[CLOSED] NetCtl config issue (Static Route Question)

Blue_NoClue · 2013-09-16 20:55:05

I'm having an issue getting routing working properly. I'm using netctl and three static IP's to bridge my networks.

Interface=enp3s0
Connection=ethernet
IP=static
Address=('10.0.3.50/22' '172.20.7.50/16' '192.168.23.50/22')
#Routes=('192.168.19.0/24' via '172.20.1.254')
Gateway=('10.0.0.254' '172.20.1.254' '192.168.20.254')
DNS=('10.0.0.1' '172.20.1.1' '192.168.20.226')

My problem is that I'm trying to ping host 192.168.19.254 (a host down a VPN tunnel unrelated to the prior 192.168.20.0/22 network) and I'm getting a DHU. When I'm setup with just a dhcp address (I pull a 172.20.2.x) everything works fine on a windows box, so I know my routing is fine on the backend. I've tried to fake it out by using a /16 for my 192.x.x.x address, but thats a no go as well. If I enable the route, I have no internet access outside of the base three static addresses (and my route still doesn't work).

WTH am I doing wrong?

Last edited by Blue_NoClue (2013-09-26 20:13:46)

Leonid.I · 2013-09-17 19:44:07

I'm not sure what you're trying to achieve, but Gateway should be a single address, not an array. Routes can be an array, but it is commented in your profile and has an incorrect format. See 'man netctl.profile' for details...

EDIT: Does 10.0.0.254 have a route to the 192.168.19.0/24 network?

Last edited by Leonid.I (2013-09-17 19:45:32)

Blue_NoClue · 2013-09-17 20:11:10

The 10.0.0.254 does have a route to the 192.168.19.0/24 network. I can ping from another server (Win2k8r2 w/ 3 statics) on the 10.x.x.x network to the odd extra 192.x.x.x networks (50+ vpn connections ranging 192.168.0.0/16 save for the 192.168.20.0/22 range) perfectly fine. Let me try reordering my addresses and remove the extra gateways and see if it works.

I'll be very happy admin when i can collapse the 10.x.x.x/22 and and 192.x.x.x/22 nets. This is the craziest clusterfsck of a network I've ever had the luxury of cleaning up ><.

Blue_NoClue · 2013-09-19 13:21:44

And after reordering and removing the additional gateways, its still a no go.

Interface=enp3s0
Connection=ethernet
IP=static
Address=('172.20.7.50/16' '10.0.3.50/22' '192.168.23.50/16')
#Routes=('192.168.19.0/24' via '172.20.1.254')
Gateway='172.20.1.254'
DNS=('172.20.1.1' '10.0.0.1' '192.168.20.226')

Last edited by Blue_NoClue (2013-09-19 13:22:28)

Leonid.I · 2013-09-19 20:01:19

I'm still not clear about the meaning of "no go", but OK let's start debugging. Can you post all the usual output from ip, i.e. "ip addr", "ip route", "ip neigh", etc...

Blue_NoClue · 2013-09-19 20:40:44

Sorry. NoGo meaning it will not work for some strange reason. And thank you very much for helping me figure this out.

ip addr:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:60:6e:48:6d:7b brd ff:ff:ff:ff:ff:ff
    inet 172.20.7.50/16 brd 172.20.255.255 scope global enp3s0
       valid_lft forever preferred_lft forever
    inet 10.0.3.50/22 brd 10.0.3.255 scope global enp3s0
       valid_lft forever preferred_lft forever
    inet 192.168.23.50/16 brd 192.168.255.255 scope global enp3s0
       valid_lft forever preferred_lft forever
    inet6 fe80::a60:6eff:fe48:6d7b/64 scope link 
       valid_lft forever preferred_lft forever

ip route:

10.0.0.0/22 dev enp3s0  proto kernel  scope link  src 10.0.3.50 
172.20.0.0/16 dev enp3s0  proto kernel  scope link  src 172.20.7.50 
192.168.0.0/16 dev enp3s0  proto kernel  scope link  src 192.168.23.50

ip neigh:

172.20.1.195 dev enp3s0 lladdr 00:0c:29:48:3b:1b STALE
10.0.0.24 dev enp3s0 lladdr 00:50:56:80:7c:17 DELAY
172.20.1.15 dev enp3s0 lladdr 00:21:5a:d0:70:04 STALE
172.20.1.240 dev enp3s0 lladdr 00:0c:29:41:fc:f9 STALE
172.20.1.2 dev enp3s0 lladdr 00:50:56:80:69:77 STALE
172.20.1.254 dev enp3s0 lladdr 00:90:7f:97:d6:d2 DELAY
172.20.1.205 dev enp3s0 lladdr 00:1e:4f:29:04:bb STALE
192.168.20.237 dev enp3s0 lladdr 00:21:5a:cf:bd:54 STALE
192.168.20.226 dev enp3s0 lladdr 00:21:5a:cf:bd:d8 STALE
10.0.0.30 dev enp3s0 lladdr 00:50:56:80:7c:13 STALE
10.0.0.21 dev enp3s0 lladdr 00:0c:29:ea:e3:ec STALE
10.0.0.1 dev enp3s0 lladdr 00:50:56:80:69:d4 STALE
10.0.1.1 dev enp3s0 lladdr 00:50:56:80:69:d5 STALE
172.20.1.215 dev enp3s0 lladdr 00:1e:4f:29:04:8c STALE
172.20.1.1 dev enp3s0 lladdr 00:50:56:80:69:72 DELAY
192.168.20.254 dev enp3s0 lladdr 00:90:7f:97:d6:d3 STALE

ip rule:

