[SOLVED] wpa_supplicant + systemd-networkd: refresh IP address

lyco · 2015-12-17 09:26:43

I am connecting to my company's wired network using wpa_supplicant and systemd-networkd. I have the following problem:

When I first connect to network, I get IP address from 192.168.0.0/16 range. This address is good enough to connect to the Internet, but I have no access to company servers. To gain this access, I need to authenticate using wpa_supplicant. After the authentication, I can contact another DHCP server that gives me address in 10.0.0.0/8 range that has full access to the network.

When my system starts, sometimes the systemd-networkd receives DHCP params before wpa_supplicant authorizes me. In this case, I am stuck with wrong IP address until I restart systemd-networkd. I also have to restart Unbound for some reason, else it won't resolve anything.

I think I need to somehow tell the systemd to restart systemd-networkd after wpa_supplicant sucessful authorization. I don't want to make systemd-networkd depend on wpa_supplicant, because I am using a laptop and I might to connect to another networks. I also don't like the idea editing existing unit files. I thought about adding new oneshot service depending on wpa_supplicant-wired@whatever.service but then it will run after network-online was reached, so my Unbound will still use the wrong IP.

What's the correct solution?

Last edited by lyco (2015-12-28 10:05:20)

ayekat · 2015-12-17 10:29:36

I am... confused.

lyco wrote:

I am connecting to my company's wired network using wpa_supplicant and systemd-networkd.

wpa_supplicant plays no role in connecting to a wired network. It's merely there to (more or less) securely authenticate to a wireless access point using WPA2.

lyco wrote:

When I first connect to network, I get IP address from 192.168.0.0/16 range. This address is good enough to connect to the Internet, but I have no access to company servers. To gain this access, I need to authenticate using wpa_supplicant. After the authentication, I can contact another DHCP server that gives me address in 10.0.0.0/8 range that has full access to the network.

From what I read here, you are connecting to a wired network that puts you in 192.168.0.0/16, then you additionally connect to a wireless network that puts you in 10.0.0.0/8, which happens to be your company's network? So far there is no conflict: two interfaces with two addresses.

lyco wrote:

When my system starts, sometimes the systemd-networkd receives DHCP params before wpa_supplicant authorizes me. In this case, I am stuck with wrong IP address until I restart systemd-networkd.

OK, here I'm lost - could you please post your .network files? And specify what you mean with "wrong IP address" - on which interfaces? What are you expecting?

lyco · 2015-12-17 15:09:07

ayekat wrote:

I am... confused.
wpa_supplicant plays no role in connecting to a wired network. It's merely there to (more or less) securely authenticate to a wireless access point using WPA2.

This is not true, our network uses 802.11x authentication. (Yes, I used wrong term, it's not really a connection, but it is related.) See e. g. man pages, wpa_supplicant does have a wired driver. It's actually used quite often, for example the Eduroam academic network uses it: http://eduroam.metu.edu.tr/node/4#linux

ayekat wrote:

From what I read here, you are connecting to a wired network that puts you in 192.168.0.0/16, then you additionally connect to a wireless network that puts you in 10.0.0.0/8, which happens to be your company's network? So far there is no conflict: two interfaces with two addresses.

No, it is a single interface, I do not use wireless here. I don't exactly know what happens after successful authentication, I guess the switch changes a VLAN connected to the port.

ayekat wrote:

OK, here I'm lost - could you please post your .network files? And specify what you mean with "wrong IP address" - on which interfaces? What are you expecting?

I have to censor them at least a little, but yeah:

$ cat /etc/systemd/network/SimpleDHCP.network 
[Match]
Name=en*

[Network]
DHCP=ipv4

There are no other files in /etc/systemd/network/. I am not using any other "network manager" except systemd-networkd.

After sucessful authentication, network config looks like this:

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: wlp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 24:77:03:d0:f0:88 brd ff:ff:ff:ff:ff:ff
3: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:21:cc:d3:90:13 brd ff:ff:ff:ff:ff:ff
    inet 10.128.64.XX/26 brd 10.128.64.XX scope global dynamic enp0s25
       valid_lft 669245sec preferred_lft 669245sec
    inet6 2a00:da80:ffff:0:XXXX/64 scope global noprefixroute dynamic 
       valid_lft 86166sec preferred_lft 3366sec
    inet6 fe80::221:ccff:fed3:9013/64 scope link 
       valid_lft forever preferred_lft forever

I don't have the output of ip a before authentication, but I can provide logs.
After turning on my laptop:

Dec 17 09:32:14 hubb systemd-networkd[327]: enp0s25: DHCPv4 address 192.168.240.XX/23 via 192.168.240.XXX
Dec 17 09:32:14 hubb systemd-networkd[327]: enp0s25: Configured

After waiting a while, I restarted the systemd-networkd service:

Dec 17 09:40:17 hubb systemd[1]: Stopping Network Service...
Dec 17 09:40:17 hubb systemd[1]: Stopped Network Service.
Dec 17 09:40:17 hubb systemd[1]: Starting Network Service...
Dec 17 09:40:17 hubb systemd[1]: Started Network Service.
Dec 17 09:40:17 hubb systemd-networkd[1363]: enp0s25: DHCPv4 address 10.128.64.XX/26 via 10.128.64.XX
Dec 17 09:40:17 hubb systemd-networkd[1363]: enp0s25: Configured

As you can see, I am connected only by the the wired interface enp0s25. I have configured & enabled wpa_supplicant-wired@enp0s25.service and systemd-networkd.service. After power on, I get the 192.168.240.XX/23 address. After waiting for authorization by the wpa_supplicant, I restart systemd-networkd and get the 10.128.64.XX address that can access our whole network.

I need to automate the restart of systemd-networkd and delay starting other services until I have a new IP address.

I do not use my wireless for anything, it is powered down the whole time.

Last edited by lyco (2015-12-17 15:10:50)

ayekat · 2015-12-17 15:33:12

Oh - learned something new today. 802.11x authentication is indeed also used for wired setups. Now it all makes sense.
... and now I'm wondering what's the correct way to resolve this, too - especially since I'm not quite thrilled about using systemd-networkd for (semi-)temporary network setups.

Anyway, I'm sorry for the noise.

Head_on_a_Stick · 2015-12-17 20:32:23

You could try a drop-in snippet for the wpa_supplicant unit file:

[Unit]
After=systemd-networkd.service

(Note: I can't test this as I'm not using systemd at the moment)

EDIT: It may be necessary to clear the "After" field before setting it; to do this simply add this line in between the two listed above:

After=

Last edited by Head_on_a_Stick (2015-12-17 22:21:59)

lyco · 2015-12-28 10:05:05

Thanks, I think I solved it:

$ cat /etc/systemd/system/wpa_supplicant-wired@enp0s25.service.d/override.conf
[Unit]
Before=systemd-networkd.service

[Install]
WantedBy=network.target

Arch Linux

#1 2015-12-17 09:26:43

[SOLVED] wpa_supplicant + systemd-networkd: refresh IP address

#2 2015-12-17 10:29:36

Re: [SOLVED] wpa_supplicant + systemd-networkd: refresh IP address

#3 2015-12-17 15:09:07

Re: [SOLVED] wpa_supplicant + systemd-networkd: refresh IP address

#4 2015-12-17 15:33:12

Re: [SOLVED] wpa_supplicant + systemd-networkd: refresh IP address

#5 2015-12-17 20:32:23

Re: [SOLVED] wpa_supplicant + systemd-networkd: refresh IP address

#6 2015-12-28 10:05:05

Re: [SOLVED] wpa_supplicant + systemd-networkd: refresh IP address

Board footer