Virtual Interfaces, vlan tags, Ethernet bridging, spanning tree, and openvpn on linux.

This post is just a collection of rough code snips and URL's to jog my memory on a few concepts in the future. It is NOT a how to and will probably not be useful to anyone else but you never know. The /etc/network/interfaces snip below was part of a creative workaround for an unreliable and out dated wide area Ethernet network I had to deal with that had no money or desire for repair or upgrade. It has now been removed from service but at the time the main network would go down for extended periods in the winter when the rural Utah mountain tops were expensive to reach by helicopter or snow cat. Using free Linux tools I could create virtual interfaces, bridge them together with spanning tree and openvpn and route the low volume critical traffic over two low cost DSL connections to restore connectivity around the broken parts.

#Note that MTU must be reduced to 1496 due to 4 byte VLAN tag.  Some ethernet drivers do not handel this automatically.
#As mentioned earlier, 802.1q works by tagging each frame with a 4-byte VLAN identifier. However, some Ethernet drivers assume the maximum frame size is 1,500 bytes. The addition of the 4-byte tag does not leave as much room for data. Thus, although small packets are sent and received correctly, large packets fail. The solution is either to drop the MTU of the VLAN device or to correct the assumptions of the driver.
#Patches are available on the Linux VLAN Web site for a variety of cards (see Resources). Several drivers work correctly out of the box (or tar.gz, as the case may be), including the e100 driver for Intel-based cards.

#root@ubuntu:~# ping -M do -s 1472 -c 1
#root@ubuntu:~# ping -M do -s 1473 -c 1
#PING ( 1473(1501) bytes of data.
#From ( icmp_seq=1 Frag needed and DF set (mtu = 1500)

auto ppp0
iface ppp0 inet ppp
pre-up ifconfig eth0
pre-up ifconfig eth1
pre-up vconfig set_name_type DEV_PLUS_VID_NO_PAD
pre-up vconfig add eth0 1
pre-up vconfig add eth0 3751
pre-up vconfig add eth0 3757
pre-up vconfig add eth1 1
pre-up vconfig add eth1 3751
pre-up vconfig add eth1 3757
pre-up ifconfig eth0.1
pre-up ifconfig eth1.1
pre-up ifconfig eth0.3751
pre-up ifconfig eth1.3751
pre-up ifconfig eth0.3757
pre-up ifconfig eth1.3757
pre-up brctl addbr br1
pre-up brctl addbr br3751
pre-up brctl addbr br3757
pre-up brctl stp br1 on
pre-up brctl stp br3751 on
pre-up brctl stp br3757 on
pre-up brctl setbridgeprio br1 0
pre-up brctl setbridgeprio br3751 0
pre-up brctl setbridgeprio br3757 0
pre-up brctl addif br1 eth0.1
pre-up brctl addif br1 eth1.1
pre-up brctl addif br3751 eth0.3751
pre-up brctl addif br3751 eth1.3751
pre-up brctl addif br3757 eth0.3757
pre-up brctl addif br3757 eth1.3757
pre-up ifconfig br1
pre-up ifconfig br1 broadcast netmask
pre-up ifconfig br1 mtu 1496
pre-up ifconfig br3751
pre-up ifconfig br3751 broadcast netmask
pre-up ifconfig br3751 mtu 1496
pre-up ifconfig br3757
pre-up ifconfig br3757 broadcast netmask
pre-up ifconfig br3757 mtu 1496
pre-up sleep 45s
post-down ifconfig br3757 mtu 1500
post-down ifconfig br3757
post-down ifconfig br3757 down
post-down ifconfig br3751 mtu 1500
post-down ifconfig br3751
post-down ifconfig br3751 down
post-down ifconfig br1 mtu 1500
post-down ifconfig br1
post-down ifconfig br1 down
post-down brctl delif br3757 eth1.3757
post-down brctl delif br3757 eth0.3757
post-down brctl delif br3751 eth1.3751
post-down brctl delif br3751 eth0.3751
post-down brctl delif br1 eth1.1
post-down brctl delif br1 eth0.1
post-down brctl setbridgeprio br3757 100
post-down brctl setbridgeprio br3751 100
post-down brctl setbridgeprio br1 100
post-down brctl stp br3757 off
post-down brctl stp br3751 off
post-down brctl stp br1 off
post-down brctl delbr br3757
post-down brctl delbr br3751
post-down brctl delbr br1
post-down ifconfig eth1.3757 down
post-down ifconfig eth0.3757 down
post-down ifconfig eth1.3751 down
post-down ifconfig eth0.3751 down
post-down ifconfig eth1.1 down
post-down ifconfig eth0.1 down
post-down vconfig rem eth1.3757
post-down vconfig rem eth1.3751
post-down vconfig rem eth1.1
post-down vconfig rem eth0.3757
post-down vconfig rem eth0.3751
post-down vconfig rem eth0.1
post-down vconfig set_name_type VLAN_PLUS_VID_NO_PAD
post-down ifconfig eth1 down
post-down ifconfig eth0 down
provider dsl-qwest

On Windows run as admin or it service. Otherwise, it cannot apply forced route data.

Create new host key:
cd /etc/openvpn/easy-rsa
source vars
./pkitool new-host-name

Revoke old host key:

cd /etc/openvpn/easy-rsa
source vars
./revoke-full old-host-name

No comments: