.0.16 starting
Aug 28 11:55:18 doris dhcpcd[23008]: wlan0: hardware address = 00:90:4b:b7:8a:b0
Aug 28 11:55:19 doris dhcpcd[23008]: wlan0: broadcasting for a lease
Aug 28 11:55:19 doris dhcpcd[23008]: wlan0: offered 18.51.7.175 from 18.7.21.127
Aug 28 11:55:19 doris dhcpcd[23008]: wlan0: got subsequent offer of 18.51.6.154, ignoring
Aug 28 11:55:19 doris dhcpcd[23008]: wlan0: got subsequent offer of 18.51.5.57, ignoring
Aug 28 11:55:19 doris dhcpcd[23008]: wlan0: leased 18.51.7.175 for 3600 seconds
Aug 28 11:55:19 doris dhcpcd[23008]: wlan0: adding IP address 18.51.7.175/16
Aug 28 11:55:19 doris dhcpcd[23008]: wlan0: adding route to 18.51.0.0 (255.255.0.0) via 0.0.0.0 metric 2000
Aug 28 11:55:19 doris dhcpcd[23008]: wlan0: removing route to 18.51.0.0 (255.255.0.0) via 0.0.0.0 metric 0
Aug 28 11:55:19 doris dhcpcd[23008]: wlan0: adding default route via 18.51.0.1 metric 2000
|
The only time I can really get it to show properly is if I have already established a connection, and call a restart. It looks like dhcpcd is never called on the original connection because wpa_cli never finishes. I have the following timeout's set in /etc/conf.d/net
| Code: |
modules=( "wpa_supplicant" )
iwconfig_wlan0="mode managed"
wpa_supplicant_wlan0="-Dwext"
associate_timeout_wlan0=30
dns_servers_lo=( "127.0.0.1" )
config_ESSID=( "dhcp" )
dhcpcd_ESSID="-t 30 -N -R"
dns_servers_ESSID=( "18.71.0.151" "18.70.0.160" )
dns_domain_ESSID=mit.edu
|
I think that's it. Other potentially relevant information: I'm using 2.6.22-gentoo-r5 on i686, wireless-tools-29_pre22, wpa_supplicant-0.5.8, and resolvconf-gentoo-1.4.
Thanks a ton for reading this much. |
|
| Back to top |
|
 |
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
|
| Back to top |
|
|
ksool
Guru
Joined: 27 May 2006
Posts: 337
Location: Cambridge, MA
|
| Posted: Wed Aug 29, 2007 3:27 pm Post subject: |
|
|
It was a weak attempt to prevent dhcpcd from rewriting to resolvconf every time it renewed it's lease or rebound. I set the dns servers (they're static) for this WLAN in /etc/conf.d/net.
I should note that this was done in response to dhcpcd overwriting the dns information I pushed to resolvconf through my openvpn up script, though it doesn't seem to work either way. I had used the -R option as the solution to this problem when I was managing my wireless through bash scripts prior to returning the resolvconf and the init scripts. |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
|
| Back to top |
|
|
ksool
Guru
Joined: 27 May 2006
Posts: 337
Location: Cambridge, MA
|
| Posted: Wed Aug 29, 2007 4:20 pm Post subject: |
|
|
I've been using djbdns locally and it works well with resolvconf (in my experience). It is my understanding that the problem comes from dhcp repeatedly pushing dns info to resolvconf (it succeeds and works all the way through to djbdns) but in the in the process, overwrites the dns from the vpn. This occurs even using the -R switch; perhaps because I'm using the dns servers listed in /etc/conf.d/net (whereas it would ignore information passed to it from the dhcp server). I'd have no problem switching to dnsmasq but I don't think this will remedy the problem.
I think that the problem with the actual openvpn routes being removed is a separate problem since it occurs less frequently and for the time being, I'm chalking this up to a full dhcp re-establishment (adding its own routes and such). |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
|
| Back to top |
|
|
ksool
Guru
Joined: 27 May 2006
Posts: 337
Location: Cambridge, MA
|
| Posted: Thu Aug 30, 2007 11:14 pm Post subject: |
|
|
I gave this a try but couldn't get openvpn to set the metric's correctly. The server is running 2.0.6 and the client is 2.1_rc4-r2. The "route-metric 5000" option shows in the "PUSH: Received control message: ..." line but didn't take. Does ordering matter? I wouldn't think so. Anyway, I saw your patch on openvpn-devel but saw a reply that said it would be incorporated into 2.1 and I'm not getting the unrecognized option warning like I had with the client on 2.0.6. Anyway, I'll see if I can get that working.
Could you just take a quick second to explain why there is this problem. The only conflict I can see would be if dhcp tries to add a default route, but changing the openvpn metric would cause my machine to prefer the dhcp route instead of the route over the vpn. Perhaps dhcpcd needs the route over the local subnet briefly (hopefully removing it once it had finished) and this is being prevented by the vpn route's 0 metric. But then again, dhcpcd should only need to communicate with the dhcp server, so I could only see this being a problem when the dhcp server is on a different subnet, but I don't know if that's even possible. Anyway, I'm stumped. |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
|
| Back to top |
|
|
ksool
Guru
Joined: 27 May 2006
Posts: 337
Location: Cambridge, MA
|
| Posted: Fri Aug 31, 2007 1:49 pm Post subject: |
|
|
Ok, that's what I'd thought. Basically, I have a home network with vpn server behind a router, and a vpn client that connects back home and uses the gateway over vpn, so there shouldn't be any conflict of routes.
Does resolvconf give any priority to information it's given, or does it just always take the last information it received? Also, I've setup my openvpn up script to replace the information on the same interface to which dhcpcd assigned. IE, dhcpcd gives resolvconf information about wlan0, and I have to use resolvconf to replace the wlan0 entry, rather than to add a tap0 entry (this doesn't update djbdns properly). Could this be the source of the problem? |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
| Posted: Sat Sep 01, 2007 1:38 am Post subject: |
|
|
Possibly.
I write the bind and dnsmasq resolvconf scripts, and they are "special" in that all dns servers are global - except for the ones handed out by vpn.
So at work, I get a global of "development.work" and a vpn for "marples.name". So anything for "marples.name" goes to the vpn dns servers, otherwise the work servers.
At home, both global and vpn are for "marples.name" and the scripts are intelligent enough to send all traffic to the vpn name servers.
I don't know if the djbdns resolvconf script does that or even if djbnds supports that concept.
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
