How do I create a persistent tunnel device in sles15 (with or without wicked xml config)
Clash Royale CLAN TAG#URR8PPP
I'm trying to simplify some of my configs for sles15, pushing out tunnel configs to my machines via ansible. Currently whenever I configure a tunnel, I do it on the fly using ssh from the machine initiating the ssh tunnel and sudo commands (running tunctl (which isn't there any more).
What I'd like to do is have the tunnel persistent on the sles15 machine and then just connect to it with ssh and the -w command.
However, this doesn't work worth a crap:
<interface>
<link-type>tun</link-type>
<name>tun1</name>
<control>
<mode>boot</mode>
</control>
<firewall/>
<tun>
<owner>ansible</owner>
<group>sshinternalusers</group>
</tun>
<ipv4>
<enabled>true</enabled>
<forwarding>true</forwarding>
</ipv4>
<ipv6>
<enabled>false</enabled>
<forwarding>false</forwarding>
</ipv6>
</interface>
and this doesn't work either (which I think is the traditional way of doing it)
STARTMODE='onboot'
BOOTPROTO='static'
TUNNEL_SET_PERSISTENT='yes'
TUNNEL='tun'
TUNNEL_LOCAL_IPADDR=172.20.26.115
TUNNEL_REMOTE_IPADDR=172.20.26.114
TUNNEL_DEVICE=tun0
TUNNEL_SET_OWNER=ansible
TUNNEL_SET_GROUP=sshinternalusers
I haven't found any documentation on the XML (other than reverse engineering the schema). The tunnel does appear to start when I reboot the machine, but there has to be a different way to get the tunnel up because when I run ifup tun0 it tells me "no device"
ssh-tunneling sles tunneling wicked
asked Feb 7 at 20:06
Peter TurnerPeter Turner
5881826
add a comment |
I'm trying to simplify some of my configs for sles15, pushing out tunnel configs to my machines via ansible. Currently whenever I configure a tunnel, I do it on the fly using ssh from the machine initiating the ssh tunnel and sudo commands (running tunctl (which isn't there any more).
What I'd like to do is have the tunnel persistent on the sles15 machine and then just connect to it with ssh and the -w command.
However, this doesn't work worth a crap:
<interface>
<link-type>tun</link-type>
<name>tun1</name>
<control>
<mode>boot</mode>
</control>
<firewall/>
<tun>
<owner>ansible</owner>
<group>sshinternalusers</group>
</tun>
<ipv4>
<enabled>true</enabled>
<forwarding>true</forwarding>
</ipv4>
<ipv6>
<enabled>false</enabled>
<forwarding>false</forwarding>
</ipv6>
</interface>
and this doesn't work either (which I think is the traditional way of doing it)
STARTMODE='onboot'
BOOTPROTO='static'
TUNNEL_SET_PERSISTENT='yes'
TUNNEL='tun'
TUNNEL_LOCAL_IPADDR=172.20.26.115
TUNNEL_REMOTE_IPADDR=172.20.26.114
TUNNEL_DEVICE=tun0
TUNNEL_SET_OWNER=ansible
TUNNEL_SET_GROUP=sshinternalusers
I haven't found any documentation on the XML (other than reverse engineering the schema). The tunnel does appear to start when I reboot the machine, but there has to be a different way to get the tunnel up because when I run ifup tun0 it tells me "no device"
ssh-tunneling sles tunneling wicked
asked Feb 7 at 20:06
Peter TurnerPeter Turner
5881826
add a comment |
I'm trying to simplify some of my configs for sles15, pushing out tunnel configs to my machines via ansible. Currently whenever I configure a tunnel, I do it on the fly using ssh from the machine initiating the ssh tunnel and sudo commands (running tunctl (which isn't there any more).
What I'd like to do is have the tunnel persistent on the sles15 machine and then just connect to it with ssh and the -w command.
