You are not logged in.
- Topics: Active | Unanswered
#1 2018-03-26 21:16:30
- Wedge
- Member
- Registered: 2018-01-06
- Posts: 8
systemd-networkd and persistent routes
Hello. I'm using systemd-networkd for network configuration.
cat /etc/systemd/network/enp2s0.network
[Match]
Name=enp2s0
[Network]
Address=192.168.0.2I specifically did not specify the default gateway: I do not want to allow traffic leakage through the default gateway when the VPN is down.
I need only one route to VPN server (for example, 88.88.88.88)
ip route add 88.88.88.88 via 192.168.0.1After this command i can start VPN connection. But without default gateway, VPN client not pulls routes from VPN server. (TESTED: If the default route is specified, the routes from VPN server are successfully pulled). I don't know why.
After establishing VPN connection i can add routes manually:
ip route add 128.0.0.1/1 via 10.0.0.5
ip route add 0.0.0.0/1 via 10.0.0.5After that everything working as conceived.
The goal is to save these routes after a reboot.
Maybe, systemd-networkd has the functionality of adding static routes? Unfortunately, I could not find the answer to the question myself
Offline
#2 2018-03-26 21:23:07
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,199
Re: systemd-networkd and persistent routes
Static routes should be possible
[ROUTE] SECTION OPTIONS
The "[Route]" section accepts the following keys. Specify several
"[Route]" sections to configure several routes....
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
#3 2018-03-27 06:59:57
- Wedge
- Member
- Registered: 2018-01-06
- Posts: 8
Re: systemd-networkd and persistent routes
progandy, thanks for idea.
man systemd-network
No manual entry for systemd-networkman for systemd-networkd not contains information about [Route] section.
But this was successfully googled.
cat /etc/systemd/network/enp2s0.network
[Match]
Name=enp2s0
[Network]
Address=192.168.0.2
[Route]
Gateway=192.168.0.1
Destination=88.88.88.88/32Now route is creating when systemd-networkd service initialized.
The second part of the task is to create permanent routes through the interface tun0.
/etc/systemd/network/tun0.network file in this does not help, since the tun0 does not exist when systemd-networkd.service is loading.
For now, I'll look for a solution myself.
OpenVPN client config:
client
dev tun0
proto udp
remote 88.88.88.88 4245
resolv-retry inifinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/router.crt
key /etc/openvpn/client/router.key
remote-cert-tls server
tls-auth /etc/openvpn/client/ta.key 1
cipher AES-256-CBC
compress lz4-v2
verb 3
mute 5OpenVPN server config:
port 4245
proto udp
dev tun0
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh.pem
server 10.0.1.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/server/ipp.txt
push "dhcp-option DNS 10.0.1.1"
push "route-gateway 10.0.1.1"
push "route 128.0.0.0 128.0.0.0"
push "route 0.0.0.0 128.0.0.0"
client-config-dir /etc/openvpn/ccd
route 192.168.0.0 255.255.255.0
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
user nobody
group nobody
persist-key
persist-tun
log openvpn.log
log-append openvpn.log
verb 3
mute 5
explicit-exit-notify 1None of these routes are created on client when connected.
when connecting, OpenVPN show error, associated with the absence of a route to 10.0.1.1
ERROR: Linux route ad command failed: external program exited wih error status: 2 Error: Nexthop has invalid gateway.Last edited by Wedge (2018-03-27 12:27:51)
Offline