On Mon, 2017-04-10 at 16:10 +0100, Radu Rendec wrote: > On Mon, 2017-04-10 at 15:58 +0200, Thomas Haller wrote: > > On Fri, 2017-04-07 at 13:43 +0100, Radu Rendec wrote: > > > I'm trying to setup an IPIP tunnel using nmcli. I can create the > > > tunnel > > > using, e.g.: > > > > > > nmcli con add type ip-tunnel mode ipip ifname tun0 remote > > > 10.0.4.1 > > > local 10.0.8.1 > > > > > > And then I can assign an ipv4 address using: > > > > > > nmcli con mod ip-tunnel-tun0 ipv4.address 192.168.9.1 > > > > > > However, I'm not able to set the peer ipv4 address (the "inner" > > > address > > > of the remote end of the tunnel). What I'm looking for is the NM > > > equivalent of this: > > > > > > ip addr add 192.168.9.1 peer 192.168.9.2 dev tun0 > > > > > > What is the NM way to configure something similar to the above? > > > > > > > > > > NM doesn't support setting peers for IP addresses. > > > > You might be able to use a dispatcher script (man NetworkManager), > > but that is not great workaround. > > > > > > Could you elaborate why you need that? > > > > Hi Thomas, > > Thanks for the feedback. I basically need a route to the peer. When > the > IP address is configured with a peer, the kernel adds an implicit > route > to it. I was hoping to achieve the same with NM. > > As a workaround, I explicitly set a manual route to the peer and it > works. But this is just a ... workaround and I was hoping there was a > cleaner way to do this.
When you add a IPv4 address with a certain prefix (aka netmask), kernel
will add a direct route to this subnet (unless IFA_F_NOPREFIXROUTE flag
is set).
NetworkManager then usually removes that route (because it has metric
0) and re-adds it with the intended metric (from ipv4.route-metric
setting).
Yes, the workaround is
nmcli connection modify "$CONN" +ipv4.addresses 192.168.9.1/32 +ipv4.routes
'192.168.9.2/32'
or just a large enough subnet so that you get a direct route to the other
peer:
nmcli connection modify "$CONN" +ipv4.addresses 192.168.9.1/30
> Anyway, before initially posting to the list, I had a quick look at
> the
> NM sources. It seemed to me that there's at least partial support for
> the PTP address, because:
> * NMPlatformIP4Address contains a peer_address field which,
> according
> to the comment in src/platform/nm-platform.h (where the actual
> struct is defined) seems to be the right thing.
> * This field seems to be handled down the path of
> nm_ip4_config_commit
> nm_platform_ip4_address_sync, nm_platform_ip4_address_add,
> ip4_address_add and _nl_msg_new_address.
Yes, internally NM is aware of the peer addresses. It needs to be,
because two addresses that have same local address (but different peer)
are considered different by kernel. So, NM needs to understand that.
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen
1000
inet 192.168.6.5 peer 192.168.8.5/24 scope global dummy0
valid_lft forever preferred_lft forever
inet 192.168.6.5 peer 192.168.9.5/24 scope global dummy0
valid_lft forever preferred_lft forever
But you cannot configure such addresses with NM yet. It's a missing
feature really. At this point, probably not very hard to add.
>
> However, I'm new to the NM code base and I may very well be
> misreading
> it. Besides, the path that I highlighted only deals with NM to kernel
> sync, but doesn't say anything about the NM config and D-Bus side. In
> any case, I thought I was better off asking around than reading and
> trying to understand more of the code :)
Correct.
best,
Thomas
signature.asc
Description: This is a digitally signed message part
_______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
