背景:フランスのISP(Orange Fiber)によって提供されたルーターは不都合で、数年前にUbiquity ER-4と交換しました。今Debian 10とsystemd-networkd
。
ルーターのパブリックIPを取得するには、特定のVLANタグを含むDHCP要求を送信する必要があります。私の設定は次のとおりです。数時間IPを取得しようとしましたが、DHCP呼び出しは完了しません(応答なし)。問題の1つは90
DHCP呼び出しの一部として使用する必要があるオプションの形式ですが、最初にVLANのIPを取得する一般的な方法が正しいことを確認したいと思います。
まず、ファイルにVLANを定義します.netdev
。
[NetDev]
Name=orange.832
Kind=vlan
[VLAN]
Id=832
その後、このVLANをファイルのインターフェイスに挿入しました.network
。
[Match]
Name=enp2s0
Type=ether
[Network]
Description=ethernet interface with VLAN attached
VLAN=orange.832
# In case of 'tagged only' setups, you probably don't need any IP
# configuration on the link without VLAN (or: default VLAN).
# For that just omit an [Address] section and disable all the
# autoconfiguration magic like this:
LinkLocalAddressing=no
LLDP=no
EmitLLDP=no
IPv6AcceptRA=no
IPv6SendRA=no
.network
最後に、DHCPを介してIPアドレスを取得するようにVLAN(ファイル経由)を設定します。
[Match]
# matches the VLAN on enp2s0
Name=orange.832
[Network]
Description=orange internet
DHCP=ipv4
#KeepConfiguration=dhcp
IPForward=yes
[DHCPv4]
#SendRelease=false
VendorClassIdentifier=sagem
UserClass=FSVDSL_livebox.Internet.softathome.Livebox3
UseHostname=no
# below is the authentication string which I have a hard time setting but it is completely specific to Orange in France
SendOption=90:string:\x00\x00\x00\....
[Link]
RequiredForOnline=yes
私のファイアウォールは現在完全に開いています(/etc/nftables.conf
)。
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0;
}
chain forward {
type filter hook forward priority 0;
}
chain output {
type filter hook output priority 0;
}
}
この設定は合理的に見えますか? (つまり、これがsystemd-networkd
VLAN IP検索を設定する正しい方法ですか?)
少し懸念される点の1つは、リンクにVLANへの言及がないことです。
root@router:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:e2:69:59:33:a2 brd ff:ff:ff:ff:ff:ff
3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:e2:69:59:33:a3 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.201/24 brd 192.168.10.255 scope global enp3s0
valid_lft forever preferred_lft forever
inet6 fe80::2e2:69ff:fe59:33a3/64 scope link
valid_lft forever preferred_lft forever
4: enp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:e2:69:59:33:a4 brd ff:ff:ff:ff:ff:ff
5: enp5s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:e2:69:59:33:a5 brd ff:ff:ff:ff:ff:ff
6: orange.832@enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
link/ether 00:e2:69:59:33:a2 brd ff:ff:ff:ff:ff:ff
更新されたフォローアップコメント:
/etc/network/interfaces
存在せず空で使用して/etc/network/interfaces.d
いるためインストールされvlan
ていません。systemd-networkd
networkctl
出力
root@router:~# networkctl list
IDX LINK TYPE OPERATIONAL SETUP
1 lo loopback carrier unmanaged
2 enp2s0 ether no-carrier configuring
3 enp3s0 ether routable configured
4 enp4s0 ether off unmanaged
5 enp5s0 ether off unmanaged
6 orange.832 vlan no-carrier configuring
またありますnetworkctl status
root@router:~# networkctl status -a | cat
● 1: lo
Link File: /usr/lib/systemd/network/99-default.link
Network File: n/a
Type: loopback
State: carrier (unmanaged)
HW Address: 00:00:00:00:00:00
MTU: 65536
QDisc: noqueue
IPv6 Address Generation Mode: eui64
Queue Length (Tx/Rx): 1/1
Address: 127.0.0.1
::1
● 2: enp2s0
Link File: /usr/lib/systemd/network/99-default.link
