Ubuntu 17.10

This forum is for general conversation and user-user networking.
Post Reply
breezytm
OpenVpn Newbie
Posts: 8
Joined: Fri May 18, 2018 1:42 am

Ubuntu 17.10

Post by breezytm » Fri May 18, 2018 1:45 am

Has anyone successfully configure OpenVPN TAP with Ubuntu 17.10. I have been trying without success. Any tutorial or document references would be greatly appreciated. The document Ubuntu has on their site isn't up-to-date even though it says it is supported. '/etc/network/interfaces is no longer supported but the document is asking to configure it https://help.ubuntu.com/lts/serverguide/openvpn.html.en

breezytm
OpenVpn Newbie
Posts: 8
Joined: Fri May 18, 2018 1:42 am

Re: Ubuntu 17.10

Post by breezytm » Fri May 18, 2018 5:50 pm

Geez, does that mean no one has been able to successfully do it. This mess apparently started since 16.10. We are currently on 18.04 I believe in Ubuntu. That's many months. I guess I am dead in the water.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4291
Joined: Fri Jun 03, 2016 1:17 pm

Re: Ubuntu 17.10

Post by TinCanTech » Fri May 18, 2018 6:18 pm

breezytm wrote:
Fri May 18, 2018 1:45 am
Any tutorial or document references would be greatly appreciated
There is a mountain of documentation for OpenVPN:
  • The manual
  • The Howto (Two independent versions)
  • Trac
  • This Forum
The list goes on ..

breezytm
OpenVpn Newbie
Posts: 8
Joined: Fri May 18, 2018 1:42 am

Re: Ubuntu 17.10

Post by breezytm » Sun May 20, 2018 2:32 pm

I've read the tutorials. I opened a documentation error with both openvpn and ubuntu. The documents do not reflect the netplan.io changes they made in Ubuntu 16.10 and above.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4291
Joined: Fri Jun 03, 2016 1:17 pm

Re: Ubuntu 17.10

Post by TinCanTech » Sun May 20, 2018 3:56 pm

breezytm wrote:
Fri May 18, 2018 1:45 am
Has anyone successfully configure OpenVPN TAP with Ubuntu 17.10
I have used ubuntu since 10.04 through to 18.04 without any OpenVPN TAP issues what so ever ..
breezytm wrote:
Sun May 20, 2018 2:32 pm
The documents do not reflect the netplan.io changes
This does not concern Openvpn ..

If you seek further assistance from Openvpn Community then please read:
HOWTO: Request Help !

breezytm
OpenVpn Newbie
Posts: 8
Joined: Fri May 18, 2018 1:42 am

Re: Ubuntu 17.10

Post by breezytm » Sun May 20, 2018 8:25 pm

Are you saying that i can configure the /etc/network/interfaces file regardless the fact that the OS doesn't seem to be using it. If I configure br0 in the interfaces file and reboot the system; it seems to completely ignore what the interfaces file has and the bridge never gets created. However, if i modified the /etc/netplan/01-netcfg.yaml to create the br0 it works fine.
Last edited by breezytm on Sun May 20, 2018 8:37 pm, edited 1 time in total.

breezytm
OpenVpn Newbie
Posts: 8
Joined: Fri May 18, 2018 1:42 am

Re: Ubuntu 17.10

Post by breezytm » Sun May 20, 2018 8:29 pm

This seems to work.

Code: Select all

[admin@SKYNET:-$ cat etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    enp0s31f6:
      dhcp4: no
  bridges:
      br0:
         interfaces: [enp0s31f6]
         dhcp4: no
         address: [10.10.1.30/24]
  gateway4: 10.10.1.1
  nameservers:
      addresses: [10.10.1.1]
This does not work

Code: Select all

[admin@openvpn:~$ cat /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo br0
iface lo inet loopback

# The primary network interface
auto enp0s25

iface br0 inet static 
  address 10.0.1.4 
  netmask 255.255.255.0
  gateway 10.0.1.1
  dns-nameservers 10.0.1.1
  bridge_ports enp0s25

iface enp0s25 inet manual
  up ip link set $IFACE up promisc on
  down ip link set $IFACE down promisc off
Obviously they are not the same box. One is a test box with 16.04 and working and the other which is supposed to be going to prod running 17.04 and I can not get it working.

