Le 26/04/2016 à 18:18, Alexandre de Verteuil a écrit : > * Simon Gomizelj <simon@xxxxxxxxx> [2016-04-26 01:07] : >> Alexandre de Verteuil <alexandre@xxxxxxxxxxxxxx> writes: >>> I was happily configuring static and dynamic networking in my home >>> network using systemd.netdev and systemd.network unit files until >>> I needed static routes for my site-to-site VPN setup. I'm still >>> investigating the root cause, but basically routes don't get added and I >>> get the following error message in the journal: >>> >>> systemd-networkd[4468]: br0: Could not set route: Network is unreachable >>> >> What's the VPN technology? >> >> If you're trying to add routes to traverse the VPN before the VPN >> connection is established, its going to fail. The robust thing to do is >> configure your VPN client software to add or remove routes. I know for >> sure that both OpenVPN and pptpclient have ways of doing that. > I'm using OpenVPN. However, I'll need to set up static routes manually > anyways for the following reasons: > > - the VPN server is not on the same machine as the Internet gateway, so > I also need to add static routes on the router with the OpenVPN server > as the next hop. > > - I also plan to create VLANS for management, testing and security. I > know it's overkill for a home network but it's also a lab for learning > so regardless of the VPN I'm going to need to configure static routes. > > The router will soon be replaced by an Archlinux box. Right now I'm > testing network configuration on virtual machines. My current router is > an all-in-one residential DSL modem and doesn't support anything I want > to do. In the meantime, my OpenVPN server does IP masquerade. > > Regards, OpenVPN supports scripts as “hooks” to be run when the connection goes up or down. For instance, I have this at the end of my conf: up /etc/openvpn/dns.up Where the dns.up file is a script I wrote, which contains the following: #!/usr/bin/sh ip route add table dns.out default dev $dev Where dns.out is a custom routing table that I’ve created before. You might want to take a look at OpenVPN doc to know what vars are available in those script. I think this can help you do what you want to achieve in the most proper manner (that I’m aware of). ;) Bruno
Attachment:
signature.asc
Description: OpenPGP digital signature
