[arch-general] Advantages of netctl over systemd-networkd?
Alexandre de Verteuil
alexandre at deverteuil.net
Tue Apr 26 17:29:27 UTC 2016
> >> Alexandre de Verteuil <alexandre at deverteuil.net> writes:
> >>> I was happily configuring static and dynamic networking in my home
> >>> network using systemd.netdev and systemd.network unit files until
> >>> I needed static routes for my site-to-site VPN setup. I'm still
> >>> investigating the root cause, but basically routes don't get added and I
> >>> get the following error message in the journal:
> >>>
> >>> systemd-networkd[4468]: br0: Could not set route: Network is unreachable
> > * Simon Gomizelj <simon at vodik.xyz> [2016-04-26 01:07] :
> >> What's the VPN technology?
> >>
> >> If you're trying to add routes to traverse the VPN before the VPN
> >> connection is established, its going to fail. The robust thing to do is
> >> configure your VPN client software to add or remove routes. I know for
> >> sure that both OpenVPN and pptpclient have ways of doing that.
> Le 26/04/2016 à 18:18, Alexandre de Verteuil a écrit :
> > I'm using OpenVPN. However, I'll need to set up static routes manually
> > anyways for the following reasons:
> >
> > - the VPN server is not on the same machine as the Internet gateway, so
> > I also need to add static routes on the router with the OpenVPN server
> > as the next hop.
> >
> > - I also plan to create VLANS for management, testing and security. I
> > know it's overkill for a home network but it's also a lab for learning
> > so regardless of the VPN I'm going to need to configure static routes.
> >
> > The router will soon be replaced by an Archlinux box. Right now I'm
> > testing network configuration on virtual machines. My current router is
> > an all-in-one residential DSL modem and doesn't support anything I want
> > to do. In the meantime, my OpenVPN server does IP masquerade.
> >
> > Regards,
* Bruno Pagani <bruno.pagani at ens-lyon.org> [2016-04-26 18:51] :
> OpenVPN supports scripts as “hooks” to be run when the connection goes
> up or down. For instance, I have this at the end of my conf:
> up /etc/openvpn/dns.up
>
> Where the dns.up file is a script I wrote, which contains the following:
> #!/usr/bin/sh
> ip route add table dns.out default dev $dev
>
> Where dns.out is a custom routing table that I’ve created before.
>
> You might want to take a look at OpenVPN doc to know what vars are
> available in those script.
>
> I think this can help you do what you want to achieve in the most proper
> manner (that I’m aware of). ;)
>
> Bruno
Hi Bruno,
I didn't realize there were so many options to configure routing
directly from OpenVPN! That's fanstastic and I'll look into it. I can
probably even get my OpenVPN server to configure the router over SSH as
well (eventually)!
Also, by doing more tests, I was able to properly configure static
routes with systemd-networkd after all. The interface must be statically
configured and the next hop (Gateway) must be in an existing route, so
it doesn't work well with DHCP or OpenVPN since the interfaces are not
set up by the time systemd-networkd tries to set up routes.
In the end you are right, it is cleaner and easier to let OpenVPN manage
routes.
Regards,
--
Alexandre de Verteuil <alexandre at deverteuil.net>
public key ID : 0xDD237C00
http://alexandre.deverteuil.net/
More information about the arch-general
mailing list