Network File: /etc/systemd/network/enp2s0-ETH0-wan.network
Type: ether
State: no-carrier (configuring)
Path: pci-0000:02:00.0
Driver: igc
Vendor: Intel Corporation
Model: Ethernet Controller I225-V
HW Address: 00:e2:69:59:33:a2
MTU: 1500 (min: 68, max: 9216)
QDisc: mq
IPv6 Address Generation Mode: none
Queue Length (Tx/Rx): 4/4
Auto negotiation: yes
Speed: n/a
Port: tp
Aug 19 18:41:36 router systemd-networkd[249]: enp2s0: Link UP
● 3: enp3s0
Link File: /usr/lib/systemd/network/99-default.link
Network File: /etc/systemd/network/enp3s0-ETH1-lan.network
Type: ether
State: routable (configured)
Path: pci-0000:03:00.0
Driver: igc
Vendor: Intel Corporation
Model: Ethernet Controller I225-V
HW Address: 00:e2:69:59:33:a3
MTU: 1500 (min: 68, max: 9216)
QDisc: mq
IPv6 Address Generation Mode: eui64
Queue Length (Tx/Rx): 4/4
Auto negotiation: yes
Speed: 100Mbps
Duplex: full
Port: tp
Address: 192.168.10.201
fe80::2e2:69ff:fe59:33a3
Gateway: 192.168.10.1 (Ubiquiti Networks Inc.)
DNS: 192.168.10.3
DHCP6 Client DUID: DUID-EN/Vendor:0000ab1193e3b0e6f387bfe80000
Connected To: n/a on port 98:fa:9b:78:f7:8b
ap-couloir on port f0:9f:c2:73:34:fe (eth0)
Aug 19 18:41:36 router systemd-networkd[249]: enp3s0: Link UP
Aug 19 18:41:38 router systemd-networkd[249]: enp3s0: Gained carrier
Aug 19 18:41:40 router systemd-networkd[249]: enp3s0: Gained IPv6LL
● 4: enp4s0
Link File: /usr/lib/systemd/network/99-default.link
Network File: n/a
Type: ether
State: off (unmanaged)
Path: pci-0000:04:00.0
Driver: igc
Vendor: Intel Corporation
Model: Ethernet Controller I225-V
HW Address: 00:e2:69:59:33:a4
MTU: 1500 (min: 68, max: 9216)
QDisc: noop
IPv6 Address Generation Mode: eui64
Queue Length (Tx/Rx): 4/4
Auto negotiation: yes
Speed: n/a
Port: tp
● 5: enp5s0
Link File: /usr/lib/systemd/network/99-default.link
Network File: n/a
Type: ether
State: off (unmanaged)
Path: pci-0000:05:00.0
Driver: igc
Vendor: Intel Corporation
Model: Ethernet Controller I225-V
HW Address: 00:e2:69:59:33:a5
MTU: 1500 (min: 68, max: 9216)
QDisc: noop
IPv6 Address Generation Mode: eui64
Queue Length (Tx/Rx): 4/4
Auto negotiation: yes
Speed: n/a
Port: tp
● 6: orange.832
Link File: /usr/lib/systemd/network/99-default.link
Network File: /etc/systemd/network/wan.network
Type: vlan
State: no-carrier (configuring)
Driver: 802.1Q VLAN Support
HW Address: 00:e2:69:59:33:a2
MTU: 1500 (max: 65535)
QDisc: noqueue
IPv6 Address Generation Mode: eui64
VLan Id: 832
Queue Length (Tx/Rx): 1/1
Auto negotiation: yes
Speed: n/a
Port: tp
Aug 19 18:41:36 router systemd-networkd[249]: orange.832: netdev ready
Aug 19 18:41:36 router systemd-networkd[249]: orange.832: Link UP
答え1
これは有効なシステムネットワーク設定です。
phy0
より良い管理のために、物理NICの名前を次のように変更します。- WAN(インターネット)およびLAN用のVLANを保持
- WAN は DHCP を使用します。
- LAN および WAN VLAN インターフェイスの MAC アドレスは、より良い管理とロギングのためになりすまします。
- LAN DHCP サーバーの有効化
- ISPはDHCPを使用せず、
SendOption
通常のDHCPv4のみを使用します。
物理ネットワークカード
/etc/systemd/network/10-phy0.link
:(特定のMACアドレスを持つ物理ネットワークカードの名前をに変更phy0
)
[Match]
MACAddress=4d:ec:ef:04:76:8e
[Link]
# Rename NIC for better management purposes
Name=phy0