0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default

ping 192.168.19.254 (with /16 in place)

PING 192.168.19.254 (192.168.19.254) 56(84) bytes of data.
From 192.168.23.50 icmp_seq=1 Destination Host Unreachable
From 192.168.23.50 icmp_seq=2 Destination Host Unreachable
From 192.168.23.50 icmp_seq=3 Destination Host Unreachable
From 192.168.23.50 icmp_seq=4 Destination Host Unreachable
From 192.168.23.50 icmp_seq=5 Destination Host Unreachable
From 192.168.23.50 icmp_seq=6 Destination Host Unreachable
From 192.168.23.50 icmp_seq=7 Destination Host Unreachable

ping 192.168.19.254 (with /22 and route enabled)

PING 192.168.19.254 (192.168.19.254) 56(84) bytes of data.
From 192.168.23.50 icmp_seq=1 Destination Host Unreachable
From 192.168.23.50 icmp_seq=2 Destination Host Unreachable
From 192.168.23.50 icmp_seq=3 Destination Host Unreachable
From 192.168.23.50 icmp_seq=4 Destination Host Unreachable
From 192.168.23.50 icmp_seq=5 Destination Host Unreachable
From 192.168.23.50 icmp_seq=6 Destination Host Unreachable
From 192.168.23.50 icmp_seq=7 Destination Host Unreachable

Leonid.I · 2013-09-25 22:38:55

Sorry for not replying earlier....

I was reading about issues with assigning multiple IPs to a single interface, and your setup _should work_. Just to make sure, if you only assign the 192.168.23.50/16 IP to your NIC (i.e. a single IP setup), can you access 192.168.19.254? Are you sure there is no firewall on your host which blocks pings to that host?

BTW, I don't understand now how the problem is related to netctl. And also, have you tried using vlans? Presumably in that case you would be able to use different gateways for each network...

Blue_NoClue · 2013-09-26 20:07:38

Yeah. I'm seeing its not 'specifically' a netctl issue either. Its a general linux/unix route handling issue as far as I can tell. I'm just at a loss as to why its not working.

I just started from scratch and started adding things back in.

Took out all of my ip addresses, gateways, and DNS servers save for one and everything worked fine. I was able to ping down one set of my VPN tunnels (192.168.19.254) successfully.

So far my mostly final config looks like:

Interface=enp3s0
Connection=ethernet
IP=static
Address=('172.20.7.50/16' '10.0.3.50/22' '192.168.23.50/22')
#Routes=('192.168.19.0/24' via '172.20.1.254')
Gateway='172.20.1.254'
DNS='172.20.1.1'

The only thing I can think of is that it just didn't like the multiple DNS entries. It _should_ work properly with them there, but for some reason it did not. For now, this is workable until I figure out how to connect down the other subset of VPN tunnels on an entirely different VLAN (which I should be able to access with the 192.168.23.50/22 address).

Ack my brain hurts....

Blue_NoClue · 2013-09-26 20:12:58

Thank you for your help Leo

Gonna mark this as CLOSED and smash my head against the keyboard. I've got half my network covered to be able to ping/verify connectivity for the time being. The other half I'll just have to setup an RDP session with another host on there just to keep my sanity.

Arch Linux

#1 2013-09-16 20:55:05

[CLOSED] NetCtl config issue (Static Route Question)

#2 2013-09-17 19:44:07

Re: [CLOSED] NetCtl config issue (Static Route Question)

#3 2013-09-17 20:11:10

Re: [CLOSED] NetCtl config issue (Static Route Question)

#4 2013-09-19 13:21:44

Re: [CLOSED] NetCtl config issue (Static Route Question)

#5 2013-09-19 20:01:19

Re: [CLOSED] NetCtl config issue (Static Route Question)

#6 2013-09-19 20:40:44

Re: [CLOSED] NetCtl config issue (Static Route Question)

#7 2013-09-25 22:38:55

Re: [CLOSED] NetCtl config issue (Static Route Question)

#8 2013-09-26 20:07:38

Re: [CLOSED] NetCtl config issue (Static Route Question)

#9 2013-09-26 20:12:58

Re: [CLOSED] NetCtl config issue (Static Route Question)

Board footer