However, this doesn't work worth a crap:
<interface>
<link-type>tun</link-type>
<name>tun1</name>
<control>
<mode>boot</mode>
</control>
<firewall/>
<tun>
<owner>ansible</owner>
<group>sshinternalusers</group>
</tun>
<ipv4>
<enabled>true</enabled>
<forwarding>true</forwarding>
</ipv4>
<ipv6>
<enabled>false</enabled>
<forwarding>false</forwarding>
</ipv6>
</interface>
and this doesn't work either (which I think is the traditional way of doing it)
STARTMODE='onboot'
BOOTPROTO='static'
TUNNEL_SET_PERSISTENT='yes'
TUNNEL='tun'
TUNNEL_LOCAL_IPADDR=172.20.26.115
TUNNEL_REMOTE_IPADDR=172.20.26.114
TUNNEL_DEVICE=tun0
TUNNEL_SET_OWNER=ansible
TUNNEL_SET_GROUP=sshinternalusers
I haven't found any documentation on the XML (other than reverse engineering the schema). The tunnel does appear to start when I reboot the machine, but there has to be a different way to get the tunnel up because when I run ifup tun0 it tells me "no device"
ssh-tunneling sles tunneling wicked
asked Feb 7 at 20:06
Peter TurnerPeter Turner
5881826
I'm trying to simplify some of my configs for sles15, pushing out tunnel configs to my machines via ansible. Currently whenever I configure a tunnel, I do it on the fly using ssh from the machine initiating the ssh tunnel and sudo commands (running tunctl (which isn't there any more).
What I'd like to do is have the tunnel persistent on the sles15 machine and then just connect to it with ssh and the -w command.
However, this doesn't work worth a crap:
<interface>
<link-type>tun</link-type>
<name>tun1</name>
<control>
<mode>boot</mode>
</control>
<firewall/>
<tun>
<owner>ansible</owner>
<group>sshinternalusers</group>
</tun>
<ipv4>
<enabled>true</enabled>
<forwarding>true</forwarding>
</ipv4>
<ipv6>
<enabled>false</enabled>
<forwarding>false</forwarding>
</ipv6>
</interface>
and this doesn't work either (which I think is the traditional way of doing it)
STARTMODE='onboot'
BOOTPROTO='static'
TUNNEL_SET_PERSISTENT='yes'
TUNNEL='tun'
TUNNEL_LOCAL_IPADDR=172.20.26.115
TUNNEL_REMOTE_IPADDR=172.20.26.114
TUNNEL_DEVICE=tun0
TUNNEL_SET_OWNER=ansible
TUNNEL_SET_GROUP=sshinternalusers
I haven't found any documentation on the XML (other than reverse engineering the schema). The tunnel does appear to start when I reboot the machine, but there has to be a different way to get the tunnel up because when I run ifup tun0 it tells me "no device"
ssh-tunneling sles tunneling wicked
ssh-tunneling sles tunneling wicked
asked Feb 7 at 20:06
Peter TurnerPeter Turner
5881826
asked Feb 7 at 20:06
Peter TurnerPeter Turner
5881826
asked Feb 7 at 20:06
Peter TurnerPeter Turner
5881826
asked Feb 7 at 20:06
Peter TurnerPeter Turner
5881826
asked Feb 7 at 20:06
Peter TurnerPeter Turner
5881826
5881826
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The easiest way to figure out what the heck wicked is doing is by making the old fashioned network config scripts (which are documented with man ifcfg-tunnel)
add this:
STARTMODE='auto'
BOOTPROTO='static'
TUNNEL_SET_PERSISTENT='yes'
TUNNEL='tun'
IPADDR=172.20.26.115
REMOTE_IPADDR=172.20.26.114
TUNNEL_DEVICE=tun0
TUNNEL_SET_OWNER=ansible
TUNNEL_SET_GROUP=sshinternalusers
ZONE=public
MTU=1300
as /etc/sysconfig/network/ifcfg-tun0
run wicked ifup tun0
and the tunnel should appear in ip addr show
now (and this is based off of some powerpoint suse released to show how cool wicked is)
cd to /etc/sysconfig/network
run wicked show-config compat:
this'll spit out the interface files for whatever is in this directory (i.e. ifcfg-tun0)
put that output, which may look like:
<interface >
<name>tun1</name>
<control>
<mode>auto</mode>
</control>
<firewall>
<zone>public</zone>
</firewall>
<tun>
<owner>479</owner>
<group>479</group>
</tun>
<link>
<mtu>1300</mtu>
</link>
<ipv4>
<enabled>true</enabled>
<forwarding>true</forwarding>
</ipv4>
<ipv4:static>
<address>
<local>172.20.42.115/32</local>
<peer>172.20.42.114</peer>
</address>
</ipv4:static>
<ipv6>
<enabled>false</enabled>
<forwarding>false</forwarding>
</ipv6>
</interface>
in /etc/wicked/ifconfig/tun0.xml and delete the old config file from sysconfig
if you do wicked ifreload tun0
it should be using the new config now, you can reboot or wicked ifdown/ifup to make sure.
Note, owner and group are the ID's, not the usernames
and, since you're using ssh, don't forget to set PermitTunnel Yes in the sshd config file.
