I have 2 RPis connected together with an ethernet cable. For the 1st RPi, the wifi is disabled, and it should get the internet connection from the 2nd RPi that is connected to the internet by wifi.
I am using the Network Manager (NM), and I also need that both RPis have static IPs on their eth0 interface:
RPi1 : 192.168.4.115/24 # The RPi that is not connected to wifi
RPi2 : 192.168.4.1/24 # The RPi that is connected to wifi
I configured the static IP of the RPi1 in /etc/dhcpcd.conf. For the RPi2, I used the NM when I configured the shared connection :
# On RPi2
nmcli connection add type ethernet ifname eth0 ipv4.method shared con-name local
nmcli connection modify local ipv4.addresses 192.168.4.1/24
nmcli connection up local
When I check the connection of the RPi2, I have the good IP, and when I ping 1.1.1.1 I have a reply:
pi#raspberrypi2:~ $ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.4.1 netmask 255.255.255.0 broadcast 192.168.4.255
inet6 fe80::514:af1e:da15:6f80 prefixlen 64 scopeid 0x20<link>
ether e4:5f:01:4c:5c:00 txqueuelen 1000 (Ethernet)
RX packets 105 bytes 20375 (19.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 178 bytes 22385 (21.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.11.16 netmask 255.255.255.0 broadcast 192.168.11.255
inet6 fe80::750f:5ec2:8158:fb80 prefixlen 64 scopeid 0x20<link>
ether e4:5f:01:4c:5c:01 txqueuelen 1000 (Ethernet)
RX packets 488 bytes 59706 (58.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 206 bytes 30178 (29.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
But on the first RPi, even if I have the good IP on eth0 (192.168.4.115), when I try a ping, I have connect: network is unreachable
So I don't know what is missing to achieve the sharing of the connection. And I don't know what I can check? Feel free to ask for any useful data, I don't know what can be useful.
The first RPi doesn't use the NM because I don't need it, the normal way of the RPi is enough.
Related
Im trying to connect my apple tv to my home network and since the apple tv doesnt support vpn, ithought of getting a raspberry and setup tailscale on it and bridge eth0 and eth1 so that the apple tv gets vpn connection.
what i have done
sudo brctl addbr br0
sudo brctl addif br0 eth0 eth1
nano /etc/dhcpcd.conf
denyinterfaces eth0 eth1
nano /etc/network/interfaces
auto br0
iface br0 inet dhcp
bridge_ports eth0 eth1
sudo iptables -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE
sudo iptables -A FORWARD -i br0 -o tailscale0 -j ACCEPT
sudo iptables -A FORWARD -i tailscale0 -o br0 -j ACCEPT
sudo iptables -A INPUT -i tailscale0 -m state --state RELATED,ESTABLISHED -j ACCEPT
i add 1 for the table
sudo ip route add default dev tailscale0 table vpnout
sudo ip route add 192.168.0.0/24 dev br0 table vpnout
sudo ip rule add from 192.168.0.0/24 table vpnout
sudo ip rule add to 1192.168.0.0/24 table vpnout
what happened is that i can get internet connection on eth1 but not routing tailscale traffic through eth1
ifconfig
br0: flags=4163 mtu 1500
inet 192.168.0.107 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::20e:c6ff:fe56:48a5 prefixlen 64 scopeid 0x20
ether 00:0e:c6:56:48:a5 txqueuelen 1000 (Ethernet)
RX packets 6485 bytes 1781523 (1.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1717 bytes 247950 (242.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163 mtu 1500
ether b8:27:eb:88:2b:90 txqueuelen 1000 (Ethernet)
RX packets 8128 bytes 2260563 (2.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3001 bytes 418999 (409.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163 mtu 1500
ether 00:0e:c6:56:48:a5 txqueuelen 1000 (Ethernet)
RX packets 1280 bytes 152865 (149.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4534 bytes 1581066 (1.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 2 bytes 78 (78.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 78 (78.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tailscale0: flags=4305 mtu 1280
inet 100.108.x.x netmask 255.255.255.255 destination 100.108.x.x
inet6 fe80::7e1e:4058:6116:d2f5 prefixlen 64 scopeid 0x20
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 16 bytes 1486 (1.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24 bytes 1694 (1.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
any suggestions ?
You have a typo
sudo ip rule add to 1192.168.0.0/24 table vpnout
I just wanted to store a second IP address in the CWP.
I used the IP Manager, which is located in the admin panel.
