NetworkManager-ssh icon indicating copy to clipboard operation
NetworkManager-ssh copied to clipboard
verified publisher icon danfruehauf

Assumes /sbin/ifconfig when it doesn't exist

Open pythonian4000 opened this issue 12 years ago • 6 comments

With NetworkManager-ssh installed successfully, I am now trying to get it to function. Having re-enabled root login on my remote server (haven't worked out how to let another user create tun devices yet, and don't know what commands to limit root login to), I run the VPN. It appears to be successful (syslog shows no problems aside from nm-dispatcher.action: Script '/etc/NetworkManager/dispatcher.d/01ifupdown' took too long; killing it.), but no packets can be sent.

When I checked on the remote server, it appeared that the tun100 device created there had not been configured. Running nm-ssh-service --debug, I got the following:

[snip] ** Message: debug1: Requesting tun unit 0 in mode 1

** Message: debug1: sys_tun_open: tun0 mode 1 fd 4

** Message: debug1: channel 0: new [tun]

** Message: debug1: channel 1: new [client-session]

** Message: debug1: Requesting [email protected]

** Message: debug1: Entering interactive session.

** Message: debug1: Sending environment.

** Message: debug1: Sending command: /sbin/ifconfig tun100 inet 172.16.40.1 netmask 255.255.255.252 pointopoint 172.16.40.2 mtu 1500;

** Message: debug1: client_input_channel_req: channel 1 rtype exit-status reply 0

** Message: debug1: client_input_channel_req: channel 1 rtype [email protected] reply 0

** Message: debug1: channel 1: free: client-session, nchannels 2 [/snip]

The remote command used is /sbin/ifconfig, but the remote server I am attempting to connect through (Gentoo) only has /bin/ifconfig. For some reason, this didn't cause a failure.

(I symlinked /sbin/ifconfig to /bin/ifconfig on the server and tried again - this time the tun100 device did get configured, but still nothing worked. That probably indicates some other problem with my setup though...)

pythonian4000 avatar Jul 15 '13 08:07 pythonian4000

If the devices got configured on both ends you are supposed to be able to ping each side (probably tun0 on your side and tun100 on the server side). By all means it looks like the tunnel is up. However if you can't ping, it might be your firewall filtering that traffic or something similar.

Trying pinging from your client side 172.16.40.1 - this is the server address according to the output.

Then you probably want to setup your server to forward your data (as a gateway server), have a look on the README page for the low level approach for doing that: https://github.com/danfruehauf/NetworkManager-ssh#server-side-configuration

In a nutshell - have iptables setup for NAT and don't forget ip_forward = 1 (to be a router).

danfruehauf avatar Jul 15 '13 08:07 danfruehauf

What remote server were you using that ifconfig was in /bin/ifconfig?

I bet altogether this should become configuration at some point.

danfruehauf avatar Jul 17 '13 09:07 danfruehauf

should use the 'ip' utility instead. see https://help.ubuntu.com/community/SSH_VPN for an example

maci0 avatar Sep 14 '14 20:09 maci0

@maci0 Not a bad option at all! Thanks for that.

danfruehauf avatar Sep 16 '14 03:09 danfruehauf

@danfruehauf 'ip' has been the de-facto standard utility for a long time

https://blog.timheckman.net/2011/12/22/why-you-should-replace-ifconfig/

maci0 avatar Sep 17 '14 08:09 maci0

@maci0 Difficult to kill bad habits :)

danfruehauf avatar Sep 21 '14 04:09 danfruehauf