FWIW (and not much since you don't want to use this manually when running wicked) the replacement for tunctl appears to be ip tunnel.
answered Feb 8 at 17:16
Peter TurnerPeter Turner
5881826
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499356%2fhow-do-i-create-a-persistent-tunnel-device-in-sles15-with-or-without-wicked-xml%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The easiest way to figure out what the heck wicked is doing is by making the old fashioned network config scripts (which are documented with man ifcfg-tunnel)
add this:
STARTMODE='auto'
BOOTPROTO='static'
TUNNEL_SET_PERSISTENT='yes'
TUNNEL='tun'
IPADDR=172.20.26.115
REMOTE_IPADDR=172.20.26.114
TUNNEL_DEVICE=tun0
TUNNEL_SET_OWNER=ansible
TUNNEL_SET_GROUP=sshinternalusers
ZONE=public
MTU=1300
as /etc/sysconfig/network/ifcfg-tun0
run wicked ifup tun0
and the tunnel should appear in ip addr show
now (and this is based off of some powerpoint suse released to show how cool wicked is)
cd to /etc/sysconfig/network
run wicked show-config compat:
this'll spit out the interface files for whatever is in this directory (i.e. ifcfg-tun0)
put that output, which may look like:
<interface >
<name>tun1</name>
<control>
<mode>auto</mode>
</control>
<firewall>
<zone>public</zone>
</firewall>
<tun>
<owner>479</owner>
<group>479</group>
</tun>
<link>
<mtu>1300</mtu>
</link>
<ipv4>
<enabled>true</enabled>
<forwarding>true</forwarding>
</ipv4>
<ipv4:static>
<address>
<local>172.20.42.115/32</local>
<peer>172.20.42.114</peer>
</address>
</ipv4:static>
<ipv6>
<enabled>false</enabled>
<forwarding>false</forwarding>
</ipv6>
</interface>
in /etc/wicked/ifconfig/tun0.xml and delete the old config file from sysconfig
if you do wicked ifreload tun0
it should be using the new config now, you can reboot or wicked ifdown/ifup to make sure.
Note, owner and group are the ID's, not the usernames
and, since you're using ssh, don't forget to set PermitTunnel Yes in the sshd config file.
FWIW (and not much since you don't want to use this manually when running wicked) the replacement for tunctl appears to be ip tunnel.
answered Feb 8 at 17:16
Peter TurnerPeter Turner
5881826
add a comment |
The easiest way to figure out what the heck wicked is doing is by making the old fashioned network config scripts (which are documented with man ifcfg-tunnel)
add this:
STARTMODE='auto'
BOOTPROTO='static'
TUNNEL_SET_PERSISTENT='yes'
TUNNEL='tun'
IPADDR=172.20.26.115
REMOTE_IPADDR=172.20.26.114
TUNNEL_DEVICE=tun0
TUNNEL_SET_OWNER=ansible
TUNNEL_SET_GROUP=sshinternalusers
ZONE=public
MTU=1300
as /etc/sysconfig/network/ifcfg-tun0
run wicked ifup tun0
and the tunnel should appear in ip addr show
now (and this is based off of some powerpoint suse released to show how cool wicked is)
cd to /etc/sysconfig/network
run wicked show-config compat:
this'll spit out the interface files for whatever is in this directory (i.e. ifcfg-tun0)
put that output, which may look like:
<interface >
<name>tun1</name>
<control>
<mode>auto</mode>
</control>
<firewall>
<zone>public</zone>
</firewall>
<tun>
<owner>479</owner>
<group>479</group>
</tun>
<link>
<mtu>1300</mtu>
</link>
<ipv4>
<enabled>true</enabled>
<forwarding>true</forwarding>
</ipv4>
<ipv4:static>
<address>
<local>172.20.42.115/32</local>
<peer>172.20.42.114</peer>
</address>
</ipv4:static>
<ipv6>
<enabled>false</enabled>
<forwarding>false</forwarding>
</ipv6>
</interface>
in /etc/wicked/ifconfig/tun0.xml and delete the old config file from sysconfig
if you do wicked ifreload tun0
it should be using the new config now, you can reboot or wicked ifdown/ifup to make sure.
Note, owner and group are the ID's, not the usernames
and, since you're using ssh, don't forget to set PermitTunnel Yes in the sshd config file.
