dhcpcd-discuss

Home Other Lists Thread Index Date Index Search
Thread Prev Thread Next Date Prev Date Next Thread Index Date Index

Re: preserving l2tp

Niv Wiser

Fri Dec 31 10:30:51 2010
Thanks Roy for dhcpcd , openrc and the help here,

After applying the dhcpcd fixes^ (see below) I get this line in
/var/log/messeges:

pppd "not replacing existing default route to eth0"

to verify its dhcpcd I run:
dhcpcd -k eth0 && dhcpcd -d -C 60-l2tp.conf eth0
then /etc/init.d/strongVpn start
and got a l2tp connection established:
# ip ro
98.158.112.57 via <WAN_GW> dev eth0 
98.158.yyy.xxx dev ppp0  proto kernel  scope link  src 98.158.yyy.xxz
192.168.14.0/24 dev br0  proto kernel  scope link  src 192.168.14.70 
<MY_SUBNET> dev eth0  proto kernel  scope link  src <MY_IP>  metric 203 
127.0.0.0/8 via 127.0.0.1 dev lo 
default via 98.158.117.129 dev ppp0 
default via <WAN_GW> dev eth0  metric 203 


how can I fix this?

/etc/init.d/strongVpn:

#!/sbin/runscript
# written by: niv vaizer 
# load l2tp setting and connect to strongVpn

depend() {
	need net.$WAN_DEV
}

start() {
	ebegin "Starting strongVpn"
	#restart eth0 dhcp with no default gateway and no /etc/resolv.conf

	#get eth0 IP adress
	WAN_IP=$(ifconfig $WAN_DEV | sed -rn '/dr:/{;s/.*dr:([0-9.]+) .*/\1/;p;}'|head -n1)
	WAN_GW_TEMP=$(ip ro |grep $VPN_HOST |sed s/.*via\ //|sed s/\ dev.*//)
	[ "$WAN_GW_TEMP" = "" ] && WAN_GW_TEMP=$(route -n |grep "^0.*eth"| awk '{ print $2 }')
	[ "$WAN_GW_TEMP" = "" ] && WAN_GW_TEMP=$(route -n|grep "UGH.*eth"|awk '{ print $2 }' )
	[ "$WAN_GW_TEMP" != "" ] && WAN_GW=$WAN_GW_TEMP
	ip ro | grep -q default || ip ro add default via $WAN_GW dev $WAN_DEV
	ip ro | grep -q $VPN_HOST && ip ro del $VPN_HOST via $WAN_GW
	sleep 2
	sed -i "s/left=.*/left=$WAN_IP/" /etc/ipsec.conf
	#sed -i "s/^\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)/$WAN_IP/" /etc/ipsec.secrets
	sed -i "s/.*\ :/$WAN_IP $VPN_HOST \:/" /etc/ipsec.secrets
	/usr/bin/rc-config restart ipsec
	/usr/bin/rc-config restart xl2tpd
	sleep 3
	ipsec auto --up L2TP-PSK
	sleep 3
	echo "c $USERNAME" > /var/run/xl2tpd/l2tp-control
		
	ip ro |grep -q "$VPN_HOST via $WAN_GW" ||ip ro add $VPN_HOST via $WAN_GW
	#ip ro |grep -q "default via $WAN_GW" ||ip ro del default via $WAN_GW
	sleep 2
	touch $PID
	sed -i "s/^EXT_IF=.*/EXT_IF=${IFACE}"/ /etc/arno-iptables-firewall/firewall.conf
	/usr/bin/rc-config restart arno-iptables-firewall
	#/usr/bin/rc-config restart dnsmasq
	eend $?
}

stop() {
	ebegin "Stopping strongVpn"
	WAN_IP=$(ifconfig $WAN_DEV | sed -rn '/dr:/{;s/.*dr:([0-9.]+) .*/\1/;p;}')
	WAN_GW=$(ip ro |grep $VPN_HOST |sed s/.*via\ //|sed s/\ dev.*//)
	echo "d $USERNAME" > /var/run/xl2tpd/l2tp-control
	sleep 3
	ipsec auto --down L2TP-PSK
	sleep 2
	#ip ro del $VPN_HOST via $WAN_GW
	/usr/bin/rc-config stop xl2tpd
	/usr/bin/rc-config stop ipsec
	sed -i "s/^EXT_IF=.*/EXT_IF=$WAN_DEV"/ /etc/arno-iptables-firewall/firewall.conf
	/usr/bin/rc-config restart arno-iptables-firewall
	
	ip ro add default via $WAN_GW dev $WAN_DEV
	rm -f $PID
	#/usr/bin/rc-config restart dnsmasq
	eend $?
}

fixes^:

#/lib/dhcpcd/dhcpcd-hooks/60-l2tp.conf
#use ISP default gateway as a route for l2tp server
set -x
#>/dev/null 2>&1
[ -f /etc/conf.d/strongVpn ] && . /etc/conf.d/strongVpn
LOG="/tmp/60-l2tp.conf.log"
if [ $DEBUG -ge 1 ] ; then
	echo "----------------------------------">>$LOG
	echo "`date '+%H%M%S_%d.%m.%Y'` invoked">>$LOG
	set >>$LOG
fi

if $if_up; then
	ip ro add "$VPN_HOST" via "$new_routers" 
elif $if_down; then
	ip ro del "$VPN_HOST" via "$old_routers"
fi

.......... quote from /etc/conf.d/net ...................
config_eth0="dhcp"
dhcpcd_eth0="-G -C resolv.conf"
postup() {
           WAN_GW=$(ip ro |grep $VPN_HOST |sed "s/.*via\ //"|sed "s/\
           dev.*//")
           if [ "${IFACE}" == "lo" ] ; then 
		return 0
	   fi
	   case "${IFACE}" in
	   eth0)
		ip ro | grep -q default || ip ro add default via $WAN_GW
                sed -i "s/^EXT_IF=.*/EXT_IF=${IFACE}"/
                /etc/arno-iptables-firewall/firewall.conf
		#shields up except on boot when eth0 is the first to show up
		[ -d /sys/class/net/br0 ] && /usr/bin/rc-config restart arno-iptables-firewall
		#fix missing ISP dns
		grep -q nameserver /etc/resolv.conf || cp /etc/resolv.conf.hot /etc/resolv.conf
		;;

Happy new (tax) year
References:
preserving l2tpNiv
Re: preserving l2tpRoy Marples
Re: preserving l2tpNiv
Re: preserving l2tpRoy Marples
Re: preserving l2tpNiv
Re: preserving l2tpRoy Marples
Archive administrator: postmaster@marples.name