Re: [Dnsmasq-discuss] openvpn + dnsmasq
Hi Anton, it might have helped if the error messages weren't in German... ;-) Debian Jessie is using systemd as init system. systemd does not always start legacy services (those described in /etc/init.d rather than /etc/init) in the order you would expect (for more details, see https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdAndSysVInitScripts). So it is possible that in your setup systemd starts openvpn and dnsmasq in parallel or in the wrong order rather than in alphabetical sequence. To fix this, you could either: a) convert the SYSV init scripts to systemd init scripts. b) add LSB standard comment blocks to the existing SYSV init scripts to declare the dependency between opendns and dnsmasq. Hope this helps Johannes On Sun, 5 Jul 2015, Anton Blau wrote: Is this a bad question? Am 21.06.2015 um 21:13 schrieb Anton Blau: Hello, please excuse my bad englisch. I am not a native speaker. I run dnsmasq with openvpn on my Debian Router. After the upgrade to jessie dnsmasq crashes on the boot because the openvpn device isn´t up. openvpn starts as /etc/rc5.d/S02openvpn and dnsmasq starts as /etc/rc5.d/S03dnsmasq In /var/log/syslog I got this error-message: Jun 21 07:46:09 router dnsmasq[999]: dnsmasq: Konnte Empfangs-Socket für 192.168.10.1: Die angeforderte Adresse kann nicht zugewiesen werden nicht erzeugen Jun 21 07:46:09 router dnsmasq[999]: Konnte Empfangs-Socket für 192.168.10.1: Die angeforderte Adresse kann nicht zugewiesen werden nicht erzeugen Jun 21 07:46:09 router dnsmasq[999]: Start fehlgeschlagen Jun 21 07:46:09 router systemd[1]: dnsmasq.service: control process exited, code=exited status=2 Jun 21 07:46:09 router systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server. Jun 21 07:46:09 router systemd[1]: Dependency failed for Host and Network Name Lookups. Jun 21 07:46:09 router systemd[1]: Unit dnsmasq.service entered failed state. How is it possible to check openvpn bevor starting dnsmasq? Thank you! Tony ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss --- Mit zwei Euro im Monat helfen: http://www.2-euro-helfen.de/ Help to fight hunger and injustice in our world: http://www.devp.org/ http://www.oxfam.org/___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Serving DHCP requests from a subnet not matching the interface
Bonsoir Albert, hi Neil, thank you for your replies and sorry for taking so long to acknowledge. Albert: As it turns out, I am using vlan interfaces (eth0.10 and wlan0.10), and I didn't tweak anything, and as I just verified I only thought the bridge was working, but - as you suggested - it isn't actually working the way I intended it to work. Thanks for pointing that out to me. So, I know figured out the (hopefully) proper way to do it: - br0- 192.168.1.254/24, bridging eth0 and wlan0 - br0:10 - 192.168.10.254/24 And now dnsmasq even turns out to be smart enough to see that a request coming in on the physical interface eth0 can have an ip address matching either of the subnets on br0 and br0:10, and so does exactly what I wanted it to do :) Neil: so I don't even need the switch you suggested. Thanks a lot for your help! Regards Johannes On Wed, 3 Jun 2015, Albert ARIBAUD wrote: Bonjour Johannes, Le Wed, 3 Jun 2015 07:52:59 +0200 (CEST), Johannes Martin a écrit : Hi, I have the following network setup: - eth0: 192.168.1.254/24 - br0: 192.168.10.254/24 bridging virtual interfaces eth0.10 and wlan0.10 (plain virtual interfaces, no vlan tagging) Hmm, on my system plain virtual interfaces are of the form eth0:10, not eth0.10, and if you used vconfig, then eth0.10 and wlan0.10 /are/ tagged (and then, you'll need some tweaking to get the bridge to simply work. I have a dynamic dhcp range defined on the 192.168.1.0 subnet and a static dhcp range with static host entries (by mac address) defined on the 192.168.10.0 subnet. When a device connects through the wlan0 interface, dnsmasq properly serves the defined static addresses. However, when the devices connects through the eth0 interface, dnsmasq serves an address from the dynamic range even when a static address is defined for the device. So, dnsmasq does not realize that eth0 and eth0.10 are the same physical interface and that it is fine to serve an address that is valid only for eth0.10 on that physical interface. Bridging is for physical or vlan interfaces (see man brctl), not virtual ones. Are you sure you're using a virtual, not vlan, interface? If so, then when you bridge eth0.10, you actually bridge eth0, and packets which arrive at eth0 are routed to br0 irrespective of their destination IP. Try the following: ifconfig eth0:9 10.0.0.42 brctl addbr br9 brctl addif br9 eth0:9 brctl show You'll see the interface listed under br0 is eth0, not eth0:9. If you're using vlan interfaces, ISTR packets entering a bridged vlan interface are actually received on the non-bridge interface and not forwarded through the bridge. Is there any way to override this behaviour, i.e. make dnsmasq serve the defined static ip address, even if it does not seem to make sense? I don't think you can with non-vlan virtual interfaces. Besides, since the purpose of DHCP is to assign an IP address to a client, most clients won't have an IP address to boot (pun half intended), so there will be no way for the server to choose whether an incoming DHCP request should be considered as coming from eth0 or eth0:10 (and it won't come from eth0.10, since it would need to be tagged for this, the dhcp clients don't know about vlans, only physical interfaces). In the end I would like to be able to logically separate groups of devices in different vlans which all use the same physical interfaces (I do realize there will be no physical separation between the networks and understand there is only little security gain in that separation). Thanks Johannes Amicalement, -- Albert. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss --- Mit zwei Euro im Monat helfen: http://www.2-euro-helfen.de/ Help to fight hunger and injustice in our world: http://www.devp.org/ http://www.oxfam.org/___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Serving DHCP requests from a subnet not matching the interface
Hi, I have the following network setup: - eth0: 192.168.1.254/24 - br0: 192.168.10.254/24 bridging virtual interfaces eth0.10 and wlan0.10 (plain virtual interfaces, no vlan tagging) I have a dynamic dhcp range defined on the 192.168.1.0 subnet and a static dhcp range with static host entries (by mac address) defined on the 192.168.10.0 subnet. When a device connects through the wlan0 interface, dnsmasq properly serves the defined static addresses. However, when the devices connects through the eth0 interface, dnsmasq serves an address from the dynamic range even when a static address is defined for the device. So, dnsmasq does not realize that eth0 and eth0.10 are the same physical interface and that it is fine to serve an address that is valid only for eth0.10 on that physical interface. Is there any way to override this behaviour, i.e. make dnsmasq serve the defined static ip address, even if it does not seem to make sense? In the end I would like to be able to logically separate groups of devices in different vlans which all use the same physical interfaces (I do realize there will be no physical separation between the networks and understand there is only little security gain in that separation). Thanks Johannes --- Mit zwei Euro im Monat helfen: http://www.2-euro-helfen.de/ Help to fight hunger and injustice in our world: http://www.devp.org/ http://www.oxfam.org/ ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss