Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Unable to add static route

  1. #1
    Join Date
    Aug 2010
    Location
    Volgograd, Russia
    Posts
    89

    Default Unable to add static route

    I need to add a some static IPv4 routes for VPN routing on eth0 interface, which configured by Wicked and dhcp. At first I tried to done this by YaST2. It wrote a /etc/sysconfig/network/ifroute-eth0 for me with next content:
    Code:
    192.168.1.0/24 192.168.17.50 - eth0
    192.168.2.0/24 192.168.17.50 - eth0
    10.8.0.0/16 192.168.17.50 - eth0
    But during interface setup it cause errors "ni_nl_talk failed [Unspecific failure]" in system log:
    Code:
    wickedd-dhcp4[780]: eth0: Committed DHCPv4 lease with address 192.168.17.99 ( Committed DHCPv4 lease with address 192.168.17.99 (lease time 86400 sec, renew in 43200 sec, rebind in 75600 sec)
    systemd[1]: Reloaded wicked managed network interfaces.
    wicked[5296]: eth0            setup-in-progress
    wicked[5296]: eth0            device-ready
    wickedd-dhcp4[780]: eth0: defer timeout 15 reached (state INIT)
    wickedd-dhcp4[780]: unable to confirm lease
    wickedd[925]: __ni_rtnl_send_newroute(ipv4 10.8.0.0/16 via 192.168.17.50 dev eth0 type unicast table main scope universe protocol boot): ni_nl_talk failed [Unspecific failure]
    wickedd[925]: __ni_rtnl_send_newroute(ipv4 192.168.2.0/24 via 192.168.17.50 dev eth0 type unicast table main scope universe protocol boot): ni_nl_talk failed [Unspecific failure]
    wickedd[925]: __ni_rtnl_send_newroute(ipv4 192.168.1.0/24 via 192.168.17.50 dev eth0 type unicast table main scope universe protocol boot): ni_nl_talk failed [Unspecific failure]
    wickedd-dhcp6[779]: eth0: Request to acquire DHCPv6 lease with UUID 7c32195c-
    wickedd-dhcp4[780]: eth0: Request to acquire DHCPv4 lease with UUID 7c32195c-
    And my static routes no appear in "ip route" output, only dhcp routes:
    Code:
    default via 192.168.17.1 dev eth0 proto dhcp
    192.168.17.0/24 dev eth0 proto kernel scope link src 192.168.17.99
    Then I manually format ifroute-eth0 in netmask notation:
    Code:
    192.168.1.0 192.168.17.50 255.255.255.0 eth0
    192.168.2.0 192.168.17.50 255.255.255.0 eth0
    10.8.0.0 192.168.17.50 255.255.0.0 eth0
    but got a same errors.

    I deleted /etc/sysconfig/network/ifroute-eth0 and create there "routes" file with next content (i have only one interface)
    Code:
    192.168.1.0/24 192.168.17.50 - -
    192.168.2.0/24 192.168.17.50 - -
    10.8.0.0/16 192.168.17.50 - -
    In this case I get another errors:
    Code:
    systemd[1]: Stopped wicked managed network interfaces.
    systemd[1]: Starting wicked managed network interfaces...
    wicked[5003]: discarding route not matching any interface: ipv4 192.168.1.0/24 via 192.168.17.50 type unicast table main scope universe protocol boot
    wicked[5003]: discarding route not matching any interface: ipv4 192.168.2.0/24 via 192.168.17.50 type unicast table main scope universe protocol boot
    wicked[5003]: discarding route not matching any interface: ipv4 10.8.0.0/16 via 192.168.17.50 type unicast table main scope universe protocol boot
    wicked[5003]: lo              up
    wicked[5003]: eth0            setup-in-progress
    systemd[1]: Started wicked managed network interfaces.
    In any case, routes are not added and subnets not available...
    How I can add static routes?

  2. #2
    Join Date
    Sep 2012
    Posts
    5,326

    Default Re: Unable to add static route

    Routes to another subnet must go via gateway and you did not specify any. If those subnets are on the same physical network, you must add IP address from each subnet to your interface in this subnet (in which case no explicit route is necessary).

  3. #3
    Join Date
    Aug 2010
    Location
    Volgograd, Russia
    Posts
    89

    Default Re: Unable to add static route

    Quote Originally Posted by arvidjaar View Post
    Routes to another subnet must go via gateway and you did not specify any. If those subnets are on the same physical network, you must add IP address from each subnet to your interface in this subnet (in which case no explicit route is necessary).
    Thank you for a reply ! But in my case the VPN gateway is not my default router, I do not have access to default gateway as well as to the dhcp service. Subnets then I want to access is the other physical networks and situated on other side of VPN tunnel.

    Summary:
    local network: 192.168.17.0/24
    host: 192.168.17.99
    default gateway: 192.168.17.1 (for internet, intranet)
    VPN gateway: 192.168.17.50
    VPN network: 10.8.0.0/16
    needed subnets: 192.168.1.0/24 192.168.2.0/24

    On VPN gate routing works well, I only need specifying routes from workstation to that.

