Skip to content

Instantly share code, notes, and snippets.

@hnykda

hnykda/interface not showing up

Created March 9, 2020 16:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hnykda/e4e676e60b70a5f3013a9192de20ccaa to your computer and use it in GitHub Desktop.
Save hnykda/e4e676e60b70a5f3013a9192de20ccaa to your computer and use it in GitHub Desktop.
Download ZIP
Raw
interface not showing up
4669 │ Mar 05 00:19:45 think460s docker-vpn-client.sh[1664797]: *** Starting docker container:
4670 │ Mar 05 00:19:45 think460s docker-vpn-client.sh[1664855]: *** Starting docker container:
4671 │ Mar 05 00:19:45 think460s docker-vpn-client.sh[1664855]: 9deb8f2aa7c6677bfd28498c5e3929b3b
4672 │ Mar 05 00:19:45 think460s docker-vpn-client.sh[1664797]: 9deb8f2aa7c6677bfd28498c5e3929b3b
4673 │ Mar 05 00:20:00 think460s docker-vpn-client.sh[1664797]: ** Waiting 15 seconds fo*** Waiting for interface ppp0...
4674 │ Mar 05 00:20:02 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4675 │ Mar 05 00:20:04 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4676 │ Mar 05 00:20:06 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4677 │ Mar 05 00:20:08 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4678 │ Mar 05 00:20:10 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4679 │ Mar 05 00:20:12 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4680 │ Mar 05 00:20:14 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4681 │ Mar 05 00:20:16 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4682 │ Mar 05 00:20:18 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4683 │ Mar 05 00:20:20 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4684 │ Mar 05 00:20:22 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4685 │ Mar 05 00:20:24 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4686 │ Mar 05 00:20:26 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4687 │ Mar 05 00:20:28 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4688 │ Mar 05 00:20:30 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4689 │ Mar 05 00:20:32 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4690 │ Mar 05 00:20:34 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4691 │ Mar 05 00:20:36 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4692 │ Mar 05 00:20:38 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4693 │ Mar 05 00:20:40 think460s docker-vpn-client.sh[1664797]: *** Waiting for interface ppp0...
4694 │ Mar 05 00:20:42 think460s docker-vpn-client.sh[1664797]: ERROR: Interface ppp0 did not show up :(
4695 │ Mar 05 00:20:42 think460s systemd[1]: gwi-vpn.service: Main process exited, code=exited, status=1/FAILURE
4696 │ Mar 05 00:20:42 think460s systemd[1]: gwi-vpn.service: Failed with result 'exit-code'.
Raw
vpn-daniel.log
4809 │ Mar 05 15:49:24 think460s docker-vpn-client.sh[3163566]: Mar 5 14:49:24: "L2TP-PSK" #3: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP/NAT=>0x0f31a657 <0x940ccdb3 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=217.138
│ .38.117:4500 DPD=active}
4810 │ Mar 05 17:41:37 think460s docker-vpn-client.sh[3163566]: ERROR: "L2TP-PSK" #3: sendto on wlp4s0 to 217.138.38.117:4500 failed in NAT-T Keep Alive. Errno 101: Network unreachable
4811 │ Mar 05 17:41:37 think460s docker-vpn-client.sh[3163566]: ERROR: "L2TP-PSK" #1: sendto on wlp4s0 to 217.138.38.117:4500 failed in NAT-T Keep Alive. Errno 101: Network unreachable
4812 │ Mar 05 17:42:06 think460s docker-vpn-client.sh[3163566]: Mar 5 16:42:06: "L2TP-PSK" #1: IKEv1 DPD: action - clearing connection
4813 │ Mar 05 17:42:06 think460s docker-vpn-client.sh[3163566]: Mar 5 16:42:06: "L2TP-PSK" #1: %s action clear: Clearing Connection L2TP-PSK[0] CK_PERMANENT
4814 │ Mar 05 17:42:06 think460s docker-vpn-client.sh[3163566]: Mar 5 16:42:06: "L2TP-PSK" #3: deleting state (STATE_QUICK_I2) and sending notification
4815 │ Mar 05 17:42:06 think460s docker-vpn-client.sh[3163566]: Mar 5 16:42:06: "L2TP-PSK" #3: ESP traffic information: in=0B out=0B
4816 │ Mar 05 17:42:06 think460s docker-vpn-client.sh[3163566]: Mar 5 16:42:06: "L2TP-PSK" #2: deleting state (STATE_QUICK_I2) and sending notification
4817 │ Mar 05 17:42:06 think460s docker-vpn-client.sh[3163566]: Mar 5 16:42:06: "L2TP-PSK" #2: ESP traffic information: in=0B out=0B
4818 │ Mar 05 17:42:06 think460s docker-vpn-client.sh[3163566]: Mar 5 16:42:06: "L2TP-PSK" #1: deleting state (STATE_MAIN_I4) and sending notification
4819 │ Mar 05 17:42:26 think460s systemd[1]: gwi-vpn.service: Watchdog timeout (limit 1min 30s)!
