https://redmine.april.org/
https://redmine.april.org/favicon.ico?1586192034
2012-12-17T09:35:07Z
Gestionnaire de projets de l'April
Admins - Anomalie #1115: controller.vm.april-int openvpn est tombé
https://redmine.april.org/issues/1115?journal_id=3781
2012-12-17T09:35:07Z
Loïc Dachary
<ul></ul><p>Pour reproduire le problème:<br /><pre>
ssh root@controller.vm.april-int
root@controller:~# ip r
default via 10.145.4.4 dev eth0
10.145.4.0/24 dev eth0 proto kernel scope link src 10.145.4.5
192.168.0.0/24 via 192.168.0.21 dev tun0 src 192.168.4.1
192.168.0.21 dev tun0 proto kernel scope link src 192.168.0.22
192.168.1.0/24 via 192.168.0.21 dev tun0
192.168.2.0/24 via 192.168.0.21 dev tun0
192.168.3.0/24 via 192.168.0.21 dev tun0
192.168.4.0/24 dev eth0 proto kernel scope link src 192.168.4.1
192.168.5.0/24 via 192.168.0.21 dev tun0
root@controller:~# ip r show cache 192.168.42.42
root@controller:~#
root@controller:~# ping -c1 192.168.42.42
PING 192.168.42.42 (192.168.42.42) 56(84) bytes of data.
From 212.27.40.57 icmp_seq=1 Packet filtered
--- 192.168.42.42 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
root@controller:~# ip r show cache 192.168.42.42
192.168.42.42 via 10.145.4.4 dev eth0 src 10.145.4.5
cache
192.168.42.42 from 10.145.4.5 via 10.145.4.4 dev eth0
cache
</pre></p>
Admins - Anomalie #1115: controller.vm.april-int openvpn est tombé
https://redmine.april.org/issues/1115?journal_id=3782
2012-12-17T09:59:08Z
Loïc Dachary
<ul><li><strong>Statut</strong> changé de <i>En cours de traitement</i> à <i>Résolu</i></li></ul><pre>
commit 54aa1c40732654736401962f0775e94b10456169
Author: Loic Dachary <loic@dachary.org>
Date: Mon Dec 17 09:55:23 2012 +0000
flush all routes when the VPN goes up to discard incorrect cached routes https://agir.april.org/issues/1115
diff --git a/.etckeeper b/.etckeeper
index ba2ed97..c69f180 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -441,6 +441,8 @@ maybe chmod 0644 './openvpn/keys/ca.crt'
maybe chmod 0644 './openvpn/keys/yopo.crt'
maybe chmod 0644 './openvpn/keys/yopo.csr'
maybe chmod 0600 './openvpn/keys/yopo.key'
+maybe chgrp staff './openvpn/route-flush'
+maybe chmod 0755 './openvpn/route-flush'
maybe chmod 0755 './openvpn/update-resolv-conf'
maybe chmod 0755 './opt'
maybe chmod 0644 './os-release'
diff --git a/openvpn/client.conf b/openvpn/client.conf
index 743a6fa..168f74a 100644
--- a/openvpn/client.conf
+++ b/openvpn/client.conf
@@ -133,4 +133,6 @@ mute 20
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
-
+script-security 2
+# for more information https://agir.april.org/issues/1115
+up /etc/openvpn/route-flush
diff --git a/openvpn/route-flush b/openvpn/route-flush
new file mode 100755
index 0000000..384dc57
--- /dev/null
+++ b/openvpn/route-flush
@@ -0,0 +1,2 @@
+#!/bin/bash
+/sbin/ip route flush cache
</pre>
Admins - Anomalie #1115: controller.vm.april-int openvpn est tombé
https://redmine.april.org/issues/1115?journal_id=3783
2012-12-17T09:59:18Z
Loïc Dachary
<ul><li><strong>% réalisé</strong> changé de <i>0</i> à <i>100</i></li></ul>
Admins - Anomalie #1115: controller.vm.april-int openvpn est tombé
https://redmine.april.org/issues/1115?journal_id=3784
2012-12-17T11:41:34Z
Loïc Dachary
<ul></ul><p>Si le controller envoie des ICMP redirect c'est pas bon. On tente de le desactiver mais il envoie encore des redirect.<br /><pre>
root@controller:~# tcpdump -i eth0 host jenkins.vm.april-int
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:38:05.968852 IP 192.168.4.3 > 192.168.20.238: ICMP echo request, id 22377, seq 1, length 64
11:38:05.968899 IP 192.168.4.1 > 192.168.4.3: ICMP redirect 192.168.20.238 to host 10.145.4.4, length 92
11:38:05.968926 IP 192.168.4.3 > 192.168.20.238: ICMP echo request, id 22377, seq 1, length 64
11:38:10.977876 ARP, Request who-has 192.168.4.3 tell 192.168.4.1, length 28
11:38:10.978251 ARP, Reply 192.168.4.3 is-at fa:16:3e:54:fc:2f (oui Unknown), length 28
^C
5 packets captured
9 packets received by filter
0 packets dropped by kernel
root@controller:~# sysctl net.ipv4.conf.all.send_redirects
net.ipv4.conf.all.send_redirects = 0
</pre></p>
Admins - Anomalie #1115: controller.vm.april-int openvpn est tombé
https://redmine.april.org/issues/1115?journal_id=3785
2012-12-17T12:55:51Z
Loïc Dachary
<ul></ul><p><a class="external" href="http://dachary.org/?p=1704">http://dachary.org/?p=1704</a> flushing OpenVPN routes to prevent temporary incorrect routing</p>
Admins - Anomalie #1115: controller.vm.april-int openvpn est tombé
https://redmine.april.org/issues/1115?journal_id=13927
2019-05-29T10:19:21Z
Quentin Gibeaux
april.quentin@gibeaux.eu
<ul><li><strong>Statut</strong> changé de <i>Résolu</i> à <i>Fermé</i></li></ul>