Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#30638 - [netcfg] tuntap connections leaving interface down

Attached to Project: Arch Linux
Opened by Gufo (gufo) - Wednesday, 11 July 2012, 14:21 GMT
Last edited by Jouke Witteveen (jouke) - Thursday, 26 July 2012, 13:55 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Jouke Witteveen (jouke)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

After a system upgrade and a reboot my VPN setup stopped working.
The full description with a possible workaround follows, but action should be taken to fix the bug (possibly in netcfg directly)

I have a tap interfaces my openvpn instance relies upon.
It's defined as follow in /etc/network.d/tap0:
INTERFACE='tap0'
CONNECTION='tuntap'
MODE='tap'
USER='nobody'
GROUP='nobody'

and correctly configured to be started up at boot in rc.conf (amongst other):
NETWORKS=(tap0 intra extra)

I upgraded the system today, current netcfg version 2.8.5-3 and kernel is:
$uname -a
Linux bastione 3.4.4-2-ARCH #1 SMP PREEMPT Sun Jun 24 17:28:37 UTC 2012 i686 GNU/Linux

after a reboot my VPN stopped properly working, the client could get an IP address (strangely enough, and via a DHCP server listening on the bridge interface tap0 is part of) BUT COULD NOT work properly on the local lan.

To fix the problem I had to manually issue (on the server of course)
sudo ifconfig tap0 up

Right after launching the command my client started working in the LAN, without the need to restart openvpn neither on the client nor on the server.

tcpdump was also refusing to dump traffic on that interface before enabling it.

Steps to reproduce:
My system is acting as a firewall, clients connect to the VPN as part of

set up openvpn to use tap0, which is created automatically at boot via netcfg
add tap0 as a brige with eth0 using netcfg
restart the system

confirm that before manually forcing tap0 up the client cannot connect properly to services hosted at eth0
This task depends upon

Closed by  Jouke Witteveen (jouke)
Thursday, 26 July 2012, 13:55 GMT
Reason for closing:  Fixed
Additional comments about closing:  a0b9e
Comment by Jouke Witteveen (jouke) - Thursday, 12 July 2012, 14:18 GMT
Does it work if you add
SKIPNOCARRIER='yes'
to your profile?
Comment by Gufo (gufo) - Thursday, 12 July 2012, 20:21 GMT
No it didn't work, after the system update the interface is not fully brought up until manually enabled:

$ sudo tcpdump -i tap0
tcpdump: tap0: That device is not up
$ sudo ifconfig tap0 up
$ sudo tcpdump -i tap0
tcpdump: WARNING: tap0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:20:19.845983 IP 10.10.170.89.db-lsp-disc > 255.255.255.255.db-lsp-disc: UDP, length 142
Comment by Jouke Witteveen (jouke) - Thursday, 12 July 2012, 21:10 GMT
Please post the output of
netcfg all-down
NETCFG_DEBUG=yes netcfg up tap0
Comment by Gufo (gufo) - Friday, 13 July 2012, 17:04 GMT
The output of
netcfg all-down
NETCFG_DEBUG=yes netcfg up tap0

was:

Using /etc/rc.conf for netcfg settings is deprecated.
Use /etc/conf.d/netcfg instead.
:: extra down [done]
:: tap0 down [done]
:: tap1 down [done]
:: intra down [done]
:: dmz down [done]
Using /etc/rc.conf for netcfg settings is deprecated.
Use /etc/conf.d/netcfg instead.
:: tap0 up Interface tap0 already exists.
[fail]
Comment by Jouke Witteveen (jouke) - Friday, 13 July 2012, 18:45 GMT
None of that output was relevant debug output ;-). Perhaps you should first migrate to /etc/conf.d/netcfg and investigate the existing interface error.
Comment by Gufo (gufo) - Saturday, 14 July 2012, 08:28 GMT
:: dmz down [done]
:: extra down [done]
:: intra down [done]
:: tap1 down [done]
:: tap0 down [done]
:: tap0 up Interface tap0 already exists.
[fail]

same output even when migrated to /etc/conf.d/netcfg

Thanks a lot for your input jouke!
I'll investigate this and see if I can come up with a solution, it's a headless system so it's not extremely easy to play with the network and get the results so it can take a while.
Comment by Jouke Witteveen (jouke) - Saturday, 14 July 2012, 10:38 GMT
There might be another bug at work here. On bringing the tap0 profile down, one of the executed commands is
ip tuntap del "$INTERFACE" mode "$MODE" &>/dev/null
which should remove the interface, but somehow
/sys/class/net/tap0
appears to persist.

Perhaps the above ip command without the redirect to /dev/null can shed some light on this. The whole tuntap logic doesn't seem very complicated, but apparently I'm overseeing the bug.
http://projects.archlinux.org/netcfg.git/tree/src/connections/tuntap
Comment by Gufo (gufo) - Saturday, 14 July 2012, 10:47 GMT
It should be
ip tuntap del *dev* "$INTERFACE" mode "$MODE" &>/dev/null

if I understand correctly
Comment by Jouke Witteveen (jouke) - Saturday, 14 July 2012, 10:57 GMT
Congratulations, you found a bug over a year old :-). Can you fix it in
/usr/lib/network/connections/tuntap
then we can get back to fixing the original bug ;-).
Comment by Jouke Witteveen (jouke) - Saturday, 14 July 2012, 11:21 GMT
I think your bug is fixed when you replace
/usr/lib/network/connections/tuntap
with the attached version. Please let me know.
   tuntap (0.5 KiB)
Comment by Gufo (gufo) - Saturday, 14 July 2012, 11:28 GMT
I'll test on monday and report back.

Thanks for your time ;)

[if you open gtalk you have a pending contact req. from me]

Loading...