4820 │ Mar 05 17:42:26 think460s systemd[1]: gwi-vpn.service: Killing process 3163566 (docker) with signal SIGABRT.
4821 │ Mar 05 17:42:26 think460s systemd[1]: gwi-vpn.service: Killing process 3163572 (check-url.sh) with signal SIGABRT.
4822 │ Mar 05 17:42:26 think460s systemd[1]: gwi-vpn.service: Killing process 3288078 (sleep) with signal SIGABRT.
4823 │ Mar 05 17:42:46 think460s docker-vpn-client.sh[3163566]: xl2tpd[1]: Maximum retries exceeded for tunnel 57674. Closing.
4824 │ Mar 05 17:42:46 think460s docker-vpn-client.sh[3163566]: xl2tpd[1]: Terminating pppd: sending TERM signal to pid 36
4825 │ Mar 05 17:42:46 think460s docker-vpn-client.sh[3163566]: xl2tpd[1]: Connection 23055 closed to 217.138.38.117, port 1701 (Timeout)
4826 │ Mar 05 17:42:51 think460s docker-vpn-client.sh[3163566]: xl2tpd[1]: Calling on tunnel 57674
4827 │ Mar 05 17:43:17 think460s docker-vpn-client.sh[3163566]: xl2tpd[1]: Unable to deliver closing message for tunnel 57674. Destroying anyway.
4828 │ Mar 05 17:43:22 think460s docker-vpn-client.sh[3163566]: xl2tpd[1]: Connecting to host 217.138.38.117, port 1701
4829 │ Mar 05 17:43:53 think460s docker-vpn-client.sh[3163566]: xl2tpd[1]: Maximum retries exceeded for tunnel 47580. Closing.
4830 │ Mar 05 17:43:53 think460s docker-vpn-client.sh[3163566]: xl2tpd[1]: Connection 0 closed to 217.138.38.117, port 1701 (Timeout)
4831 │ Mar 05 17:43:56 think460s systemd[1]: gwi-vpn.service: State 'stop-watchdog' timed out. Terminating.
4832 │ Mar 05 17:43:56 think460s docker-vpn-client.sh[3163566]: xl2tpd[1]: death_handler: Fatal signal 15 received
4833 │ Mar 05 17:43:56 think460s systemd[1]: gwi-vpn.service: Main process exited, code=exited, status=1/FAILURE
4834 │ Mar 05 17:43:56 think460s systemd[1]: gwi-vpn.service: Failed with result 'watchdog'.
4835 │ Mar 05 17:44:02 think460s systemd[1]: gwi-vpn.service: Scheduled restart job, restart counter is at 2.
4836 │ Mar 05 17:44:02 think460s systemd[1]: Stopped turns on Dano VPN gwi script through docker.
