I'm working on a Shorewall instance's startup dependencies, relative to Openvpn
& the OS's networking stack.
While testing, with Openvpn started, and its assigned tunnel interface (tun1)
up, shorewall-lite restarts as normal
shorewall-lite restart
Restarting Shorewall Lite....
Initializing...
Processing init user exit ...
...
done.
In this configuration, everything runs as expected -- FW's functioning, VPN
link's up.
OTOH, if I stop openvpn first, taking down the tunnel with it,
systemctl stop openvpn-custom
ifconfig tun1
tun1: error fetching interface information: Device not found
and restart shorewall-lite, it loops
shorewall-lite restart
Restarting Shorewall Lite....
Device "tun1" does not exist.
Device "tun1" does not exist.
Device "tun1" does not exist.
Device "tun1" does not exist.
Device "tun1" does not exist.
...
tracing finds the 'problem',
shorewall-lite trace restart
...
+ local waittime
+ case "$COMMAND" in
+ interface_is_usable tun1
+ local status
+ status=0
+ loopback_interface tun1
+ '[' tun1 = lo ']'
+ /sbin/ip link show tun1
+ fgrep -q LOOPBACK
Device "tun1" does not exist.
+ interface_is_up tun1
++ /sbin/ip -4 link list dev tun1
++ grep -e '[<,]UP[,>]'
+ '[' -n '' ']'
+ status=1
+ return 1
+ waittime=60
+ '[' 60 -gt 0 ']'
+ sleep 1
+ interface_is_usable tun1
+ local status
+ status=0
+ loopback_interface tun1
+ '[' tun1 = lo ']'
+ /sbin/ip link show tun1
+ fgrep -q LOOPBACK
Device "tun1" does not exist.
...
'+ waittime=60' is the hint here. There's no problem; in fact, SW's doing what
it's been instructed. In my config, the VPN_IF interface config,
SHOREWALL/interfaces
...
vpn1 VPN_IF
optional,physical=tun1,wait=60,logmartians=0,routefilter=0,routeback=1
...
has "wait=60". After waiting 60 seconds, SW startup continues with no error.
It could be helpful if the waittime= counter were added to NON-trace output.
Instead of
shorewall-lite restart
Restarting Shorewall Lite....
Device "tun1" does not exist.
Device "tun1" does not exist.
Device "tun1" does not exist.
Device "tun1" does not exist.
Device "tun1" does not exist.
...
rather
shorewall-lite restart
Restarting Shorewall Lite....
Device "tun1" does not exist. Waittime = 60 seconds.
Device "tun1" does not exist. Waittime = 59 seconds.
Device "tun1" does not exist. Waittime = 58 seconds.
Device "tun1" does not exist. Waittime = 57 seconds.
Device "tun1" does not exist. Waittime = 56 seconds.
...
or somesuch.
Adding the counter communicates that there's progress/countdown occurring,
rather than the suggestion of a problem.
Certainly not critical; simply a convenience.
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