Also do keep in mind by default this is all there is in the 17.10 interfaces file

Code: Select all

# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# Generated by debian-installer.

# The loopback interface
auto lo
iface lo inet loopback

breezytm
OpenVpn Newbie
Posts: 8
Joined: Fri May 18, 2018 1:42 am

Re: Ubuntu 17.10

Post by breezytm » Mon May 21, 2018 3:50 pm

SOLUTION 1

I managed to resolve my issues with a lot of googling but hey it's working. It may however not be the practical way of doing things but again it's working. After an entire week of troubleshooting I can live with the result until I learn netplan. Anyway, I am posting the steps I took to resolve the issue just in case someone else is scratching their heads trying to find an answer.

1. If you don't want to deal with netplan but wishes to go back to the all way of things you can simply disable it and enable interfaces.

2. Also, apparently Ubuntu 17.10 has a DNS issue.

First take care of the DNS issue because with netplan it seems to work but with interfaces it does not get updated properly.

Code: Select all

sudo apt-get install resolvconf
Note:- This is not recommended and this is for advanced users only. Do keep in mind according to a netplan dev, you do not need to do the GRUB change for it to work. I did it just for my sanity sake and because I don't want to install and update and this whole thing gets messed up again.

Edit the /etc/default/grub file

Code: Select all

sudo nano /etc/default/grub
Add the following line

Code: Select all

GRUB_CMDLINE_LINUX="netcfg/do_not_use_netplan=true"
Save and exit the file

Now update the grub using the following command

Code: Select all

sudo update-grub
You need to install ifupdown package

Code: Select all

sudo apt install ifupdown
Now you can add all the interface details in /etc/network/interfaces file and reboot the ubuntu PC/server.


P.S if like me you actually enabled interfaces and when the machines comes back up it is experiencing DNS issue, you can follow the steps below to install the package manually.

Download the package and install

Code: Select all

cd /tmp
Download resolvconf from us.archive.ubuntu.com. But since you don't have DNS you will not be able to use the DNS name. If you ping us.archive.ubuntu.com from another computer with working DNS it should return 91.189.91.26. Change the IP address if applicable.

Code: Select all

wget http://91.189.91.26/ubuntu/pool/main/r/resolvconf/resolvconf_1.79ubuntu8_all.deb
Install & restart networking

Code: Select all

dpkg -i resolvconf_1.78ubuntu4_all.deb
sudo service resolvconf start
sudo systemctl enable resolvconf
sudo /etc/init.d/networking restart

breezytm
OpenVpn Newbie
Posts: 8
Joined: Fri May 18, 2018 1:42 am

Re: Ubuntu 17.10

Post by breezytm » Mon May 21, 2018 4:54 pm

SOLUTION 2 - Trying in my lab

Your netplan yaml file should look like this

Code: Select all

$ cat /etc/netplan/01-netcfg.yaml
 # This file describes the network interfaces available on your system
 # For more information, see netplan(5).

network:
    version: 2
    renderer: networkd
    ethernets:
        enp0s31f6:
            dhcp4: no
    bridges:
        br0:
            interfaces: [enp0s31f6]
            dhcp4: no
            addresses: [10.0.1.100/24]
            gateway4: 10.0.1.1
            nameservers:
                addresses: [10.0.1.1]
The other portion of the ifupdown config that does not translate to netplan is the 'promisc' command:

Code: Select all

up ip link set $IFACE up promisc on
.

To do the equivalent on a system using netplan, ensure that you have the networkd-dispatcher package installed.

Code: Select all

# Install
sudo apt install networkd-dispatcher

# Documentation
man networkd-dispatcher
Your should have have been

Code: Select all

/etc/openvpn/up.sh
script would look like this. But instead install the following script as

Code: Select all

/usr/lib/networkd-dispatcher/dormant.d/promisc_bridge
(owned by root, marked executable):

Code: Select all

#!/bin/sh
 set -e
 if [ "$IFACE" = br0 ]; then
    # no networkd-dispatcher event for 'carrier' on the physical interface
    ip link set eth0 up promisc on
fi
Note also that this promisc setting will not currently take effect correctly on boot due to LP: https://bugs.launchpad.net/ubuntu/+sour ... ug/1772137.

Credit goes to slangasek from https://askubuntu.com

Post Reply