4837 │ Mar 05 17:44:02 think460s systemd[1]: Starting turns on Dano VPN gwi script through docker...
4838 │ Mar 05 17:44:02 think460s systemd[1]: Started turns on Dano VPN gwi script through docker.
4839 │ Mar 05 17:44:03 think460s docker-vpn-client.sh[3292721]: *** Starting docker container:
4840 │ Mar 05 17:44:03 think460s docker-vpn-client.sh[3292902]: *** Starting docker container:
4841 │ Mar 05 17:44:03 think460s docker-vpn-client.sh[3292902]: 8e9886de1dfdc1ab4d3948179da8d2f87
4842 │ Mar 05 17:44:03 think460s docker-vpn-client.sh[3292721]: 8e9886de1dfdc1ab4d3948179da8d2f87
4843 │ Mar 05 17:44:18 think460s docker-vpn-client.sh[3292721]: ** Waiting 15 seconds fo*** Waiting for interface ppp0...
4844 │ Mar 05 17:44:20 think460s docker-vpn-client.sh[3292721]: *** Waiting for interface ppp0...
4845 │ Mar 05 17:44:22 think460s docker-vpn-client.sh[3292721]: *** Waiting for interface ppp0...
4846 │ Mar 05 17:44:24 think460s docker-vpn-client.sh[3292721]: *** Waiting for interface ppp0...
4847 │ Mar 05 17:44:24 think460s docker-vpn-client.sh[3292721]: *** Interface ppp0 is up
4848 │ Mar 05 17:44:24 think460s docker-vpn-client.sh[3292721]: *** Your VPN IP address: 192.168.130.224
4849 │ Mar 05 17:44:24 think460s docker-vpn-client.sh[3292721]: *** Adding route to GCP
4850 │ Mar 05 17:44:24 think460s docker-vpn-client.sh[3292721]: + ip route add 10.64.0.0/10 via 192.0.2.1 dev ppp0
4851 │ Mar 05 17:44:24 think460s docker-vpn-client.sh[3292721]: *** Updating DNS settings in /etc/resolv.conf
4852 │ Mar 05 20:49:01 think460s docker-vpn-client.sh[3292721]: xl2tpd[1]: udp_xmit failed to 217.138.38.117:1701 with err=-1:Network unreachable
4853 │ Mar 05 20:49:02 think460s docker-vpn-client.sh[3292721]: xl2tpd[1]: udp_xmit failed to 217.138.38.117:1701 with err=-1:Network unreachable
4854 │ Mar 05 20:49:22 think460s docker-vpn-client.sh[3292721]: Mar 5 19:49:22: "L2TP-PSK" #1: IKEv1 DPD: action - clearing connection
4855 │ Mar 05 20:49:22 think460s docker-vpn-client.sh[3292721]: Mar 5 19:49:22: "L2TP-PSK" #1: %s action clear: Clearing Connection L2TP-PSK[0] CK_PERMANENT
4856 │ Mar 05 20:49:22 think460s docker-vpn-client.sh[3292721]: Mar 5 19:49:22: "L2TP-PSK" #2: deleting state (STATE_QUICK_I2) and sending notification
4857 │ Mar 05 20:49:22 think460s docker-vpn-client.sh[3292721]: Mar 5 19:49:22: "L2TP-PSK" #2: ESP traffic information: in=0B out=0B
4858 │ Mar 05 20:49:22 think460s docker-vpn-client.sh[3292721]: Mar 5 19:49:22: "L2TP-PSK" #1: deleting state (STATE_MAIN_I4) and sending notification
4859 │ Mar 05 20:49:32 think460s docker-vpn-client.sh[3292721]: xl2tpd[1]: Maximum retries exceeded for tunnel 13722. Closing.
4860 │ Mar 05 20:49:32 think460s docker-vpn-client.sh[3292721]: xl2tpd[1]: Terminating pppd: sending TERM signal to pid 35
4861 │ Mar 05 20:49:32 think460s docker-vpn-client.sh[3292721]: xl2tpd[1]: Connection 39083 closed to 217.138.38.117, port 1701 (Timeout)
4862 │ Mar 05 20:49:37 think460s docker-vpn-client.sh[3292721]: xl2tpd[1]: Calling on tunnel 13722
4863 │ Mar 05 20:49:43 think460s systemd[1]: gwi-vpn.service: Watchdog timeout (limit 1min 30s)!
4864 │ Mar 05 20:49:43 think460s systemd[1]: gwi-vpn.service: Killing process 3292721 (docker) with signal SIGABRT.
4865 │ Mar 05 20:49:43 think460s systemd[1]: gwi-vpn.service: Killing process 3292723 (check-url.sh) with signal SIGABRT.
4866 │ Mar 05 20:49:43 think460s systemd[1]: gwi-vpn.service: Killing process 3328339 (sleep) with signal SIGABRT.
4867 │ Mar 05 20:50:03 think460s docker-vpn-client.sh[3292721]: xl2tpd[1]: Unable to deliver closing message for tunnel 13722. Destroying anyway.
4868 │ Mar 05 20:50:08 think460s docker-vpn-client.sh[3292721]: xl2tpd[1]: Connecting to host 217.138.38.117, port 1701
4869 │ Mar 05 20:50:39 think460s docker-vpn-client.sh[3292721]: xl2tpd[1]: Maximum retries exceeded for tunnel 61476. Closing.
4870 │ Mar 05 20:50:39 think460s docker-vpn-client.sh[3292721]: xl2tpd[1]: Connection 0 closed to 217.138.38.117, port 1701 (Timeout)
4871 │ Mar 05 20:51:10 think460s docker-vpn-client.sh[3292721]: xl2tpd[1]: Unable to deliver closing message for tunnel 61476. Destroying anyway.
4872 │ Mar 05 20:51:10 think460s docker-vpn-client.sh[3292721]: xl2tpd[1]: Will redial in 5 seconds
4873 │ Mar 05 20:51:13 think460s systemd[1]: gwi-vpn.service: State 'stop-watchdog' timed out. Terminating.
4874 │ Mar 05 20:51:15 think460s docker-vpn-client.sh[3292721]: xl2tpd[1]: death_handler: Fatal signal 15 received
4875 │ Mar 05 20:51:15 think460s systemd[1]: gwi-vpn.service: Main process exited, code=exited, status=1/FAILURE
4876 │ Mar 05 20:51:15 think460s systemd[1]: gwi-vpn.service: Failed with result 'watchdog'.
4877 │ Mar 05 20:51:20 think460s systemd[1]: gwi-vpn.service: Scheduled restart job, restart counter is at 3.
4878 │ Mar 05 20:51:20 think460s systemd[1]: Stopped turns on Dano VPN gwi script through docker.
4879 │ Mar 05 20:51:20 think460s systemd[1]: Starting turns on Dano VPN gwi script through docker...
4880 │ Mar 05 20:51:20 think460s systemd[1]: Started turns on Dano VPN gwi script through docker.
4881 │ Mar 05 20:51:22 think460s docker-vpn-client.sh[3333627]: *** Starting docker container:
4882 │ Mar 05 20:51:22 think460s docker-vpn-client.sh[3333718]: *** Starting docker container:
4883 │ Mar 05 20:51:22 think460s docker-vpn-client.sh[3333718]: 371a62c80a0945cf23960276c24bc0f4b
4884 │ Mar 05 20:51:22 think460s docker-vpn-client.sh[3333627]: 371a62c80a0945cf23960276c24bc0f4b
4885 │ Mar 05 20:51:37 think460s docker-vpn-client.sh[3333627]: ** Waiting 15 seconds fo*** Waiting for interface ppp0...
4886 │ Mar 05 20:51:39 think460s docker-vpn-client.sh[3333627]: *** Waiting for interface ppp0...
