You are not logged in.

#1 2019-05-24 14:27:37

JeanLucJ
Member
Registered: 2019-03-08
Posts: 59

[Solved] Remote unlocking with dm-crypt and Pred. Network Int. Names

Hello,

I try to set up a remote machine with an encrypted root.
I have successfully setup a few computers with "local" unlock (LVM on LUKS, unlocking with keyboard), and local tests on this remote machine (for now, a virtual machine under Virtualbox) work fine (boot, passphrase on local keyboard, and so on).

I have followed the https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Remote_unlocking_(hooks:_netconf,_dropbear,_tinyssh,_ppp)
I am stuck on the step 4.

add the ip= kernel command parameter

According to the https://wiki.archlinux.org/index.php/Mkinitcpio#Using_net :

Make sure to use kernel device names (e.g. eth0) for the <device> parameter, the persistent names (e.g. enp2s0) will not work. See Network configuration#Network interfaces for details.

... and https://wiki.archlinux.org/index.php/Network_configuration#Network_interfaces states :

Both wired and wireless interface names can be found via ls /sys/class/net or ip link

But, in my remote machine, if I try :

ip link

the relevant output is :

1 : lo 
2 : enp0s3

which seems to be consistent with the Predictable Network Interface Names, but contradicts the previous quoted statement ("the persistent names (e.g. enp2s0) will not work")

I still tried to use the kernel parameter with this device name :

ip=:::::enp0s3:dhcp

but when I boot, I immediately get some errors :

ipconfig : enp0s3 : SIOCGIFINDEX : No such device

and of course I can't ssh to the machine (I still tried tongue)

... I am not familiar with Predictable Network Interface Names, but it does seem that enp0s3 is the kernel device name. What am I missing ?

Regards,

Last edited by JeanLucJ (2019-06-10 09:31:50)

Offline

#2 2019-05-24 15:15:46

frostschutz
Member
Registered: 2013-11-15
Posts: 1,409

Re: [Solved] Remote unlocking with dm-crypt and Pred. Network Int. Names

are you using systemd in your mkinitcpio?

if you suspect the name, you should be able to add net.ifnames=0 kernel parameter to make it go back to eth0, but somehow I doubt it's related...?

there might just be a problem with these net hooks, few people seem to be using them.

also just in case, add your network modules to the module list just to make extra sure it's loaded in time?

Last edited by frostschutz (2019-05-24 15:16:18)

Offline

#3 2019-06-10 09:31:08

JeanLucJ
Member
Registered: 2019-03-08
Posts: 59

Re: [Solved] Remote unlocking with dm-crypt and Pred. Network Int. Names

Thanks for your reply.

You helped me indirectly smile
=> Predictable Network Interface Names renames the interface at some point during the boot. During the early stages, the interface was indeed eth0.

To find that, I added the module to initramfs as you suggested, but that did not helped (It may be necessary, though, the wiki states that you *may* have to add it)
As it was still failing, I checked with dmesg | grep e1000 (my network module is e1000) to find what the module was actually doing, and, amongst the log, there was a line "renamed from eth0 to enp0s3"

So... it works as expected with eth0 instead of enp0s3 in the kernel parameters.

I will update the wiki, all this is far from obvious.

Regards,

Last edited by JeanLucJ (2019-06-10 09:49:03)

Offline

Board footer

Powered by FluxBB