FWIW (and not much since you don't want to use this manually when running wicked) the replacement for tunctl appears to be ip tunnel.
answered Feb 8 at 17:16
Peter TurnerPeter Turner
5881826
add a comment |
The easiest way to figure out what the heck wicked is doing is by making the old fashioned network config scripts (which are documented with man ifcfg-tunnel)
add this:
STARTMODE='auto'
BOOTPROTO='static'
TUNNEL_SET_PERSISTENT='yes'
TUNNEL='tun'
IPADDR=172.20.26.115
REMOTE_IPADDR=172.20.26.114
TUNNEL_DEVICE=tun0
TUNNEL_SET_OWNER=ansible
TUNNEL_SET_GROUP=sshinternalusers
ZONE=public
MTU=1300
as /etc/sysconfig/network/ifcfg-tun0
run wicked ifup tun0
and the tunnel should appear in ip addr show
now (and this is based off of some powerpoint suse released to show how cool wicked is)
cd to /etc/sysconfig/network
run wicked show-config compat:
this'll spit out the interface files for whatever is in this directory (i.e. ifcfg-tun0)
put that output, which may look like:
<interface >
<name>tun1</name>
<control>
<mode>auto</mode>
</control>
<firewall>
<zone>public</zone>
</firewall>
<tun>
<owner>479</owner>
<group>479</group>
</tun>
<link>
<mtu>1300</mtu>
</link>
<ipv4>
<enabled>true</enabled>
<forwarding>true</forwarding>
</ipv4>
<ipv4:static>
<address>
<local>172.20.42.115/32</local>
<peer>172.20.42.114</peer>
</address>
</ipv4:static>
<ipv6>
<enabled>false</enabled>
<forwarding>false</forwarding>
</ipv6>
</interface>
in /etc/wicked/ifconfig/tun0.xml and delete the old config file from sysconfig
if you do wicked ifreload tun0
it should be using the new config now, you can reboot or wicked ifdown/ifup to make sure.
Note, owner and group are the ID's, not the usernames
and, since you're using ssh, don't forget to set PermitTunnel Yes in the sshd config file.
FWIW (and not much since you don't want to use this manually when running wicked) the replacement for tunctl appears to be ip tunnel.
answered Feb 8 at 17:16
Peter TurnerPeter Turner
5881826
The easiest way to figure out what the heck wicked is doing is by making the old fashioned network config scripts (which are documented with man ifcfg-tunnel)
add this:
STARTMODE='auto'
BOOTPROTO='static'
TUNNEL_SET_PERSISTENT='yes'
TUNNEL='tun'
IPADDR=172.20.26.115
REMOTE_IPADDR=172.20.26.114
TUNNEL_DEVICE=tun0
TUNNEL_SET_OWNER=ansible
TUNNEL_SET_GROUP=sshinternalusers
ZONE=public
MTU=1300
as /etc/sysconfig/network/ifcfg-tun0
run wicked ifup tun0
and the tunnel should appear in ip addr show
now (and this is based off of some powerpoint suse released to show how cool wicked is)
cd to /etc/sysconfig/network
run wicked show-config compat:
this'll spit out the interface files for whatever is in this directory (i.e. ifcfg-tun0)
put that output, which may look like:
<interface >
<name>tun1</name>
<control>
<mode>auto</mode>
</control>
<firewall>
<zone>public</zone>
</firewall>
<tun>
<owner>479</owner>
<group>479</group>
</tun>
<link>
<mtu>1300</mtu>
</link>
<ipv4>
<enabled>true</enabled>
<forwarding>true</forwarding>
</ipv4>
<ipv4:static>
<address>
<local>172.20.42.115/32</local>
<peer>172.20.42.114</peer>
</address>
</ipv4:static>
<ipv6>
<enabled>false</enabled>
<forwarding>false</forwarding>
</ipv6>
</interface>
in /etc/wicked/ifconfig/tun0.xml and delete the old config file from sysconfig
if you do wicked ifreload tun0
it should be using the new config now, you can reboot or wicked ifdown/ifup to make sure.
Note, owner and group are the ID's, not the usernames
and, since you're using ssh, don't forget to set PermitTunnel Yes in the sshd config file.
FWIW (and not much since you don't want to use this manually when running wicked) the replacement for tunctl appears to be ip tunnel.
answered Feb 8 at 17:16
Peter TurnerPeter Turner
5881826
answered Feb 8 at 17:16
Peter TurnerPeter Turner
5881826
answered Feb 8 at 17:16
Peter TurnerPeter Turner
5881826
answered Feb 8 at 17:16
Peter TurnerPeter Turner
5881826
5881826
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499356%2fhow-do-i-create-a-persistent-tunnel-device-in-sles15-with-or-without-wicked-xml%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