He creates the following file:
ifcfg-:1
with the following content
DEVICE=:1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=5.199.130.204
NETMASK=255.255.255.255
GATEWAY=91.194.84.1
when I enter the command
service network restart
I get the following message
[root#cpanel network-scripts]# service network restart
Restarting network (via systemctl):
** (pkttyagent:19657): WARNING **: 18:17:04.966: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)
[ OK ]
but with the command ifconfig I cannot see the new IP address
[root#cpanel network-scripts]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:80:6b:74:bf txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp1s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 91.194.84.77 netmask 255.255.255.0 broadcast 91.194.84.255
inet6 fe80::225:90ff:fee1:a1cc prefixlen 64 scopeid 0x20<link>
ether 00:25:90:e1:a1:cc txqueuelen 1000 (Ethernet)
RX packets 896454492 bytes 77246656595 (71.9 GiB)
RX errors 0 dropped 121675 overruns 21 frame 0
TX packets 328489556 bytes 321552938430 (299.4 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xfea80000-feafffff
enp1s0f1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 00:25:90:e1:a1:cd txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xfe980000-fe9fffff
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 28795464 bytes 8187828621 (7.6 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 28795464 bytes 8187828621 (7.6 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:d8:74:c8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
I would like to add the IP 5.199.130.204 to my server and then use it for the 2 nameservers.
however I cannot recognize this ip after entering it with the command ifconfig.
did I do something wrong?
ifconfig shows only one result
check use
id address or nmcli con show conname
can append
nmcli con mod +ipv4.addresses ip/prefix
or
append to ifcfg-*
IPADDR1=ip
PREFIX1=prefix but, direct change is not recommended
You should fix the polkitd issue that is appearing
groupadd -g 23 nohidproc
usermod -a -G nohidproc polkitd
mount -o remount,rw,hidepid=2,gid=nohidproc /proc
systemctl restart polkit
Add the following in /etc/fstab as well
echo "proc /proc proc defaults,hidepid=2,gid=nohidproc 0 0" >> /etc/fstab
At task: Waiting for auth-pdp to start auth-pdp pod could not reach mariadb-0. Has anyone faced this issue before?
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:02:09 --:--:-- 0curl: (7) Failed to connect to mariadb port 3306: Operation timed out
I have checked mariadb container if it is running, then realized it has no ip address.
kubectl -n kube-system get pods -o wide
...
mariadb-0 1/1 Running 0 7m <none> 34.65.234.2
...
Then I tried port-forward mariadb I could reach from local terminal
kubectl -n kube-system port-forward mariadb-0 8080:3306 &
[1] 9483
Forwarding from 127.0.0.1:8080 -> 3306
Forwarding from [::1]:8080 -> 3306
^C
curl localhost:3306
5.5.5-10.2.17-MariaDB-1:10.2.17+maria~bionic~rHO8ewF5���vtf~is&`4#M=mysql_native_password!��#08S01 Got packets out of order
I exed auth-pdp pod try curl another services
bash-4.4# env | grep -i mongo
MONGODB_SERVICE_PORT=27017
MONGODB_PORT_27017_TCP=tcp://10.0.0.181:27017
MONGODB_PORT_27017_TCP_PROTO=tcp
MONGODB_PORT_27017_TCP_ADDR=10.0.0.181
MONGODB_SERVICE_HOST=10.0.0.181
MONGODB_PORT_27017_TCP_PORT=27017
MONGODB_PORT=tcp://10.0.0.181:27017
bash-4.4# curl 10.0.0.181:27017
It looks like you are trying to access MongoDB over HTTP on the native driver port.
I reviewed the interfaces of mariadb pod and found the following:
calie6c068a340a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::ecee:eeff:feee:eeee prefixlen 64 scopeid 0x20<link>
ether ee:ee:ee:ee:ee:ee txqueuelen 0 (Ethernet)
RX packets 451 bytes 27552 (27.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 348 bytes 27089 (27.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
caliee45ca146c2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::ecee:eeff:feee:eeee prefixlen 64 scopeid 0x20<link>
ether ee:ee:ee:ee:ee:ee txqueuelen 0 (Ethernet)
RX packets 191 bytes 14176 (14.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 87 bytes 9236 (9.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
calif6e93cd4328: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::ecee:eeff:feee:eeee prefixlen 64 scopeid 0x20<link>
ether ee:ee:ee:ee:ee:ee txqueuelen 0 (Ethernet)
RX packets 7302 bytes 1203027 (1.2 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7645 bytes 4818796 (4.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:1ff:feee:54b4 prefixlen 64 scopeid 0x20<link>
ether 02:42:01:ee:54:b4 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5 bytes 446 (446.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1460
inet 10.240.0.11 netmask 255.255.255.255 broadcast 10.240.0.11
inet6 fe80::4001:aff:fef0:b prefixlen 64 scopeid 0x20<link>
ether 42:01:0a:f0:00:0b txqueuelen 1000 (Ethernet)
RX packets 753548 bytes 3753160696 (3.7 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 697800 bytes 219630854 (219.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 214601 bytes 54627282 (54.6 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 214601 bytes 54627282 (54.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The ens4 NIC has the same IP address as the Node where the pod is running. It does not got a unique address. Then the following resolves:
k exec -it auth-idp-bkqwf -c init-mariadb bash
bash-4.4# curl 10.240.0.11:3306 --output dummy.txt
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 148 0 148 0 0 144k 0 --:--:-- --:--:-- --:--:-- 144k
We have an openvpn server (I beleive on our router), and mobile clients that connect to the internet from far away locations, but also occasionally from inside our office. These systems are headless so configuring them differently before connecting to the in-office network is a nonstarter - we would like to SSH into them via their avahi hostnames regardless of where they physically are.
