On Mon, 2017-04-10 at 16:10 +0100, Radu Rendec wrote:
On Mon, 2017-04-10 at 15:58 +0200, Thomas Haller wrote:On Fri, 2017-04-07 at 13:43 +0100, Radu Rendec wrote:I'm trying to setup an IPIP tunnel using nmcli. I can create the tunnel using, e.g.: nmcli con add type ip-tunnel mode ipip ifname tun0 remote 10.0.4.1 local 10.0.8.1 And then I can assign an ipv4 address using: nmcli con mod ip-tunnel-tun0 ipv4.address 192.168.9.1 However, I'm not able to set the peer ipv4 address (the "inner" address of the remote end of the tunnel). What I'm looking for is the NM equivalent of this: ip addr add 192.168.9.1 peer 192.168.9.2 dev tun0 What is the NM way to configure something similar to the above?NM doesn't support setting peers for IP addresses. You might be able to use a dispatcher script (man NetworkManager), but that is not great workaround. Could you elaborate why you need that?Hi Thomas, Thanks for the feedback. I basically need a route to the peer. When the IP address is configured with a peer, the kernel adds an implicit route to it. I was hoping to achieve the same with NM. As a workaround, I explicitly set a manual route to the peer and it works. But this is just a ... workaround and I was hoping there was a cleaner way to do this.
When you add a IPv4 address with a certain prefix (aka netmask), kernel will add a direct route to this subnet (unless IFA_F_NOPREFIXROUTE flag is set). NetworkManager then usually removes that route (because it has metric 0) and re-adds it with the intended metric (from ipv4.route-metric setting). Yes, the workaround is nmcli connection modify "$CONN" +ipv4.addresses 192.168.9.1/32 +ipv4.routes '192.168.9.2/32' or just a large enough subnet so that you get a direct route to the other peer: nmcli connection modify "$CONN" +ipv4.addresses 192.168.9.1/30
Anyway, before initially posting to the list, I had a quick look at the NM sources. It seemed to me that there's at least partial support for the PTP address, because: * NMPlatformIP4Address contains a peer_address field which, according to the comment in src/platform/nm-platform.h (where the actual struct is defined) seems to be the right thing. * This field seems to be handled down the path of nm_ip4_config_commit nm_platform_ip4_address_sync, nm_platform_ip4_address_add, ip4_address_add and _nl_msg_new_address.
Yes, internally NM is aware of the peer addresses. It needs to be, because two addresses that have same local address (but different peer) are considered different by kernel. So, NM needs to understand that. 2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000 inet 192.168.6.5 peer 192.168.8.5/24 scope global dummy0 valid_lft forever preferred_lft forever inet 192.168.6.5 peer 192.168.9.5/24 scope global dummy0 valid_lft forever preferred_lft forever But you cannot configure such addresses with NM yet. It's a missing feature really. At this point, probably not very hard to add.
However, I'm new to the NM code base and I may very well be misreading it. Besides, the path that I highlighted only deals with NM to kernel sync, but doesn't say anything about the NM config and D-Bus side. In any case, I thought I was better off asking around than reading and trying to understand more of the code :)
Correct. best, Thomas
Attachment:
signature.asc
Description: This is a digitally signed message part