koyaaniqatsi's questions -server

koyaaniqatsi

Asked: 2017-05-20 03:16:18 +0800 CST

HA OpenVPN with only one IP for the VPN client

Goal: allow VPN clients to communicate (udp) with a server. Setup:

client must be renseigned only one public IP, because we are going through firewall which will not open more than one destination ip:port
server-side must be highly available, so we will have at least 2 VPN servers
servers-side must be load balanced
we will have a firewall as internet to LAN gateway

Here is a schema:

We are currently interested in pritunl but for now we have not succeeded to have only one remote IP.

With OpenVPN (used by pritunl btw) it seems that adding several remote ip and using remote-random is the closest solution. Any more idea?

koyaaniqatsi

Asked: 2017-03-02 01:43:22 +0800 CST

Can't set a second network interface on a second ethernet port Debian 3.16

My goal is to set two ethernet interfaces on two different ports and with two differents static IP on the same network. The matter is that one port will become reachable by the two IPs, the other won't. I proceed with the /etc/network/interfaces file and /etc/init.d/networking restart call. I also tried with ifupdown calls. Here is how I proceed:

I've just installed my Debian 3.16 OS without any network configuration.My device has two Ethernet ports.

ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:30:18:cd:49:77 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:30:18:cd:49:76 brd ff:ff:ff:ff:ff:ff
4: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether bc:30:7e:c0:e6:ba brd ff:ff:ff:ff:ff:ff

ifconfig
lo        Link encap:Boucle locale  
          inet adr:127.0.0.1  Masque:255.0.0.0
          adr inet6: ::1/128 Scope:Hôte
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:31 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0 
          RX bytes:3172 (3.0 KiB)  TX bytes:3172 (3.0 KiB)

cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

Everything seems fine. I want to add a new ethernet interface to connect on my network, so I modify the /etc/network/interfaces file this way:

cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.160
netmask 255.255.255.0
gateway 192.168.1.1

My device is now reachable on ethernet port let's say A with the IP 192.168.1.160, ifconfig is fine too. Then I add the new interface and modify /etc/network/interfaces this way:

cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.1.160
netmask 255.255.255.0
gateway 192.168.1.1

auto eth1
iface eth1 inet static
address 192.168.1.161
netmask 255.255.255.0
gateway 192.168.1.1


ifconfig
eth0      Link encap:Ethernet  HWaddr 00:30:18:cd:49:77  
          inet adr:192.168.1.160  Bcast:192.168.1.255  Masque:255.255.255.0
          adr inet6: fe80::230:18ff:fecd:4977/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6550 errors:0 dropped:8 overruns:0 frame:0
          TX packets:819 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000 
          RX bytes:584489 (570.7 KiB)  TX bytes:106896 (104.3 KiB)
          Interruption:18 Mémoire:d0700000-d0720000 

eth1      Link encap:Ethernet  HWaddr 00:30:18:cd:49:76  
          inet adr:192.168.1.161  Bcast:192.168.1.255  Masque:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:222 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000 
          RX bytes:20241 (19.7 KiB)  TX bytes:1500 (1.4 KiB)
          Interruption:19 Mémoire:d0600000-d0620000 

lo        Link encap:Boucle locale  
          inet adr:127.0.0.1  Masque:255.0.0.0
          adr inet6: ::1/128 Scope:Hôte
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:31 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0 
          RX bytes:3172 (3.0 KiB)  TX bytes:3172 (3.0 KiB)

I expect to reach my device on port A with .160 and on port B with .161. But I actually reach my device on port A with both .160 and .161, and none on port B.

EDIT: If I plug the Ethernet cable on the physical port A, I want to be able to join (ping or ssh connexion) my device with IP 192.168.1.160. If I plug the Ethernet cable on the physical port B, I want to be able to join (ping or ssh connexion) my device with IP 192.168.1.161. (network is 192.168.1.0/24)

My questions are:

What I am doing wrong? Are those file and calls aim to work together or are they non-compatible in their network management?
What are the tools commonly used to configure a network interface on Debian 3.16 if not those one?
Is there a link I've missed between network interfaces and the hardware?

Of course:

I've spent lot of time looking for some answers and build my method with thoses answers, plus the network configuration for Debian documentation.
I've tried to restart network interfaces with both /etc/init.d/networking restart and ifup/ifdown eth0
Finally I've re-installed my Debian for that, so I also tried to reboot.

HA OpenVPN with only one IP for the VPN client

Can't set a second network interface on a second ethernet port Debian 3.16

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?