FS#44803 - [systemd] regression in systemd 219, NAT portion of openvpn setup no longer functions.
Attached to Project:
Arch Linux
Opened by Seamus (mushrewm) - Friday, 01 May 2015, 17:30 GMT
Last edited by Doug Newgard (Scimmia) - Friday, 01 May 2015, 21:30 GMT
Opened by Seamus (mushrewm) - Friday, 01 May 2015, 17:30 GMT
Last edited by Doug Newgard (Scimmia) - Friday, 01 May 2015, 21:30 GMT
|
Details
Description:
Upgrading the systemd package from 218 to 219 causes NAT to stop functioning as part of my openvpn setup. I use openvpn 2.3.6-1, along with iptables 1.4.21-3, and linux 3.19.1 (linode) to tunnel traffic through my server. Attached are my openvpn config, along with the output from iptables-save. Some personal data is redacted. If you watch the traffic flowing through the server with 'tcpdump -i any icmp', here is what you see when the server is working: 17:18:53.316538 IP pylon > google-public-dns-a.google.com: ICMP echo request, id 16740, seq 1, length 64 17:18:53.316600 IP xxx.members.linode.com > google-public-dns-a.google.com: ICMP echo request, id 16740, seq 1, length 64 17:18:53.317299 IP google-public-dns-a.google.com > xxx.members.linode.com: ICMP echo reply, id 16740, seq 1, length 64 17:18:53.317327 IP google-public-dns-a.google.com > pylon: ICMP echo reply, id 16740, seq 1, length 64 And here is what you see when updated to systemd-219: 17:21:47.035205 IP pylon > google-public-dns-a.google.com: ICMP echo request, id 16834, seq 2, length 64 17:21:47.035224 IP xxx.members.linode.com > google-public-dns-a.google.com: ICMP echo request, id 16834, seq 2, length 64 17:21:47.035875 IP google-public-dns-a.google.com > xxx.members.linode.com: ICMP echo reply, id 16834, seq 2, length 64 Additional info: * package version(s) systemd 219-6 * config and/or log files etc. Attached. Steps to reproduce: I haven't tried this yet in a less complicated setup. This weekend I will reproduce this with a minimally configured virtual machine network at home. My assumption is that I should be able to configure a VM running Arch, enable NAT, and attempt to ping through it. |
This task depends upon
Closed by Doug Newgard (Scimmia)
Friday, 01 May 2015, 21:30 GMT
Reason for closing: Duplicate
Additional comments about closing: FS#44652
Friday, 01 May 2015, 21:30 GMT
Reason for closing: Duplicate
Additional comments about closing:
% sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
FS#44652. In that case, enable IPv4 forwarding in the new systemd-way.