Description=Physical ethernet port 0 behind motherboard
# Use Jumbo frames
MTUBytes=9000
MACAddressPolicy=persistent
AutoNegotiation=yes
# Disable some HW accelerations because possible NIC bugs
ReceiveChecksumOffload=no
TransmitChecksumOffload=no
TCPSegmentationOffload=no
TCP6SegmentationOffload=no
GenericSegmentationOffload=no
GenericReceiveOffload=no
LargeReceiveOffload=no
/etc/systemd/network/phy0.network
:(VLANをNICに接続)
[Match]
Name=phy0
[Network]
Description=Network for phy0
# Attach VLANs
VLAN=lan0
VLAN=wan0
DHCP=no
IPForward=yes
IPMasquerade=no
LinkLocalAddressing=no
LLDP=no
EmitLLDP=no
# It is "dumb" because of VLANs
ConfigureWithoutCarrier=yes
[Link]
RequiredForOnline=yes
ARP=no
Multicast=no
AllMulticast=no
Unmanaged=no
Promiscuous=no
VLAN:
ローカルエリアネットワーク:
/etc/systemd/network/lan0.netdev
:
[NetDev]
Description=LAN VLAN
Name=lan0
Kind=vlan
# Change MAC for better management and logs
MACAddress=ba:f4:4d:17:1b:48
[VLAN]
Id=123
LooseBinding=yes
ReorderHeader=yes
/etc/systemd/network/lan0.network
:
[Match]
Name=lan0
[Network]
Description=LAN network
BindCarrier=phy0
DHCP=no
Address=192.168.100.1/24
Domains=home-net.lan
IPForward=yes
IPMasquerade=ipv4
LinkLocalAddressing=no
LLDP=yes
EmitLLDP=nearest-bridge
# See [DHCPServer]
DHCPServer=yes
[Link]
ActivationPolicy=always-up
ARP=yes
Multicast=no
AllMulticast=no
Unmanaged=no
RequiredForOnline=yes
ConfigureWithoutCarrier=yes
# Act as DHCP server
[DHCPServer]
BindToInterface=yes
ServerAddress=192.168.100.1/24
# Start from .128
PoolOffset=128
DefaultLeaseTimeSec=21600
MaxLeaseTimeSec=86400
EmitDNS=yes
DNS=192.168.100.1
EmitNTP=yes
NTP=192.168.100.1
EmitRouter=yes
EmitTimezone=yes
WAN(インターネット):
/etc/systemd/network/wan0.netdev
:
[NetDev]
Description=WAN0 VLAN
Name=wan0
# Use standard MTU for internet
MTUBytes=1500
Kind=vlan
# Change MAC for better management and logs
MACAddress=0a:94:cf:7b:71:07
[VLAN]
Id=1000
LooseBinding=yes
ReorderHeader=yes
/etc/systemd/network/wan0.network
[Match]
Name=wan0
[Network]
Description=Internet
BindCarrier=phy0
DHCP=yes
DNS=192.168.100.1
IPForward=yes
IPMasquerade=ipv4
LinkLocalAddressing=no
LLMNR=no
LLDP=no
EmitLLDP=no
MulticastDNS=no
[Link]
ARP=yes
Multicast=no
AllMulticast=no
Unmanaged=no
RequiredForOnline=no
ConfigureWithoutCarrier=yes
nftables
netdevアドレスファミリはVLANタグとARPトラフィックのみを許可しますphy0
。
table netdev if_traffic {
chain physical_in {
type filter hook ingress device phy0 priority filter; policy drop;
ether type vlan counter packets 0 bytes 0 accept
meta protocol arp counter packets 0 bytes 0 accept
}
}
ノート:netdev
ルールによってnftables
インターフェイスがまだ存在しない可能性があるため(たとえば、VLANインターフェイスに許可されているMAC / IPアドレスルールを追加した場合など)、起動が正しく開始されないため、次の方法で再起動を有効にする必要がありますnftables
。
systemctl edit nftables
そして、以下を追加してください:
[Service]
Restart=on-failure
RestartSec=30
トラブルシューティング
systemd-networkdデバッグログは、次のように有効にできます(AFAIKを再起動する必要があります)。
systemctl edit systemd-networkd
そして、以下を追加してください:
[Service]
Environment=SYSTEMD_LOG_LEVEL=debug
これで、次のDHCPログを表示できます。
journalctl -b -o short-monotonic --no-hostname -u systemd-networkd -u systemd-udevd
次のようにする必要があります。
[ 10.747475] systemd-networkd[453]: wan0: Requested configuring of the DHCPv4 client.