  4. #4
    Join Date
    Sep 2012
    Posts
    5,326

    Default Re: Unable to add static route

    Quote Originally Posted by svalx View Post
    But in my case the VPN gateway is not my default router
    So you need to set it as gateway to those networks.

  5. #5
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,862
    Blog Entries
    2

    Default Re: Unable to add static route

    How are you setting up your VPN?
    Your setup should automatically set up your modified routing.

    Otherwise,
    If you were setting up a static route <without> routing, you'd need to write your static route as a /etc/sysctl entry so that it would be re-loaded on boot.
    But, don't do that because it shouldn't be necessary if you're setting up a VPN.

    It might be possible to configure a regular gateway (not default gateway) in YaST, but I haven't tested that.

    Or, are you trying to point to a VPN gateway for your LAN on another machine (sometimes referred to as a "VPN end point" or "VPN beachhead"?

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  6. #6
    Join Date
    Aug 2010
    Location
    Volgograd, Russia
    Posts
    89

    Default Re: Unable to add static route

    Quote Originally Posted by arvidjaar View Post
    So you need to set it as gateway to those networks.
    That's what I'm trying to do with the routing configuration on client. Or are there any other options?

  7. #7
    Join Date
    Aug 2010
    Location
    Volgograd, Russia
    Posts
    89

    Default Re: Unable to add static route

    Quote Originally Posted by tsu2 View Post
    Or, are you trying to point to a VPN gateway for your LAN on another machine?
    Yes, exactly.

    It is possible to abstract from VPN in general. The question is how to set a permanent static route in openSUSE. I have another client with MS Windows, and there I just had to run the command: route -p add 192.168.1.0 MASK 255.255.255.0 192.168.15.50 for my purpose. How to do this in oS? Standard tools - YaST2, Wicked config files somehow not working for me...

  8. #8
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,862
    Blog Entries
    2

    Default Re: Unable to add static route

    Quote Originally Posted by svalx View Post
    Yes, exactly.

    It is possible to abstract from VPN in general. The question is how to set a permanent static route in openSUSE. I have another client with MS Windows, and there I just had to run the command: route -p add 192.168.1.0 MASK 255.255.255.0 192.168.15.50 for my purpose. How to do this in oS? Standard tools - YaST2, Wicked config files somehow not working for me...
    OK,
    IMO you first need to start with whether you're setting up exactly what you want.
    Usually the VPN beach head is set up on either the same machine as the DG or through the DG, it will generally have its own public IP address but usually does not require its own internal IP address because it can share the DG internal address.

    A consideration is whether your company policy (I assume you're connecting to a remote company network) wants you to connect directly to the Internet while you have access to company resources or if all your traffic including Internet should be routed through the VPN... and then exit through the company DG. Theoretically, any time a machine has access to both protected and public resources, that machine becomes a possible point of intrusion for malicious hackers, which is why companies want your machine to not connect directly to the Internet when you have access to the VPN.

    The beach head VPN you have set up is useful if someone on the other side of the VPN might want to access a resource in your own network (like your printer or shares on your machine) and a beach head is also convenient if several machines and devices in your own network need to access the VPN... You only need to set up the beach head to service all of your machines instead of setting up on each and every machine.

    But, if it's only your single machine and no one on the other end would ever need to access anything in your network, then it's probably better to set up the local VPN end point on your own machine instead of setting up a beach head so that you have better end to end encryption.

    Those are generally your main choices before going into what you need to do...
    Confirm what you want set up and we'll go from there.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  9. #9
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,862
    Blog Entries
    2

    Default Re: Unable to add static route

    Just took another look at YaST for configuring a non-default gateway...

    I remember now I've set that up before and didn't have any problems...
    (BTW - In the YaST configuration, I hardly ever leave a setting with its default "-" because I prefer to control and know what the value is)

    1. Configure a static address for the correct network interface as might be needed... In your case it sounds like this may not be necessary.
    2. Configure the gateway machine to the non-default remote network.
    3. In YaST > Routing tab,
    a. In the section for adding an ordinary route (Not the top 2 sections that create default gateways which are different), click Add...
    b. Enter the information as necessary. Depending on the subnet mask, you need to have a "zero" value for the address portion of course.

    Remember that this only sets up the IP routing portion, if you want to enable name resolution, you'll need to configure that separately.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  10. #10
    Join Date
    Sep 2012
    Posts
    5,326

    Default Re: Unable to add static route

    Quote Originally Posted by svalx View Post
    That's what I'm trying to do with the routing configuration on client. Or are there any other options?
    My apologies, I misunderstood your post. Looking at the last log in your original post the problem is clear - wicked attempts to configure routes before interface is up, which fails. Just yesterday there was a post on opensuse mailing list describing similar problem - static routes are not configured for DHCP interface. Sounds like a wicked bug.

Page 1 of 3 123 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •