Hi,
I decided to use an old Raspberry Pi I had as a Linux Router. I followed
a article on the wiki
https://wiki.alpinelinux.org/wiki/Linux_Router_with_VPN_on_a_Raspberry_Pi#VPN_Tunnel_on_specific_subnet
and decided that I wanted to improve upon it by implementing VLANs
instead of a single interface with multiple IP aliases, as I have a
managed switch and that author did not.
My network currently works as such, based on routing rules and iptables
filters on the router:
Traffic from 192.168.2.0/24 hosts destined to go out ppp0
Traffic from 192.168.3.0/24 hosts destined to go out of tun0
Traffic from 192.168.4.0/24 hosts not to be forwarded.
The only difference will be now I want to have 3 VLAN tunnels (VID 2, 3,
4) that contain traffic between my router and managed switch. All
traffic between those two points will be tagged. The hosts on my network
will continue to send un-tagged packets to the switch.
I had looked at this article https://wiki.alpinelinux.org/wiki/Vlan
I set up the VLANs on the switch https://i.imgur.com/hDBLc8G.png as you
can see only Port 1 (the port to my router) is tagged for VLAN 2, 3, 4
the rest are un-tagged.
Q1) Do I need any routing rules in the switch? Will the switch know what
to do with traffic from 192.168.3.55 in port 8? Will it know to send it
tagged with VLAN ID 3 to port 1? I have a Ubiquiti EdgeSwitch
ES-16-150W https://www.ubnt.com/edgemax/edgeswitch/
Q2) When I configured my interfaces on my Alpine Linux router I noticed
these ugly errors when booting:
* Starting networking ...
* lo ...
* eth0 ...
* eth0.2 ...
* vlan2 ...
RTNETLINK answers: File exists
run-parts: /etc/network/if-pre-up.d/vlan: exit status 2
* eth0.3 ...
RTNETLINK answers: File exists
run-parts: /etc/network/if-pre-up.d/vlan: exit status 2
* vlan3 ...
RTNETLINK answers: File exists
run-parts: /etc/network/if-pre-up.d/vlan: exit status 2
* eth0.4 ...
RTNETLINK answers: File exists
run-parts: /etc/network/if-pre-up.d/vlan: exit status 2
* vlan4 ...
RTNETLINK answers: File exists
run-parts: /etc/network/if-pre-up.d/vlan: exit status 2
* eth1 ...
... rest of boot sequence
My /etc/network/interfaces:
# Loopback interfaces
auto lo
iface lo inet loopback
address 127.0.0.1
netmask 255.0.0.0
# Used for Unbound DNS
iface lo:1 inet static
address 127.0.0.2
netmask 255.0.0.0
auto eth0
iface eth0 inet manual
# VLAN 2 - ISP
allow-hotplug eth0.2
auto eth0.2
iface eth0.2 inet static
address 192.168.2.1
netmask 255.255.255.0
broadcast 192.168.2.255
post-up /etc/network/fwmark_rules
auto vlan2
iface vlan2 inet static
address 192.168.2.1
netmask 255.255.255.0
vlan-raw-device eth0
# VLAN 3 - VPN
allow-hotplug eth0.3
auto eth0.3
iface eth0.3 inet static
address 192.168.3.1
netmask 255.255.255.0
broadcast 192.168.3.255
auto vlan3
iface vlan3 inet static
address 192.168.3.21
netmask 255.255.255.0
vlan-raw-device eth0
iface eth0.3 inet6 static
address fde4:8dba:e21c:3::1
netmask 64
# VLAN 4 - LAN ONLY
allow-hotplug eth0.4
auto eth0.4
iface eth0.4 inet static
address 192.168.4.1
netmask 255.255.255.0
broadcast 192.168.4.255
post-up /etc/network/route_LAN
auto vlan4
iface vlan4 inet static
address 192.168.4.21
netmask 255.255.255.0
vlan-raw-device eth0
iface eth0.4 inet6 static
address fde4:8dba:e21c:4::1
netmask 64
# External Interface to Modem
allow-hotplug eth1
auto eth1
iface eth1 inet static
address 192.168.0.2
netmask 255.255.255.252
broadcast 192.168.0.3
pre-up /sbin/ip link set eth1 up
up ifup ppp0=service
down ifdown ppp0=service
post-down /sbin/ip link set eth1 up
# Link to ISP
iface service inet ppp
provider service
Those two post-up routing rules are here:
https://wiki.alpinelinux.org/wiki/Linux_Router_with_VPN_on_a_Raspberry_Pi#.2Fetc.2Fnetwork.2Ffwmark_ruleshttps://wiki.alpinelinux.org/wiki/Linux_Router_with_VPN_on_a_Raspberry_Pi#.2Fetc.2Fnetwork.2Froute_LAN
I noticed that removing the sections under "auto vlanX" and the sections
under the inet6 interfaces seemed to silence those errors. That however
defeats the purpose of me doing this entire task which is to implement
VLANs for IPv6 compatibility.
The idea is that VLAN2's IPv6 interface is configured via SLAAC. Ie my
/etc/radvd.conf grabs the relevant prefix from my ISP and configures
that interface:
prefix 2001:0db8:1234:0002::/64 {
AdvOnLink on;
AdvAutonomous on; ## SLAAC based on EUI
AdvRouterAddr on;
and dhcpcd.conf configures it ie:
# Use the interface connected to WAN
interface ppp0
ipv6rs # enable routing solicitation get the default IPv6 route
iaid 1
ia_pd 1/::/64 eth0.2/2/64
eth0.3 and eth0.4 will be configured differently:
With eth0.3: There is no prefix delegation from the VPN so I am planning
to route a ULA fde4:8dba:e21c:3::1 and SNAT on the ULA IP on my tun0
interface.
With eth0.4 won't be routed out so I won't have to worry about
configuring NAT for that. Hosts on fde4:8dba:e21c:4::/64 will be able to
talk to each other on IPv6 though.
Any help or advice would really be appreciated.
--
Tyler
---
Unsubscribe: alpine-user+unsubscribe@lists.alpinelinux.org
Help: alpine-user+help@lists.alpinelinux.org
---
On 18/06/18 00:12, Ulf Volmer wrote:
> On 17.06.2018 15:56, Tyler wrote:> >> * eth0.2 ...>> * vlan2 ...> > You can't use vlan2 and eth0.2 at the same time. You have to choose one> of them.>
I just had another look at the wiki and it seems I missed the word
*Alternative*
Okay so that does help minimize it somewhat but I still do see
RTNETLINK answers: File exists
run-parts: /etc/network/if-pre-up.d/vlan: exit status 2
twice for each "inet6 static" declaration of eth0.3 and eth0.4
My current /etc/network/interfaces
allow-hotplug eth0
auto eth0
iface eth0 inet manual
# VLAN 2 - ISP
auto eth0.2
iface eth0.2 inet static
address 192.168.2.1
netmask 255.255.255.0
broadcast 192.168.2.255
post-up /etc/network/fwmark_rules
# VLAN 3 - VPN =
auto eth0.3
iface eth0.3 inet static
address 192.168.3.1
netmask 255.255.255.0
broadcast 192.168.3.255
iface eth0.3 inet6 static
address fde4:8dba:e21c:3::1
netmask 64
# VLAN 4 - LAN ONLY
auto eth0.4
iface eth0.4 inet static
address 192.168.4.1
netmask 255.255.255.0
broadcast 192.168.4.255
post-up /etc/network/route_LAN
iface eth0.4 inet6 static
address fde4:8dba:e21c:4::1
netmask 64
# External Interface to Modem
allow-hotplug eth1
auto eth1
iface eth1 inet static
address 192.168.0.2
netmask 255.255.255.252
broadcast 192.168.0.3
pre-up /sbin/ip link set eth1 up
up ifup ppp0=service
down ifdown ppp0=service
post-down /sbin/ip link set eth1 up
# Link to ISP
iface service inet ppp
provider service
I also noticed it doesn't seem possible in Alpine Linux with
(ifupdown-0.7.53.1-r1) to specify CIDR notation ie 192.168.2.1/24 and
then omit the netmask altogether. If you try to do that you get:
"ifup: don't have all variables for eth0/inet"
Yet their example for 0.7.53 has it included
https://salsa.debian.org/debian/ifupdown/blob/0.7.53/examples/network-interfaces
--
Tyler
---
Unsubscribe: alpine-user+unsubscribe@lists.alpinelinux.org
Help: alpine-user+help@lists.alpinelinux.org
---
