Re: IPIP tunnel peer ipv4 address

On Mon, 2017-04-10 at 16:10 +0100, Radu Rendec wrote:
On Mon, 2017-04-10 at 15:58 +0200, Thomas Haller wrote:
On Fri, 2017-04-07 at 13:43 +0100, Radu Rendec wrote:
I'm trying to setup an IPIP tunnel using nmcli. I can create the
using, e.g.:

nmcli con add type ip-tunnel mode ipip ifname tun0 remote

And then I can assign an ipv4 address using:

nmcli con mod ip-tunnel-tun0 ipv4.address

However, I'm not able to set the peer ipv4 address (the "inner"
of the remote end of the tunnel). What I'm looking for is the NM
equivalent of this:

ip addr add peer dev tun0

What is the NM way to configure something similar to the above?

NM doesn't support setting peers for IP addresses.

You might be able to use a dispatcher script (man NetworkManager),
but that is not great workaround.

Could you elaborate why you need that?

Hi Thomas,

Thanks for the feedback. I basically need a route to the peer. When
IP address is configured with a peer, the kernel adds an implicit
to it. I was hoping to achieve the same with NM.

As a workaround, I explicitly set a manual route to the peer and it
works. But this is just a ... workaround and I was hoping there was a
cleaner way to do this.

When you add a IPv4 address with a certain prefix (aka netmask), kernel
will add a direct route to this subnet (unless IFA_F_NOPREFIXROUTE flag
is set).
NetworkManager then usually removes that route (because it has metric
0) and re-adds it with the intended metric (from ipv4.route-metric

Yes, the workaround is

  nmcli connection modify "$CONN" +ipv4.addresses +ipv4.routes ''

or just a large enough subnet so that you get a direct route to the other

  nmcli connection modify "$CONN" +ipv4.addresses

Anyway, before initially posting to the list, I had a quick look at
NM sources. It seemed to me that there's at least partial support for
the PTP address, because:
 * NMPlatformIP4Address contains a peer_address field which,
   to the comment in src/platform/nm-platform.h (where the actual
   struct is defined) seems to be the right thing.
 * This field seems to be handled down the path of
   nm_platform_ip4_address_sync, nm_platform_ip4_address_add,
   ip4_address_add and _nl_msg_new_address.

Yes, internally NM is aware of the peer addresses. It needs to be,
because two addresses that have same local address (but different peer)
are considered different by kernel. So, NM needs to understand that.

2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
   inet peer scope global dummy0
      valid_lft forever preferred_lft forever
   inet peer scope global dummy0
      valid_lft forever preferred_lft forever

But you cannot configure such addresses with NM yet. It's a missing
feature really. At this point, probably not very hard to add.

However, I'm new to the NM code base and I may very well be
it. Besides, the path that I highlighted only deals with NM to kernel
sync, but doesn't say anything about the NM config and D-Bus side. In
any case, I thought I was better off asking around than reading and
trying to understand more of the code :)



Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]