Right we can ping and SSH when they are connected to the internet outside of our network. When they are connected from inside our LAN, sometimes hostname.local resolves to 192.168.10.3 (and ping and SSH don't work) and sometimes to 192.168.1.211 (and ping and ssh do work).
When monitoring wireshark on the mobile client, ping requests to the 192.168.10.3 address do appear but are not answered.
How can we configure our clients so they can be reached when connecting from inside of our network?
output of ifconfig on client (connected to VPN via our office LAN):
eth0 Link encap:Ethernet HWaddr 00:04:4b:a7:fa:e5
inet addr:192.168.1.223 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::7a45:f5b1:1b87:c6f0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8964 errors:0 dropped:0 overruns:0 frame:0
TX packets:771 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1847719 (1.8 MB) TX bytes:160760 (160.7 KB)
Interrupt:42
tap0 Link encap:Ethernet HWaddr ce:d4:a6:18:48:21
inet addr:192.168.10.3 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::ccd4:a6ff:fe18:4821/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1381 errors:0 dropped:0 overruns:0 frame:0
TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:214474 (214.4 KB) TX bytes:7149 (7.1 KB)
output of route on client (connected to VPN via our office LAN):
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
default 192.168.10.1 0.0.0.0 UG 50 0 0 tap0
default 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
link-local * 255.255.0.0 U 1000 0 0 eth1
192.168.1.0 * 255.255.255.0 U 100 0 0 eth0
192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
192.168.10.0 * 255.255.255.0 U 50 0 0 tap0
Back-to-back pings from another machine on the same LAN to our mobile client. For whatever reason avahi .local names unpredictably resolve to the VPN IP or the other. Anyway, the ping to the VPN IP (second one) just hangs:
[15:51:25]~$ ping liber0.local
PING liber0.local (192.168.1.223) 56(84) bytes of data.
64 bytes from 192.168.1.223: icmp_seq=1 ttl=64 time=4.00 ms
64 bytes from 192.168.1.223: icmp_seq=2 ttl=64 time=6.09 ms
64 bytes from 192.168.1.223: icmp_seq=3 ttl=64 time=38.8 ms
^C
--- liber0.local ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 4.003/16.302/38.805/15.935 ms
[15:51:29]~$ ping liber0.local
PING liber0.local (192.168.10.3) 56(84) bytes of data.
^C
--- liber0.local ping statistics ---
27 packets transmitted, 0 received, 100% packet loss, time 26629ms
OpenVPN configuration file:
client
dev tap
proto udp
remote <redacted>
float
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
ca <redacted>.pem
cert <redacted>.pem
key <redacted>.key
cipher AES-256-CBC
auth SHA256
The key hint was that the ICMP packets made it to the VPN connected client, but were not answered. It turned out that the default rp_filter (reverse path filter) is the strictly checking and dropping packets. adding net.ipv4.conf.default.rp_filter = 2 to /etc/sysctl.conf sets rp_filter to loose reverse path checking, and everything works.
I have used pcap library used in my application. It was working previously.
I have not done any changes to my code, but fails to capture the packets only on specific interface "eth0". But for other interfaces like eth1 and wlan0 it works as expected.
Output of Ifconfig command is :
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.1.14.128 netmask 255.255.255.0 broadcast 10.1.14.255
inet6 fe80::5642:49ff:fee1:3a03 prefixlen 64 scopeid 0x20<link>
ether 54:42:49:e1:3a:03 txqueuelen 1000 (Ethernet)
RX packets 476 bytes 53618 (52.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 365 bytes 61306 (59.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 18
eth1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet6 fe80::280:c8ff:fe3c:fe04 prefixlen 64 scopeid 0x20<link>
ether 00:80:c8:3c:fe:04 txqueuelen 1000 (Ethernet)
RX packets 34500 bytes 48274193 (46.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 1732834 (1.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 10775 bytes 1170782 (1.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10775 bytes 1170782 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 134.96.174.7 netmask 255.255.248.0 broadcast 134.96.175.255
inet6 fe80::226:c7ff:fe9d:1f00 prefixlen 64 scopeid 0x20<link>
ether 00:26:c7:9d:1f:00 txqueuelen 1000 (Ethernet)
RX packets 981018 bytes 1250676710 (1.1 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 248507 bytes 31718095 (30.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Are these flag Id's(same for all) have anything to do with my problem .?
Best
yash
The driver of your interface will need to support putting the iface into promiscous mode to collect packets that are not directly addressed to your NIC.