I am trying to build a VPN tunnel through a tun interface created by
sshd. The tun interface is to be added to an existing bridge interface.
For this purpose I created a .network file (see below). However, the
operation fails, without systemd-networkd giving a useful error message
beyond 'Inval
I have the following lines im a .network file:
[RoutingPolicyRule]
Priority = 10
IncomingInterface = lo
OutgoingInterface = bo_lan
DestinationPort = 22
IPProtocol = tcp
Family = both
InvertRule = yes
Table = 100
[Route]
Gateway = 192.168.0.1
GatewayOnLink = yes
Destination = 0.0.0.0/0
Scope = li
Hi,
I encountered a problem configuring a network interface via DHCPv6,
using the attached .network file. The interface does receive router
announcements with the 'managed' flag set, as indicated by the following
tcpdump output:
[root@raspi-400 ~]# tcpdump -i vpn_sarkovy -v '(icmp6 and (ip6
O.k., I found the problem. The router advertisement is sent from the
router's link-local address, and therefore the RouterAllowList entry in
the [IPv6AcceptRA] section was blocking it.
Am 10.02.23 um 13:15 schrieb Thomas Köller:
Hi,
I encountered a problem configuring a network inte
I cannot start the 'ssh' command from a systemd service. A very simple
service file demonstrates the problem:
# /run/systemd/system/ssh-test.service
[Unit]
[Service]
Type = oneshot
ExecStart = /usr/bin/ssh -V
[root@raspi-400 ~]# systemctl start ssh-test.service
Job for ssh-test.service fail
Hi,
I have a problem creating a namespace from a systemd service. The
service (type oneshot) invokes a shell script containing these two lines:
ip netns add vpnlink
iw phy phy0 set netns name vpnlink
Both commands succeed, meaning they do not return an error, and so the
service start
Am 18.07.24 um 12:18 schrieb Mantas Mikulėnas:
Would really like to see the contents of the .service file. Does it use
any hardening options at all?
root@htpc:~/netsu# cat /etc/systemd/system/network-setup.service
[Unit]
Before = systemd-networkd.service
Before = network-setup.service
[Service]
Does it use any hardening options at all?
Thanks for the hint. As it seems this is an undocumented side effect of
'ProtectSystem = full'. From reading the docs I got the impression that
only file system access is affected by this parameter.
Am 18.07.24 um 14:04 schrieb Mantas Mikulėnas:
Yes, but namespace persistence actually relies on filesystem access –
it's implemented as a bind-mount of the namespace file descriptor (onto
/run/netns for the 'ip netns' tool), as otherwise namespaces only exist
as long as processes that hold the
In a service file I am creating I use the BindReadOnlyPaths statement
like this:
root@htpc:~# cat /etc/systemd/system/vpn.service
[Unit]
Before = systemd-networkd.service
After = network-setup.service
Requisite = network-setup.service
ConditionPathExists = /run/systemd/network/50-tap_vpn.networ
On 18.07.24 16:37, Thomas Köller wrote:
In a service file I am creating I use the BindReadOnlyPaths statement
like this:
root@htpc:~# cat /etc/systemd/system/vpn.service
[Unit]
Before = systemd-networkd.service
After = network-setup.service
Requisite = network-setup.service
I am having problems expanding environment variables in a service file.
This test serivice illustrates the problem:
root@yoga:/etc/systemd/system# cat varexp.service
[Unit]
Description = Test environment variable expansion
[Service]
Type = oneshot
Environment = "VAR=abc-xyz"
ExecStart = sh -c '
Am 06.09.24 um 11:04 schrieb Andrei Borzenkov:
You need to quote $ to pass it to the shell.
ExecStart = sh -c 'echo Res: $${VAR#abc-}'
Yes, this works. However, I didn't find this anywhere in the systemd man
pages. What I found was escaping using a backslash, but that didn't work.
In 'man systemd.service', the description of ExecCondition= states:
when an ExecCondition= command exits with exit code 1 through 254
(inclusive), the remaining commands are skipped and the unit is not
marked as failed
What exactly does 'the remaining commands' mean? Other commands from
sub
I am writing a service that does the following:
1. Uses 'NetworkNamespacePath = /var/run/netns/vpnlink'
2. Uses 'TemporaryFileSystem = %E' to create it's own /etc
3. Runs the 'dhclient' command to configure a network interface
The dhclient command is supposed to create (or modifiy)
/etc/resol
es PrivateMounts ofc.
On 9/14/24 17:06, Thomas Köller wrote:
I am writing a service that does the following:
1. Uses 'NetworkNamespacePath = /var/run/netns/vpnlink'
2. Uses 'TemporaryFileSystem = %E' to create it's own /etc
3. Runs the 'dhclient' command to
I am creating a systemd service that contains the three lines below:
TemporaryFileSystem = %E
BindReadOnlyPaths = %E/hosts
NetworkNamespacePath = /var/run/netns/vpnlink
So the service runs in a network namespace of its own. The problem is
that I cannot mount '/etc/hosts' into the tmpfs:
root@
My host is on a dynamic IP address (IPv4 only), which it receives via
DHCP from my provider. So far, I have been using ISC dhclient for this,
the network interface being marked as unmanaged in its .network file.
But since dhclient isn't maintained any more, I am exploring ways to
replace it wit
18 matches
Mail list logo