[ 10.749483] systemd-networkd[453]: wan0: DHCPv4 client is configured.
[ 10.765793] systemd-networkd[453]: wan0: link_check_ready(): DHCPv4, DHCPv6, DHCP-PD or IPv4LL is enabled but no dynamic address is assigned yet.
[ 14.371914] systemd-networkd[453]: wan0: DHCPv4 client: STARTED on ifindex 4
[ 14.372147] systemd-networkd[453]: wan0: Acquiring DHCPv4 lease.
[ 14.372362] systemd-networkd[453]: wan0: link_check_ready(): DHCPv4, DHCPv6, DHCP-PD or IPv4LL is enabled but no dynamic address is assigned yet.
[ 14.612883] systemd-networkd[453]: wan0: DHCPv4 client: DISCOVER
[ 14.648075] systemd-networkd[453]: wan0: DHCPv4 client: Received message from RAW socket, processing.
[ 14.648446] systemd-networkd[453]: wan0: DHCPv4 client: OFFER
[ 14.648669] systemd-networkd[453]: wan0: DHCPv4 client: REQUEST (requesting)
[ 14.683557] systemd-networkd[453]: wan0: DHCPv4 client: Received message from RAW socket, processing.
[ 14.683858] systemd-networkd[453]: wan0: DHCPv4 client: ACK
[ 14.703211] systemd-networkd[453]: wan0: DHCPv4 client: lease expires in 3h 59min 59s
[ 14.703397] systemd-networkd[453]: wan0: DHCPv4 client: T2 expires in 3h 30min
[ 14.703557] systemd-networkd[453]: wan0: DHCPv4 client: T1 expires in 1h 59min 59s
[ 14.704047] systemd-networkd[453]: wan0: DHCPv4 address XXX.XXX.XXX.XXX/24, gateway XXX.XXX.XXX.XXX acquired from XXX.XXX.XXX.XXX
[ 14.704224] systemd-networkd[453]: wan0: Requesting DHCPv4 address (n/a): XXX.XXX.XXX.XXX/24 (valid for 3h 59min 59s, preferred for 3h 59min 59s), flags: tentative, scope: global
[ 14.704371] systemd-networkd[453]: wan0: DHCP: No static routes received from DHCP server.
[ 14.704506] systemd-networkd[453]: wan0: Requesting DHCPv4 route (n/a): dst: XXX.XXX.XXX.XXX/32, src: n/a, gw: n/a, prefsrc: XXX.XXX.XXX.XXX, scope: link, table: main(254), proto: dhcp, type: unicast, nexthop: 0, priority: 1024, flags: n/a
[ 14.704649] systemd-networkd[453]: wan0: Requesting DHCPv4 route (n/a): dst: n/a, src: n/a, gw: XXX.XXX.XXX.XXX, prefsrc: XXX.XXX.XXX.XXX, scope: global, table: main(254), proto: dhcp, type: unicast, nexthop: 0, priority: 1024, flags: n/a
答え2
ethtool
その機能が有効(オン)になっていることを確認してください。
tcp-segmentation-offload generic-segmentation-offload generic-receive-offload rx-vlan-offload tx-vlan-offload hw-tc-offload
ethtool -K <physical_iface> xxx on
それからもう一度やり直してください。