mm93
June 29, 2018, 6:53pm
1
Hi,
I'm trying to set up a gretap tunnel and have installed the following packages:
-kmod-gre
-gre
-resolveip
-ip-full
I'm using LEDE Reboot 17.01.4 r3560-79f57e422d on Fritzbox 7360. (tried with 17.0.1 and also didn't work)
When i add the tunnel with ip command everything works fine, but when I add the configuration in /etc/config/network, the interface won't come up and there is no errors in thee log.
My config:
/etc/config/network
config interface 'gt'
option type 'gretap'
option ipaddr '192.168.255.253'
option peeraddr '192.168.255.254'
option force_link '1'
I can't find a solution in the forum or anywhere else.
What am I doing wrong?
Please help!
Thanks in advance!
Best regards
jeff
June 29, 2018, 8:48pm
2
Quick check on a box running gretap tunnels:
$ lsmod | fgrep gre
gre 2067 2 ip6_gre,ip_gre
ip_gre 10005 0
ip_tunnel 11280 1 ip_gre
ip6_gre 13232 0
ip6_tunnel 21135 1 ip6_gre
I vaguely remember that, at least at one time, you needed to explicitly add the implementation kmod as well.
mm93
June 29, 2018, 8:51pm
3
jeff:
lsmod | fgrep gre
Hi Jeff, thanks for helping!
The output is the following:
root@ap2:~# lsmod | fgrep gre
gre 1184 1 ip_gre
ip_gre 9536 0
ip_tunnel 11616 1 ip_gre
jeff
June 29, 2018, 9:02pm
4
An excerpt of my config is at
Yes, no challenges with getting gretap created, except for the little detail of name length:
gre4t-ABCD.1234
hits the 15-character limit, so you can't name longer than ABCD if you're going to associate it with VLANs.
config interface 'gt02'
option proto 'gretap'
option mtu 1558
option ipaddr '172.16.0.1'
option peeraddr '172.16.0.2'
option delegate '0'
I'm not completely sure that 1558 is sufficient MTU, but I haven't hit any snags yet.
I do "hook" th…
I'd check log messages if the interface isn't being created at all. Also, force_link
rings a bell, but I don't recall the details.
Edit: Saw your post on the other thread -- the config you posted there is different than what you posted above.
mm93
June 29, 2018, 9:06pm
5
Yes, I've tried with your config, but still no success.
There is nothing the messages, is there a way to change the loglevel for the interfaces?
Thanks in advance!
jeff
June 29, 2018, 9:07pm
6
You can set -x
or set -vx
or the like in the netifd
shell scripts. set +x
will disable it again.
mm93
June 29, 2018, 9:09pm
7
In /lib/netifd/proto/gre.sh for example?
Where will this be logged then? It's not available in logread?
jeff
June 29, 2018, 9:25pm
8
That looks like the right file, yes -- I'm pretty sure that stdout/stderr form those scripts will be logged
mm93
June 29, 2018, 9:27pm
9
I have the suspicion that the script won't get executed as there is really nothing gets logged about the gre interface..
Could this be possible?
When I'm executing the gre.sh script, I get the following error:
./gre.sh: line 1: add_protocol: not found
I guess it's because I'm execute in standalone mode?
jeff
June 29, 2018, 9:36pm
10
Those scripts can "only" be executed by netifd
in the context that it creates.
mm93
June 29, 2018, 9:37pm
11
Hmm.. Damn, it's really crappy to debug -,-
Isn't there any other easier and better way to debug?
set -x in the script won't help anyways
jeff
June 29, 2018, 10:06pm
12
Yes, it works and yes, it's helpful.
mm93
June 29, 2018, 10:07pm
13
Why I can't see anything with 'logread' then? What am I doing wrong?
I have no serial access to the devic btw.
jeff
June 29, 2018, 10:15pm
14
Are you adding
set -x
inside of the declared function you want to trace, or over the entire file? You want it for execution within the function in question, not when the entire file is "sourced".
mm93
June 29, 2018, 10:17pm
15
Oh ok, 've added it in the top of the file.
I'm trying in the function now.