4887 │ Mar 05 20:51:41 think460s docker-vpn-client.sh[3333627]: *** Waiting for interface ppp0...
4888 │ Mar 05 20:51:43 think460s docker-vpn-client.sh[3333627]: *** Waiting for interface ppp0...
4889 │ Mar 05 20:51:43 think460s docker-vpn-client.sh[3333627]: *** Interface ppp0 is up
4890 │ Mar 05 20:51:43 think460s docker-vpn-client.sh[3333627]: *** Your VPN IP address: 192.168.130.224
4891 │ Mar 05 20:51:43 think460s docker-vpn-client.sh[3333627]: *** Adding route to GCP
4892 │ Mar 05 20:51:43 think460s docker-vpn-client.sh[3333627]: + ip route add 10.64.0.0/10 via 192.0.2.1 dev ppp0
4893 │ Mar 05 20:51:43 think460s docker-vpn-client.sh[3333627]: *** Updating DNS settings in /etc/resolv.conf
4894 │ Mar 05 21:39:23 think460s docker-vpn-client.sh[3333627]: Mar 5 20:39:23: "L2TP-PSK" #3: initiating Quick Mode PSK+ENCRYPT+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 {using isakmp#1 msgid:b584a89e p
│ roposal=defaults pfsgroup=no-pfs}
Raw
vpn-script.sh
#!/usr/bin/env bash
ACTION="$1"
shift
VPN_USERNAME="${VPN_USERNAME:-"${1:-""}"}"
VPN_PASSWORD="${VPN_PASSWORD:-"${2:-""}"}"
VPN_PSK="${VPN_PSK:-"${3:-""}"}"
VPN_FULL_TUNNEL="${VPN_FULL_TUNNEL:-"${4:-""}"}" # TODO
VPN_SET_DNS="${VPN_SET_DNS:-"yes"}"
VPN_SERVER_IPV4="217.138.38.117"
GCP_SUBNET="10.64.0.0/10"
GCP_DNS_SERVER="10.64.0.5"
GCP_DNS_DOMAIN="in.globalwebindex.com"
OFFICE_DNS_SERVER="192.168.100.100" # TODO: use together with VPN_FULL_TUNNEL
NO_DAEMON="${NO_DAEMON:-""}"
#######################################
DOCKER_NAME="gwi-vpn-client"
DOCKER_IMAGE="gcr.io/gwi-host-net/linux-vpn-client:gwi8"
DOCKER_BIN="${DOCKER_BIN:-"docker"}"
IFACE="ppp0"
RESOLV_CONF_BACKUP="/etc/resolv.conf.gwi-vpn-bkp"
#######################################
if [[ "$(id -u)" != "0" ]]; then
echo "ERROR: This script must be run as root" >&2
exit 2
fi
if [[ "$(uname -s)" != "Linux" ]]; then
echo "ERROR: Unsupported operating system" >&2
exit 3
fi
if ! "$DOCKER_BIN" --version > /dev/null; then
echo "ERROR: $DOCKER_BIN not found" >&2
exit 4
fi
"$DOCKER_BIN" info > /dev/null || exit 5
#######################################
function start_container() {
# Problem:
# pluto[17]: No XFRM/NETKEY kernel interface detected
# pluto[17]: seccomp security for crypto helper not supported
# Solution:
modprobe af_key &> /dev/null || true
sleep 1
export VPN_SERVER_IPV4
export VPN_PSK
export VPN_USERNAME
export VPN_PASSWORD
echo -ne "*** Starting docker container: "
"$DOCKER_BIN" run -d --rm --name="$DOCKER_NAME" --privileged --net=host -v /lib/modules:/lib/modules:ro -e VPN_SERVER_IPV4 -e VPN_PSK -e VPN_USERNAME -e VPN_PASSWORD "$DOCKER_IMAGE"
}
function show_container_logs() {
"$DOCKER_BIN" logs "$DOCKER_NAME" 2>&1
}
function show_container_status() {
"$DOCKER_BIN" ps --all | grep "$DOCKER_NAME"
}
function is_container_running() {
[[ "$("$DOCKER_BIN" ps -f "name=$DOCKER_NAME" --format '{{.Names}}')" == "$DOCKER_NAME" ]]
}
function stop_container() {
echo -ne "*** Stopping docker container: "
"$DOCKER_BIN" kill "$DOCKER_NAME"
}
function post_cleanup() {
if [[ -f "$RESOLV_CONF_BACKUP" ]]; then
echo "*** Restoring DNS settings from $RESOLV_CONF_BACKUP"
cat "$RESOLV_CONF_BACKUP" > /etc/resolv.conf && \
rm -f "$RESOLV_CONF_BACKUP"
fi
}
function post_init() {
local ip="$1"
local gw="$2"
echo "*** Your VPN IP address: ${ip}"
if [[ -z "$VPN_FULL_TUNNEL" ]]; then
# split tunnel
echo "*** Adding route to GCP"
set -x
ip route add "$GCP_SUBNET" via "$gw" dev "$IFACE"
{ set +x; } 2>/dev/null
else
# full tunnel
echo "*** Adding default route (via London office)"
set -x
ip route add default via "$gw" dev "$IFACE"
{ set +x; } 2>/dev/null
fi
if [[ -n "$VPN_SET_DNS" ]]; then
if grep -q "Modified by $0" /etc/resolv.conf; then
echo "*** Skipping backup of DNS settings"
# we assume the backup already exists
else
echo "*** Creating backup of current DNS settings into $RESOLV_CONF_BACKUP"
cat /etc/resolv.conf > "$RESOLV_CONF_BACKUP"
fi
echo "*** Updating DNS settings in /etc/resolv.conf"
echo "# Modified by $0" > /etc/resolv.conf
echo "# Original file stored here: $RESOLV_CONF_BACKUP " >> /etc/resolv.conf
echo "nameserver ${GCP_DNS_SERVER}" >> /etc/resolv.conf
echo "search ${GCP_DNS_DOMAIN}" >> /etc/resolv.conf
else
rm -f "$RESOLV_CONF_BACKUP" 2> /dev/null
fi
}
function start_post_init() {
for i in {0..30}; do
echo "*** Waiting for interface ${IFACE}..."
iface_info=$(ip a show "$IFACE" 2> /dev/null)
if [[ "$?" -eq 0 ]]; then
ip="$(echo "$iface_info" | grep "inet.*peer" | awk '{ print $2 }')"
gw="$(echo "$iface_info" | grep "inet.*peer" | awk '{ print $4 }' | cut -d '/' -f 1)"
if [[ -n "$ip" ]]; then
echo "*** Interface $IFACE is up"
post_init "$ip" "$gw"
return 0
fi
echo "*** Interface $IFACE is not yet fully up..."
fi
sleep 2
done
echo "ERROR: Interface $IFACE did not show up :("
return 1
}
function help() {
cat << EOF
Usage: $0 [ACTION] [ARGS...]
Actions:
start <username> <password> <pre-shared-key>
stop
status
logs
EOF
}
#######################################
case "$ACTION" in
up|start)
if [[ -z "$VPN_PSK" || -z "$VPN_PASSWORD" || -z "$VPN_USERNAME" ]]; then
help >&2
exit 1
fi
if is_container_running; then
echo "ERROR: VPN is already running."
exit 10
fi
start_container
echo "*** Waiting 15 seconds for the container to initialize..."
sleep 15
if ! start_post_init; then
show_container_logs
stop_container
fi
if [[ -n "$NO_DAEMON" ]]; then
exec "$DOCKER_BIN" attach "$DOCKER_NAME"
fi
;;
down|stop)
stop_container
sleep 1
post_cleanup
;;
log|logs)
show_container_logs
;;
status)
show_container_status
;;
*)
help
exit 0
;;
esac
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment