Skip to content

Instantly share code, notes, and snippets.

@x-yuri

x-yuri/.md Secret

Created April 9, 2024 18:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save x-yuri/6fa91023f8105abef7d7b1742b2a64ba to your computer and use it in GitHub Desktop.
Save x-yuri/6fa91023f8105abef7d7b1742b2a64ba to your computer and use it in GitHub Desktop.
Download ZIP
Raw
.md

main.tf:

provider "google" {
  project = "PROJECT_ID"
}

resource "google_compute_instance" "test-vpn" {
  name = "test-vpn"
  machine_type = "e2-micro"
  zone = "europe-central2-a"
  boot_disk {
    initialize_params {
      image = "debian-12"
    }
  }
  network_interface {
    subnetwork = google_compute_subnetwork.test-vpn.self_link
    access_config {
    }
  }
  metadata = {
    serial-port-enable = true
    block-project-ssh-keys = true
    startup-script = <<SCRIPT
      echo root:... | chpasswd
      systemctl start serial-getty@ttyS1.service
SCRIPT
  }
}

resource "google_compute_network" "test-vpn" {
  name = "test-vpn"
  auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "test-vpn" {
  name = "test-vpn"
  ip_cidr_range = "10.0.0.0/20"
  region = "europe-central2"
  network = google_compute_network.test-vpn.self_link
}

resource "google_compute_firewall" "test-vpn-ssh" {
  name = "test-vpn-ssh"
  network = google_compute_network.test-vpn.self_link
  source_ranges = ["SOURCE_IP"]
  allow {
    protocol = "tcp"
    ports = [22]
  }
}
// replace PROJECT_ID, SOURCE_IP
$ docker run --rm -itv "$PWD:/app" -w /app google/cloud-sdk:457.0.0-alpine
/app # gcloud auth login --update-adc
/app # apk add terraform
/app # terraform init
/app # terraform apply
/app # gcloud compute connect-to-serial-port test-vpn --zone=europe-central2-a --project PROJECT_ID
/app # gcloud compute connect-to-serial-port test-vpn --port 2 --zone=europe-central2-a --project PROJECT_ID

Serial port 2:

root@test-vpn:~# ip route
default via 10.0.0.1 dev ens4 proto dhcp src 10.0.0.31 metric 100
10.0.0.1 dev ens4 proto dhcp scope link src 10.0.0.31 metric 100
169.254.169.254 via 10.0.0.1 dev ens4 proto dhcp src 10.0.0.31 metric 100

root@test-vpn:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         _gateway        0.0.0.0         UG    100    0        0 ens4
_gateway        0.0.0.0         255.255.255.255 UH    100    0        0 ens4
169.254.169.254 _gateway        255.255.255.255 UGH   100    0        0 ens4

root@test-vpn:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc mq state UP group default qlen 1000
    link/ether 42:01:0a:00:00:1f brd ff:ff:ff:ff:ff:ff
    altname enp0s4
    inet 10.0.0.31/32 metric 100 scope global dynamic ens4
       valid_lft 2212sec preferred_lft 2212sec
    inet6 fe80::4001:aff:fe00:1f/64 scope link
       valid_lft forever preferred_lft forever

root@test-vpn:~# brctl addbr br0

Serial port 1:

[14433.908717] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
2024-04-09T18:18:34.817923+00:00 localhost kernel: [14433.908717] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.

Serial port 2:

root@test-vpn:~# brctl addif br0 ens4

Serial port 1:

[14456.137831] br0: port 1(ens4) entered blocking state
[14456.143054] br0: port 1(ens4) entered disabled state
[14456.148409] device ens4 entered promiscuous mode
2024-04-09T18:18:57.045606+00:00 localhost kernel: [14456.137831] br0: port 1(ens4) entered blocking state
2024-04-09T18:18:57.045635+00:00 localhost kernel: [14456.143054] br0: port 1(ens4) entered disabled state
2024-04-09T18:18:57.054385+00:00 localhost kernel: [14456.148409] device ens4 entered promiscuous mode
2024-04-09T18:18:57.071593+00:00 localhost systemd[1]: Starting gce-workload-cert-refresh.service - GCE Workload Certificate refresh...

Serial port 2:

root@test-vpn:~# ifconfig ens4 0.0.0.0 promisc up
root@test-vpn:~# ifconfig br0 10.0.0.31 netmask 255.255.240.0 broadcast 10.0.15.255

Serial port 1:

[14518.216279] br0: port 1(ens4) entered blocking state
[14518.221428] br0: port 1(ens4) entered forwarding state
[14518.222030] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14518.226786] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14518.233980] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14518.241273] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14518.248331] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14518.255356] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14518.262423] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14518.269496] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14518.276499] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14518.283578] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14518.290677] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14518.297928] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14518.305157] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14518.312197] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14518.319711] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14518.326871] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14518.334036] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14518.342089] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14518.350181] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14518.357538] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14518.372505] IPv6: ADDRCONF(NETDEV_CHANGE): br0: link becomes ready
2024-04-09T18:19:59.281922+00:00 localhost systemd-networkd[239]: br0: Link UP
2024-04-09T18:19:59.282411+00:00 localhost kernel: [14518.216279] br0: port 1(ens4) entered blocking state
2024-04-09T18:19:59.282417+00:00 localhost kernel: [14518.221428] br0: port 1(ens4) entered forwarding state
2024-04-09T18:19:59.282419+00:00 localhost kernel: [14518.222030] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:19:59.282420+00:00 localhost kernel: [14518.226786] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:19:59.282422+00:00 localhost kernel: [14518.233980] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:19:59.282424+00:00 localhost kernel: [14518.241273] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:19:59.282425+00:00 localhost kernel: [14518.248331] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:19:59.282426+00:00 localhost kernel: [14518.255356] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:19:59.282427+00:00 localhost kernel: [14518.262423] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:19:59.282429+00:00 localhost kernel: [14518.269496] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:19:59.282430+00:00 localhost kernel: [14518.276499] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:19:59.282433+00:00 localhost kernel: [14518.283578] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:19:59.282434+00:00 localhost kernel: [14518.290677] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:19:59.282435+00:00 localhost kernel: [14518.297928] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:19:59.282436+00:00 localhost kernel: [14518.305157] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:19:59.282437+00:00 localhost kernel: [14518.312197] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:19:59.282438+00:00 localhost kernel: [14518.319711] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:19:59.282439+00:00 localhost kernel: [14518.326871] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:19:59.282439+00:00 localhost kernel: [14518.334036] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:19:59.282440+00:00 localhost kernel: [14518.342089] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:19:59.282442+00:00 localhost kernel: [14518.350181] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:19:59.282445+00:00 localhost kernel: [14518.357538] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:19:59.282446+00:00 localhost kernel: [14518.372505] IPv6: ADDRCONF(NETDEV_CHANGE): br0: link becomes ready
2024-04-09T18:19:59.283226+00:00 localhost systemd-networkd[239]: br0: Gained carrier
2024-04-09T18:20:01.246609+00:00 localhost systemd-networkd[239]: br0: Gained IPv6LL
[14523.225715] net_ratelimit: 3315 callbacks suppressed
[14523.227295] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14523.230846] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14523.238271] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14523.245339] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14523.253088] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14523.260175] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14523.267428] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14523.274530] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14523.282166] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14523.289402] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14523.296751] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14523.303825] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14523.311044] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14523.318036] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14523.325129] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14523.333506] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14523.340764] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14523.348017] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
[14523.355386] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
[14523.362724] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:20:04.274788+00:00 localhost kernel: [14523.225715] net_ratelimit: 3315 callbacks suppressed
2024-04-09T18:20:04.274810+00:00 localhost kernel: [14523.227295] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:20:04.274812+00:00 localhost kernel: [14523.230846] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:20:04.274813+00:00 localhost kernel: [14523.238271] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:20:04.274814+00:00 localhost kernel: [14523.245339] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:20:04.274815+00:00 localhost kernel: [14523.253088] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:20:04.274816+00:00 localhost kernel: [14523.260175] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:20:04.274817+00:00 localhost kernel: [14523.267428] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:20:04.274820+00:00 localhost kernel: [14523.274530] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:20:04.274821+00:00 localhost kernel: [14523.282166] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:20:04.274822+00:00 localhost kernel: [14523.289402] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:20:04.274823+00:00 localhost kernel: [14523.296751] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:20:04.274823+00:00 localhost kernel: [14523.303825] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:20:04.274824+00:00 localhost kernel: [14523.311044] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:20:04.274825+00:00 localhost kernel: [14523.318036] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:20:04.274826+00:00 localhost kernel: [14523.325129] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:20:04.274827+00:00 localhost kernel: [14523.333506] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:20:04.274828+00:00 localhost kernel: [14523.340764] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:20:04.274829+00:00 localhost kernel: [14523.348017] IPv4: martian source 10.0.0.31 from 169.254.169.254, on dev br0
2024-04-09T18:20:04.274830+00:00 localhost kernel: [14523.355386] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00
2024-04-09T18:20:04.274831+00:00 localhost kernel: [14523.362724] ll header: 00000000: 42 01 0a 00 00 1f 42 01 0a 00 00 01 08 00

...and it goes on and on like this.

Serial port 2:

root@test-vpn:~# ip route
10.0.0.0/20 dev br0 proto kernel scope link src 10.0.0.31

root@test-vpn:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0        0.0.0.0         255.255.240.0   U     0      0        0 br0

root@test-vpn:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: ens4: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1460 qdisc mq master br0 state UP group default qlen 1000
    link/ether 42:01:0a:00:00:1f brd ff:ff:ff:ff:ff:ff
    altname enp0s4
    inet6 fe80::4001:aff:fe00:1f/64 scope link
       valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc noqueue state UP group default qlen 1000
    link/ether ce:73:cf:40:a4:86 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.31/20 brd 10.0.15.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::cc73:cfff:fe40:a486/64 scope link
       valid_lft forever preferred_lft forever
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment