How do I create a persistent tunnel device in sles15 (with or without wicked xml config)

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












0















I'm trying to simplify some of my configs for sles15, pushing out tunnel configs to my machines via ansible. Currently whenever I configure a tunnel, I do it on the fly using ssh from the machine initiating the ssh tunnel and sudo commands (running tunctl (which isn't there any more).



What I'd like to do is have the tunnel persistent on the sles15 machine and then just connect to it with ssh and the -w command.



However, this doesn't work worth a crap:



<interface>
<link-type>tun</link-type>
<name>tun1</name>
<control>
<mode>boot</mode>
</control>
<firewall/>
<tun>
<owner>ansible</owner>
<group>sshinternalusers</group>
</tun>

<ipv4>
<enabled>true</enabled>
<forwarding>true</forwarding>
</ipv4>
<ipv6>
<enabled>false</enabled>
<forwarding>false</forwarding>
</ipv6>
</interface>


and this doesn't work either (which I think is the traditional way of doing it)



STARTMODE='onboot'
BOOTPROTO='static'
TUNNEL_SET_PERSISTENT='yes'
TUNNEL='tun'
TUNNEL_LOCAL_IPADDR=172.20.26.115
TUNNEL_REMOTE_IPADDR=172.20.26.114
TUNNEL_DEVICE=tun0
TUNNEL_SET_OWNER=ansible
TUNNEL_SET_GROUP=sshinternalusers


I haven't found any documentation on the XML (other than reverse engineering the schema). The tunnel does appear to start when I reboot the machine, but there has to be a different way to get the tunnel up because when I run ifup tun0 it tells me "no device"










share|improve this question


























    0















    I'm trying to simplify some of my configs for sles15, pushing out tunnel configs to my machines via ansible. Currently whenever I configure a tunnel, I do it on the fly using ssh from the machine initiating the ssh tunnel and sudo commands (running tunctl (which isn't there any more).



    What I'd like to do is have the tunnel persistent on the sles15 machine and then just connect to it with ssh and the -w command.



    However, this doesn't work worth a crap:



    <interface>
    <link-type>tun</link-type>
    <name>tun1</name>
    <control>
    <mode>boot</mode>
    </control>
    <firewall/>
    <tun>
    <owner>ansible</owner>
    <group>sshinternalusers</group>
    </tun>

    <ipv4>
    <enabled>true</enabled>
    <forwarding>true</forwarding>
    </ipv4>
    <ipv6>
    <enabled>false</enabled>
    <forwarding>false</forwarding>
    </ipv6>
    </interface>


    and this doesn't work either (which I think is the traditional way of doing it)



    STARTMODE='onboot'
    BOOTPROTO='static'
    TUNNEL_SET_PERSISTENT='yes'
    TUNNEL='tun'
    TUNNEL_LOCAL_IPADDR=172.20.26.115
    TUNNEL_REMOTE_IPADDR=172.20.26.114
    TUNNEL_DEVICE=tun0
    TUNNEL_SET_OWNER=ansible
    TUNNEL_SET_GROUP=sshinternalusers


    I haven't found any documentation on the XML (other than reverse engineering the schema). The tunnel does appear to start when I reboot the machine, but there has to be a different way to get the tunnel up because when I run ifup tun0 it tells me "no device"










    share|improve this question
























      0












      0








      0








      I'm trying to simplify some of my configs for sles15, pushing out tunnel configs to my machines via ansible. Currently whenever I configure a tunnel, I do it on the fly using ssh from the machine initiating the ssh tunnel and sudo commands (running tunctl (which isn't there any more).



      What I'd like to do is have the tunnel persistent on the sles15 machine and then just connect to it with ssh and the -w command.



      However, this doesn't work worth a crap:



      <interface>
      <link-type>tun</link-type>
      <name>tun1</name>
      <control>
      <mode>boot</mode>
      </control>
      <firewall/>
      <tun>
      <owner>ansible</owner>
      <group>sshinternalusers</group>
      </tun>

      <ipv4>
      <enabled>true</enabled>
      <forwarding>true</forwarding>
      </ipv4>
      <ipv6>
      <enabled>false</enabled>
      <forwarding>false</forwarding>
      </ipv6>
      </interface>


      and this doesn't work either (which I think is the traditional way of doing it)



      STARTMODE='onboot'
      BOOTPROTO='static'
      TUNNEL_SET_PERSISTENT='yes'
      TUNNEL='tun'
      TUNNEL_LOCAL_IPADDR=172.20.26.115
      TUNNEL_REMOTE_IPADDR=172.20.26.114
      TUNNEL_DEVICE=tun0
      TUNNEL_SET_OWNER=ansible
      TUNNEL_SET_GROUP=sshinternalusers


      I haven't found any documentation on the XML (other than reverse engineering the schema). The tunnel does appear to start when I reboot the machine, but there has to be a different way to get the tunnel up because when I run ifup tun0 it tells me "no device"










      share|improve this question














      I'm trying to simplify some of my configs for sles15, pushing out tunnel configs to my machines via ansible. Currently whenever I configure a tunnel, I do it on the fly using ssh from the machine initiating the ssh tunnel and sudo commands (running tunctl (which isn't there any more).



      What I'd like to do is have the tunnel persistent on the sles15 machine and then just connect to it with ssh and the -w command.



      However, this doesn't work worth a crap:



      <interface>
      <link-type>tun</link-type>
      <name>tun1</name>
      <control>
      <mode>boot</mode>
      </control>
      <firewall/>
      <tun>
      <owner>ansible</owner>
      <group>sshinternalusers</group>
      </tun>

      <ipv4>
      <enabled>true</enabled>
      <forwarding>true</forwarding>
      </ipv4>
      <ipv6>
      <enabled>false</enabled>
      <forwarding>false</forwarding>
      </ipv6>
      </interface>


      and this doesn't work either (which I think is the traditional way of doing it)



      STARTMODE='onboot'
      BOOTPROTO='static'
      TUNNEL_SET_PERSISTENT='yes'
      TUNNEL='tun'
      TUNNEL_LOCAL_IPADDR=172.20.26.115
      TUNNEL_REMOTE_IPADDR=172.20.26.114
      TUNNEL_DEVICE=tun0
      TUNNEL_SET_OWNER=ansible
      TUNNEL_SET_GROUP=sshinternalusers


      I haven't found any documentation on the XML (other than reverse engineering the schema). The tunnel does appear to start when I reboot the machine, but there has to be a different way to get the tunnel up because when I run ifup tun0 it tells me "no device"







      ssh-tunneling sles tunneling wicked






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Feb 7 at 20:06









      Peter TurnerPeter Turner

      5881826




      5881826




















          1 Answer
          1






          active

          oldest

          votes


















          0














          The easiest way to figure out what the heck wicked is doing is by making the old fashioned network config scripts (which are documented with man ifcfg-tunnel)



          add this:



          STARTMODE='auto'
          BOOTPROTO='static'
          TUNNEL_SET_PERSISTENT='yes'
          TUNNEL='tun'
          IPADDR=172.20.26.115
          REMOTE_IPADDR=172.20.26.114
          TUNNEL_DEVICE=tun0
          TUNNEL_SET_OWNER=ansible
          TUNNEL_SET_GROUP=sshinternalusers
          ZONE=public
          MTU=1300


          as /etc/sysconfig/network/ifcfg-tun0



          run wicked ifup tun0



          and the tunnel should appear in ip addr show



          now (and this is based off of some powerpoint suse released to show how cool wicked is)



          cd to /etc/sysconfig/network



          run wicked show-config compat:



          this'll spit out the interface files for whatever is in this directory (i.e. ifcfg-tun0)



          put that output, which may look like:



          <interface >
          <name>tun1</name>
          <control>
          <mode>auto</mode>
          </control>
          <firewall>
          <zone>public</zone>
          </firewall>
          <tun>
          <owner>479</owner>
          <group>479</group>
          </tun>
          <link>
          <mtu>1300</mtu>
          </link>
          <ipv4>
          <enabled>true</enabled>
          <forwarding>true</forwarding>
          </ipv4>
          <ipv4:static>
          <address>
          <local>172.20.42.115/32</local>
          <peer>172.20.42.114</peer>
          </address>
          </ipv4:static>
          <ipv6>
          <enabled>false</enabled>
          <forwarding>false</forwarding>
          </ipv6>
          </interface>


          in /etc/wicked/ifconfig/tun0.xml and delete the old config file from sysconfig



          if you do wicked ifreload tun0



          it should be using the new config now, you can reboot or wicked ifdown/ifup to make sure.



          Note, owner and group are the ID's, not the usernames



          and, since you're using ssh, don't forget to set PermitTunnel Yes in the sshd config file.




          FWIW (and not much since you don't want to use this manually when running wicked) the replacement for tunctl appears to be ip tunnel.






          share|improve this answer






















            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499356%2fhow-do-i-create-a-persistent-tunnel-device-in-sles15-with-or-without-wicked-xml%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            The easiest way to figure out what the heck wicked is doing is by making the old fashioned network config scripts (which are documented with man ifcfg-tunnel)



            add this:



            STARTMODE='auto'
            BOOTPROTO='static'
            TUNNEL_SET_PERSISTENT='yes'
            TUNNEL='tun'
            IPADDR=172.20.26.115
            REMOTE_IPADDR=172.20.26.114
            TUNNEL_DEVICE=tun0
            TUNNEL_SET_OWNER=ansible
            TUNNEL_SET_GROUP=sshinternalusers
            ZONE=public
            MTU=1300


            as /etc/sysconfig/network/ifcfg-tun0



            run wicked ifup tun0



            and the tunnel should appear in ip addr show



            now (and this is based off of some powerpoint suse released to show how cool wicked is)



            cd to /etc/sysconfig/network



            run wicked show-config compat:



            this'll spit out the interface files for whatever is in this directory (i.e. ifcfg-tun0)



            put that output, which may look like:



            <interface >
            <name>tun1</name>
            <control>
            <mode>auto</mode>
            </control>
            <firewall>
            <zone>public</zone>
            </firewall>
            <tun>
            <owner>479</owner>
            <group>479</group>
            </tun>
            <link>
            <mtu>1300</mtu>
            </link>
            <ipv4>
            <enabled>true</enabled>
            <forwarding>true</forwarding>
            </ipv4>
            <ipv4:static>
            <address>
            <local>172.20.42.115/32</local>
            <peer>172.20.42.114</peer>
            </address>
            </ipv4:static>
            <ipv6>
            <enabled>false</enabled>
            <forwarding>false</forwarding>
            </ipv6>
            </interface>


            in /etc/wicked/ifconfig/tun0.xml and delete the old config file from sysconfig



            if you do wicked ifreload tun0



            it should be using the new config now, you can reboot or wicked ifdown/ifup to make sure.



            Note, owner and group are the ID's, not the usernames



            and, since you're using ssh, don't forget to set PermitTunnel Yes in the sshd config file.




            FWIW (and not much since you don't want to use this manually when running wicked) the replacement for tunctl appears to be ip tunnel.






            share|improve this answer



























              0














              The easiest way to figure out what the heck wicked is doing is by making the old fashioned network config scripts (which are documented with man ifcfg-tunnel)



              add this:



              STARTMODE='auto'
              BOOTPROTO='static'
              TUNNEL_SET_PERSISTENT='yes'
              TUNNEL='tun'
              IPADDR=172.20.26.115
              REMOTE_IPADDR=172.20.26.114
              TUNNEL_DEVICE=tun0
              TUNNEL_SET_OWNER=ansible
              TUNNEL_SET_GROUP=sshinternalusers
              ZONE=public
              MTU=1300


              as /etc/sysconfig/network/ifcfg-tun0



              run wicked ifup tun0



              and the tunnel should appear in ip addr show



              now (and this is based off of some powerpoint suse released to show how cool wicked is)



              cd to /etc/sysconfig/network



              run wicked show-config compat:



              this'll spit out the interface files for whatever is in this directory (i.e. ifcfg-tun0)



              put that output, which may look like:



              <interface >
              <name>tun1</name>
              <control>
              <mode>auto</mode>
              </control>
              <firewall>
              <zone>public</zone>
              </firewall>
              <tun>
              <owner>479</owner>
              <group>479</group>
              </tun>
              <link>
              <mtu>1300</mtu>
              </link>
              <ipv4>
              <enabled>true</enabled>
              <forwarding>true</forwarding>
              </ipv4>
              <ipv4:static>
              <address>
              <local>172.20.42.115/32</local>
              <peer>172.20.42.114</peer>
              </address>
              </ipv4:static>
              <ipv6>
              <enabled>false</enabled>
              <forwarding>false</forwarding>
              </ipv6>
              </interface>


              in /etc/wicked/ifconfig/tun0.xml and delete the old config file from sysconfig



              if you do wicked ifreload tun0



              it should be using the new config now, you can reboot or wicked ifdown/ifup to make sure.



              Note, owner and group are the ID's, not the usernames



              and, since you're using ssh, don't forget to set PermitTunnel Yes in the sshd config file.




              FWIW (and not much since you don't want to use this manually when running wicked) the replacement for tunctl appears to be ip tunnel.






              share|improve this answer

























                0












                0








                0







                The easiest way to figure out what the heck wicked is doing is by making the old fashioned network config scripts (which are documented with man ifcfg-tunnel)



                add this:



                STARTMODE='auto'
                BOOTPROTO='static'
                TUNNEL_SET_PERSISTENT='yes'
                TUNNEL='tun'
                IPADDR=172.20.26.115
                REMOTE_IPADDR=172.20.26.114
                TUNNEL_DEVICE=tun0
                TUNNEL_SET_OWNER=ansible
                TUNNEL_SET_GROUP=sshinternalusers
                ZONE=public
                MTU=1300


                as /etc/sysconfig/network/ifcfg-tun0



                run wicked ifup tun0



                and the tunnel should appear in ip addr show



                now (and this is based off of some powerpoint suse released to show how cool wicked is)



                cd to /etc/sysconfig/network



                run wicked show-config compat:



                this'll spit out the interface files for whatever is in this directory (i.e. ifcfg-tun0)



                put that output, which may look like:



                <interface >
                <name>tun1</name>
                <control>
                <mode>auto</mode>
                </control>
                <firewall>
                <zone>public</zone>
                </firewall>
                <tun>
                <owner>479</owner>
                <group>479</group>
                </tun>
                <link>
                <mtu>1300</mtu>
                </link>
                <ipv4>
                <enabled>true</enabled>
                <forwarding>true</forwarding>
                </ipv4>
                <ipv4:static>
                <address>
                <local>172.20.42.115/32</local>
                <peer>172.20.42.114</peer>
                </address>
                </ipv4:static>
                <ipv6>
                <enabled>false</enabled>
                <forwarding>false</forwarding>
                </ipv6>
                </interface>


                in /etc/wicked/ifconfig/tun0.xml and delete the old config file from sysconfig



                if you do wicked ifreload tun0



                it should be using the new config now, you can reboot or wicked ifdown/ifup to make sure.



                Note, owner and group are the ID's, not the usernames



                and, since you're using ssh, don't forget to set PermitTunnel Yes in the sshd config file.




                FWIW (and not much since you don't want to use this manually when running wicked) the replacement for tunctl appears to be ip tunnel.






                share|improve this answer













                The easiest way to figure out what the heck wicked is doing is by making the old fashioned network config scripts (which are documented with man ifcfg-tunnel)



                add this:



                STARTMODE='auto'
                BOOTPROTO='static'
                TUNNEL_SET_PERSISTENT='yes'
                TUNNEL='tun'
                IPADDR=172.20.26.115
                REMOTE_IPADDR=172.20.26.114
                TUNNEL_DEVICE=tun0
                TUNNEL_SET_OWNER=ansible
                TUNNEL_SET_GROUP=sshinternalusers
                ZONE=public
                MTU=1300


                as /etc/sysconfig/network/ifcfg-tun0



                run wicked ifup tun0



                and the tunnel should appear in ip addr show



                now (and this is based off of some powerpoint suse released to show how cool wicked is)



                cd to /etc/sysconfig/network



                run wicked show-config compat:



                this'll spit out the interface files for whatever is in this directory (i.e. ifcfg-tun0)



                put that output, which may look like:



                <interface >
                <name>tun1</name>
                <control>
                <mode>auto</mode>
                </control>
                <firewall>
                <zone>public</zone>
                </firewall>
                <tun>
                <owner>479</owner>
                <group>479</group>
                </tun>
                <link>
                <mtu>1300</mtu>
                </link>
                <ipv4>
                <enabled>true</enabled>
                <forwarding>true</forwarding>
                </ipv4>
                <ipv4:static>
                <address>
                <local>172.20.42.115/32</local>
                <peer>172.20.42.114</peer>
                </address>
                </ipv4:static>
                <ipv6>
                <enabled>false</enabled>
                <forwarding>false</forwarding>
                </ipv6>
                </interface>


                in /etc/wicked/ifconfig/tun0.xml and delete the old config file from sysconfig



                if you do wicked ifreload tun0



                it should be using the new config now, you can reboot or wicked ifdown/ifup to make sure.



                Note, owner and group are the ID's, not the usernames



                and, since you're using ssh, don't forget to set PermitTunnel Yes in the sshd config file.




                FWIW (and not much since you don't want to use this manually when running wicked) the replacement for tunctl appears to be ip tunnel.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Feb 8 at 17:16









                Peter TurnerPeter Turner

                5881826




                5881826



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499356%2fhow-do-i-create-a-persistent-tunnel-device-in-sles15-with-or-without-wicked-xml%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown






                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?