Home πŸ‡ΊπŸ‡¦ Support Ukraine

Networking

Created: 2021-09-15

Reading time: 2 min

Some network config snippets.

Manual config

ip a a 192.168.1.2/24 broadcast + dev eth0
ip link set eth0 up
ip r a default via 192.168.1.1
echo 'nameserver 192.168.1.1' > /etc/rsesolve.conf

A configuration for OpenVPN’s L2 LAN bridge

ip link add name br0 type bridge
ip link set br0 up
ip address add dev br0 192.168.1.2/24
ip route add default via 192.168.1.1
ip link set eth0 up
ip link set eth0 master br0
# Add tap device to bridge
ip tuntap add dev tap0 mode tap
ip link set tap0 up
ip link set tap0 master br0

Same as above in /etc/network/interfaces (ifupdown-ng). Requires bridge and iproute2 packages:

iface eth0 inet manual

auto tap0
iface tap0
    pre-up ip tuntap add dev tap0 mode tap
    pre-up ip link set tap0 up
    post-down ip link set tap0 down
    post-down ip tuntap del dev tap0 mode tap

auto br0
iface br0
    bridge-ports eth0 tap0
    bridge-fd 0
    bridge-stp off
    address 192.168.1.2
    gateway 192.168.1.1

Gentoo’s netifrc for a notebook

Add net0 to br0 bridge:

# Do not configure net0 (optional)
config_net0="null"

bridge_br0="net0"

# Required for autostarting br0 when net0's cable is plugged. Do not need this
# if br0 is not started automatically at startup
rc_net_br0_need="net.net0"

Start br0 and wlan0 on boot:

ln -s /etc/init.d/net.lo /etc/init.d/net.net0
ln -s /etc/init.d/net.lo /etc/init.d/net.br0
ln -s /etc/init.d/net.lo /etc/init.d/net.wlan0
rc-update add net.br0 default
rc-update add net.wlan0 default

Wired interface with a static address and a fallback to DHCP

Uses arping to check if gateway with IP/MAC address available.

config_br0="arping"
fallback_br0="dhcp"

gateways_br0="192.168.3.1 10.0.0.1,CF:16:42:72:F1:11"
config_192168003001="192.168.3.2/24"
routes_192168003001="default via 192.168.3.1"
dns_servers_192168003001="127.0.0.1"

config_010000000001_CF164272F111="10.0.0.2/24"
# ...

Wireless with a static IP

modules_wlan0="wpa_supplicant"
config_SSID_NAME="10.0.0.2/24 brd 10.0.0.255"
routes_SSID_NAME="default via 10.0.0.1"
# ...
config_another_ssid="10.0.1.2/24"
# ...

Interface priority

metric_br0="90"
metric_wlan0="100"

br0 and wlan0 may have same IP addresses.

Wireguard

Access 10.0.1.0/24 and 10.0.0.0/24 through wireguard:

wireguard_wg1="/etc/wireguard/wg1.conf"
config_wg1="10.0.1.5/24"
routes_wg1="10.0.0.0/24"

Autostart wireguard depending on what network we are on

postup() {
    # TODO: use gateway MAC address instead of ip
    if [ -d "/sys/class/net/wg0" ] || [ -d "/sys/class/net/wg1" ]; then
        einfo "wg0 or wg1 already exists."
    elif ip route | grep -iq 'dev \(br0\|wlan0\) proto kernel scope link src 10\.0\.0\.3'; then
        einfo "Home sweet home."
    elif ip route | grep -iq 'dev \(br0\|wlan0\) proto kernel scope link src 192\.168\.1\.3'; then
        einfo "Office network - use a VPN to access home network."
        rc-service net.wg1 start
    else
        einfo "We are on a guest network - send all traffic through VPN."
        rc-service wg-quick.wg0 start
    fi

    return 0
}

Local dnsmasq

10.0.0.2 optionally accessed through wireguard’s VPN if not on the same network.

no-resolv
server=10.0.0.2
# ...