Thx
mm93
June 29, 2018, 10:21pm
16
#!/bin/sh
[ -n "$INCLUDE_ONLY" ] || {
. /lib/functions.sh
. /lib/functions/network.sh
. ../netifd-proto.sh
init_proto "$@"
}
gre_generic_setup() {
set -x
local cfg="$1"
local mode="$2"
local local="$3"
local remote="$4"
local link="$5"
local mtu ttl tos zone ikey okey icsum ocsum iseqno oseqno multicast
json_get_vars mtu ttl tos zone ikey okey icsum ocsum iseqno oseqno multicast
[ -z "$zone" ] && zone="wan"
[ -z "$multicast" ] && multicast=1
proto_init_update "$link" 1
proto_add_tunnel
json_add_string mode "$mode"
json_add_int mtu "${mtu:-1280}"
[ -n "$df" ] && json_add_boolean df "$df"
[ -n "$ttl" ] && json_add_int ttl "$ttl"
[ -n "$tos" ] && json_add_string tos "$tos"
json_add_boolean multicast "$multicast"
json_add_string local "$local"
json_add_string remote "$remote"
[ -n "$tunlink" ] && json_add_string link "$tunlink"
json_add_string info "${ikey:-0},${okey:-0},${icsum:-0},${ocsum:-0},${iseqno:-0},${oseqno:-0}"
proto_close_tunnel
proto_add_data
[ -n "$zone" ] && json_add_string zone "$zone"
proto_close_data
proto_send_update "$cfg"
}
gre_setup() {
set -x
local cfg="$1"
local mode="$2"
local remoteip
local ipaddr peeraddr
json_get_vars df ipaddr peeraddr tunlink
[ -z "$peeraddr" ] && {
proto_notify_error "$cfg" "MISSING_PEER_ADDRESS"
proto_block_restart "$cfg"
exit
}
remoteip=$(resolveip -t 10 -4 "$peeraddr")
if [ -z "$remoteip" ]; then
proto_notify_error "$cfg" "PEER_RESOLVE_FAIL"
exit
fi
for ip in $remoteip; do
peeraddr=$ip
break
done
( proto_add_host_dependency "$cfg" "$peeraddr" "$tunlink" )
[ -z "$ipaddr" ] && {
local wanif="$tunlink"
if [ -z $wanif ] && ! network_find_wan wanif; then
proto_notify_error "$cfg" "NO_WAN_LINK"
exit
fi
if ! network_get_ipaddr ipaddr "$wanif"; then
proto_notify_error "$cfg" "NO_WAN_LINK"
exit
fi
}
[ -z "$df" ] && df="1"
case "$mode" in
gretapip)
gre_generic_setup $cfg $mode $ipaddr $peeraddr "gre4t-$cfg"
;;
*)
gre_generic_setup $cfg $mode $ipaddr $peeraddr "gre4-$cfg"
;;
esac
}
proto_gre_setup() {
set -x
local cfg="$1"
gre_setup $cfg "greip"
}
proto_gretap_setup() {
set -x
local cfg="$1"
local network
json_get_vars network
gre_setup $cfg "gretapip"
json_init
json_add_string name "gre4t-$cfg"
json_add_boolean link-ext 0
json_close_object
for i in $network; do
ubus call network.interface."$i" add_device "$(json_dump)"
done
}
grev6_setup() {
local cfg="$1"
local mode="$2"
local remoteip6
local ip6addr peer6addr weakif
json_get_vars ip6addr peer6addr tunlink weakif
[ -z "$peer6addr" ] && {
proto_notify_error "$cfg" "MISSING_PEER_ADDRESS"
proto_block_restart "$cfg"
exit
}
remoteip6=$(resolveip -t 10 -6 "$peer6addr")
if [ -z "$remoteip6" ]; then
proto_notify_error "$cfg" "PEER_RESOLVE_FAIL"
exit
fi
for ip6 in $remoteip6; do
peer6addr=$ip6
break
done
( proto_add_host_dependency "$cfg" "$peer6addr" "$tunlink" )
[ -z "$ip6addr" ] && {
local wanif="$tunlink"
if [ -z $wanif ] && ! network_find_wan6 wanif; then
proto_notify_error "$cfg" "NO_WAN_LINK"
exit
fi
if ! network_get_ipaddr6 ip6addr "$wanif"; then
[ -z "$weakif" ] && weakif="lan"
if ! network_get_ipaddr6 ip6addr "$weakif"; then
proto_notify_error "$cfg" "NO_WAN_LINK"
exit
fi
fi
}
case "$mode" in
gretapip6)
gre_generic_setup $cfg $mode $ip6addr $peer6addr "gre6t-$cfg"
;;
*)
gre_generic_setup $cfg $mode $ip6addr $peer6addr "gre6-$cfg"
;;
esac
}
proto_grev6_setup() {
local cfg="$1"
grev6_setup $cfg "greip6"
}
proto_grev6tap_setup() {
local cfg="$1"
local network
json_get_vars network
grev6_setup $cfg "gretapip6"
json_init
json_add_string name "gre6t-$cfg"
json_add_boolean link-ext 0
json_close_object
for i in $network; do
ubus call network.interface."$i" add_device "$(json_dump)"
done
}
gretap_generic_teardown() {
set -x
local network
json_get_vars network
json_init
json_add_string name "$1"
json_add_boolean link-ext 0
json_close_object
for i in $network; do
ubus call network.interface."$i" remove_device "$(json_dump)"
done
}
proto_gre_teardown() {
set -x
local cfg="$1"
}
proto_gretap_teardown() {
set -x
local cfg="$1"
gretap_generic_teardown "gre4t-$cfg"
}
proto_grev6_teardown() {
local cfg="$1"
}
proto_grev6tap_teardown() {
local cfg="$1"
gretap_generic_teardown "gre6t-$cfg"
}
gre_generic_init_config() {
set -x
no_device=1
available=1
proto_config_add_int "mtu"
proto_config_add_int "ttl"
proto_config_add_string "tos"
proto_config_add_string "tunlink"
proto_config_add_string "zone"
proto_config_add_int "ikey"
proto_config_add_int "okey"
proto_config_add_boolean "icsum"
proto_config_add_boolean "ocsum"
proto_config_add_boolean "iseqno"
proto_config_add_boolean "oseqno"
proto_config_add_boolean "multicast"
}
proto_gre_init_config() {
set -x
gre_generic_init_config
proto_config_add_string "ipaddr"
proto_config_add_string "peeraddr"
proto_config_add_boolean "df"
}
proto_gretap_init_config() {
set -x
proto_gre_init_config
proto_config_add_string "network"
}
proto_grev6_init_config() {
gre_generic_init_config
proto_config_add_string "ip6addr"
proto_config_add_string "peer6addr"
proto_config_add_string "weakif"
}
proto_grev6tap_init_config() {
proto_grev6_init_config
proto_config_add_string "network"
}
[ -n "$INCLUDE_ONLY" ] || {
set -x
[ -f /lib/modules/$(uname -r)/gre.ko ] && add_protocol gre
[ -f /lib/modules/$(uname -r)/gre.ko ] && add_protocol gretap
[ -f /lib/modules/$(uname -r)/ip6_gre.ko ] && add_protocol grev6
[ -f /lib/modules/$(uname -r)/ip6_gre.ko ] && add_protocol grev6tap
}
This is the way I've added the set -x, but no logs in logread, when I restart the network...
jeff
June 29, 2018, 10:39pm
17
Likely a problem with your logging, perhaps either log level or that you're overrunning the buffer.
2018 May 5 14:21:59 office notice netifd: Network device 'lo' link is up
2018 May 5 14:21:59 office notice netifd: Interface 'loopback' has link connectivity
2018 May 5 07:21:59 office info kernel: [ 27.411027] br-vlan102: port 1(eth1.102) entered learning state
2018 May 5 14:22:00 office notice netifd: gt97 (1247): + proto_send_update gt97
2018 May 5 14:22:00 office notice netifd: gt97 (1247): + local 'interface=gt97'
[...]
$ diff -u /rom/lib/netifd/proto/gre.sh /lib/netifd/proto/gre.sh
--- /rom/lib/netifd/proto/gre.sh 2018-04-08 08:03:02.000000000 -0700
+++ /lib/netifd/proto/gre.sh 2018-06-29 15:28:04.000000000 -0700
@@ -47,7 +47,9 @@
[ -n "$zone" ] && json_add_string zone "$zone"
proto_close_data
+ set -x
proto_send_update "$cfg"
+ set +x
}
gre_setup() {
mm93
June 29, 2018, 11:24pm
18
Hmm.. Tried like in your script now, but still no logs
When I add set -x to /etc/init.d/network or in an rc.d script I'm getting logs. So I'm still having the suspicion that the script won't get executed...
jeff
June 29, 2018, 11:46pm
19
The lack of logs should help you figure out what is wrong with your configuration. You might need to trace the process carefully to see why. Conditional execution of set -x
should be possible, based on the interface name.
mm93
June 29, 2018, 11:52pm
20
This isn't my first configuration of a gretap tunnel in openwrt or lede but the first time that it's not working with uci.
The box is fresh flashed. I'm sure that this must be a bug.