Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xl2tpd: add up/down scripts for xl2tpd #17037

Closed
wants to merge 1 commit into from
Closed

xl2tpd: add up/down scripts for xl2tpd #17037

wants to merge 1 commit into from

Conversation

igsha
Copy link
Contributor

@igsha igsha commented Jul 17, 2016

Motivation for this change

xl2tpd: The lack of up/down scripts to update, e.g., resolv.conf, and autoStart option like it was done for openvpn module.
libredirect: pppd uses execve and redirecting execv is not enough.

Things done
  • Tested using sandboxing
    (nix.useChroot on NixOS,
    or option build-use-chroot in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • OS X
    • Linux
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@mention-bot
Copy link

@igsha, thanks for your PR! By analyzing the annotation information on this pull request, we identified @obadz, @edolstra and @demin-dmitriy to be potential reviewers

edolstra
edolstra reviewed Jul 18, 2016
View reviewed changes
nixos/modules/services/networking/xl2tpd.nix
#!/bin/sh
export PATH=${path}
${cfg.up}
EOF
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a dangerous way to generate the ip-up/down scripts. What if cfg.up contains the string EOF? Seems better to use pkgs.writeScript.

@obadz
Copy link
Contributor

obadz commented Jul 18, 2016

Agree with @edolstra re pkgs.writeScript. Also would I would not put it in /etc, would probably use another redirect instead?

@edolstra
Copy link
Member

In fact, maybe you can use environment.etc to set up the files?

grahamc
grahamc reviewed Jul 18, 2016
View reviewed changes
nixos/modules/services/networking/xl2tpd.nix
description = "Contents of down script.";
default = "";
example = literalExample ''
''${pkgs.openresolv}/sbin/resolvconf -d ppp0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To demonstrate that nixos isn't magic, it might be good to have route add's down counterpart.

@obadz
Copy link
Contributor

obadz commented Jul 18, 2016

@igsha, I'm a bit confused about the fact that you're putting commands that are typically client side on the server-side config? Could you elaborate on what you're trying to do?

@igsha
Copy link
Contributor Author

igsha commented Jul 18, 2016

@obadz, yes, you are right. I'm trying to add client side functionality to the module. May be I should separate server and client configs like it was done for openvpn module? BTW, redirects are needed only for pppd, and I can generate xl2tpd-config file with the help of pkgs.writeScript. I'm not sure about environment.etc because multiple instances will have intersecting configs/scripts, and this approach should be investigated.

@obadz
Copy link
Contributor

obadz commented Jul 19, 2016

@igsha, have you thought about using the networkmanager plugin?

@igsha
Copy link
Contributor Author

igsha commented Jul 22, 2016

@obadz, no, I've never used networkmanager before. I've tried networkmanager. It works for me now. But l2tp plugin cannot be configured from terminal that may be inconvenient in some situations. Anyway I'm please with your advice.
What about this PR? It still has a potential fix for pppd (libredirect). Also, I can move all configuration stuff to environment.etc.

@obadz
Copy link
Contributor

obadz commented Jul 25, 2016

@igsha, could you explain what your addition to libredirect is fixing? Did you get pppd errors without it and if so which errors?

Also why did you need to add the killall pppd? Did you find lingering pppd processes? I'm concerned that this could kill pppds that don't belong to xl2tp

@igsha
Copy link
Contributor Author

igsha commented Jul 27, 2016

@obadz, without libredirect fix, pppd starts ip-up/down scripts from wrong location (/etc/ppp instead of /etc/xl2tpd/ppp). If I don't use up/down scripts, pppd works fine.
killall pppd is a bad idea, I agree. But without it, I see that xl2tpd can't correctly stop pppd instances. Several reconnects lead to leaking of pppd instances. E.g., my xl2tpd session (tested xl2tpd as client side):

[root@isharonov-pc:~]# systemctl status xl2tpd.service 
● xl2tpd.service - xl2tpd server
   Loaded: loaded (/nix/store/ns226jhkhcxi7bcgvks2i9xjzvwm8bzn-unit-xl2tpd.service/xl2tpd.service; bad; vendor preset: enabled)
   Active: active (running) since Wed 2016-07-27 16:25:08 MSK; 5s ago
  Process: 27607 ExecStartPre=/nix/store/q5kgx455njs3sb7x2ipiw9cb98s69g20-unit-script/bin/xl2tpd-pre-start (code=exited, status=0/SUCCESS)
 Main PID: 27620 (xl2tpd)
   CGroup: /system.slice/xl2tpd.service
           ├─27620 /nix/store/cv95khbphscrcnrdcdx8fxmrn3s1rhmh-xl2tpd-1.3.7/bin/xl2tpd -D -c /nix/store/4hs001z1k3w8nbkf2qhx2w5yjk42vl30-xl2tpd.conf -s /etc/xl2tpd/l2tp-secrets -p /run/xl2tpd/pid -C /run/xl2tpd/control
           └─27622 /nix/store/fygj25ghyzcs9kibgwj6xq0qm4kqza1h-ppp-2.4.7/sbin/pppd /dev/pts/1 passive nodetach : debug file /nix/store/7d5w161ih5sm2mqv50fxi4j5hv9grfiy-mega-mega-pppd.conf

Jul 27 16:25:08 isharonov-pc pppd[27622]: rcvd [CCP ConfNak id=0x2 <mppe +H -M -S +L -D -C>]
Jul 27 16:25:08 isharonov-pc pppd[27622]: sent [CCP ConfReq id=0x3]
Jul 27 16:25:08 isharonov-pc pppd[27622]: rcvd [IPCP ConfAck id=0x3 <addr 192.168.242.14> <ms-dns1 192.168.1.30> <ms-dns2 80.90.126.250>]
Jul 27 16:25:08 isharonov-pc pppd[27622]: local  IP address 192.168.242.14
Jul 27 16:25:08 isharonov-pc pppd[27622]: remote IP address 192.168.242.1
Jul 27 16:25:08 isharonov-pc pppd[27622]: primary   DNS address 192.168.1.30
Jul 27 16:25:08 isharonov-pc pppd[27622]: secondary DNS address 80.90.126.250
Jul 27 16:25:08 isharonov-pc pppd[27622]: rcvd [CCP ConfNak id=0x3 <mppe +H -M -S -L -D -C>]
Jul 27 16:25:08 isharonov-pc pppd[27622]: sent [CCP ConfReq id=0x4]
Jul 27 16:25:08 isharonov-pc pppd[27622]: rcvd [CCP ConfAck id=0x4]

[root@isharonov-pc:~]# systemctl stop xl2tpd.service 

[root@isharonov-pc:~]# systemctl status xl2tpd.service 
● xl2tpd.service - xl2tpd server
   Loaded: loaded (/nix/store/ns226jhkhcxi7bcgvks2i9xjzvwm8bzn-unit-xl2tpd.service/xl2tpd.service; bad; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2016-07-27 16:25:26 MSK; 1s ago
  Process: 27620 ExecStart=/nix/store/hznym1lfyah7dc9finn76hc8c49xh99d-xl2tpd-ppp-wrapped/bin/xl2tpd -D -c /nix/store/4hs001z1k3w8nbkf2qhx2w5yjk42vl30-xl2tpd.conf -s /etc/xl2tpd/l2tp-secrets -p /run/xl2tpd/pid -C /run/xl2tpd/control (cod
  Process: 27607 ExecStartPre=/nix/store/q5kgx455njs3sb7x2ipiw9cb98s69g20-unit-script/bin/xl2tpd-pre-start (code=exited, status=0/SUCCESS)
 Main PID: 27620 (code=exited, status=1/FAILURE)
   CGroup: /system.slice/xl2tpd.service
           └─27622 /nix/store/fygj25ghyzcs9kibgwj6xq0qm4kqza1h-ppp-2.4.7/sbin/pppd /dev/pts/1 passive nodetach : debug file /nix/store/7d5w161ih5sm2mqv50fxi4j5hv9grfiy-mega-mega-pppd.conf

Jul 27 16:25:26 isharonov-pc pppd[27622]: Failed to open /dev/pts/1: No such file or directory
Jul 27 16:25:26 isharonov-pc pppd[27622]: Failed to open /dev/pts/1: No such file or directory
Jul 27 16:25:26 isharonov-pc pppd[27622]: Failed to open /dev/pts/1: No such file or directory
Jul 27 16:25:26 isharonov-pc pppd[27622]: Failed to open /dev/pts/1: No such file or directory
Jul 27 16:25:26 isharonov-pc pppd[27622]: Failed to open /dev/pts/1: No such file or directory
Jul 27 16:25:26 isharonov-pc pppd[27622]: Failed to open /dev/pts/1: No such file or directory
Jul 27 16:25:26 isharonov-pc pppd[27622]: Failed to open /dev/pts/1: No such file or directory
Jul 27 16:25:26 isharonov-pc pppd[27622]: Failed to open /dev/pts/1: No such file or directory
Jul 27 16:25:26 isharonov-pc pppd[27622]: Failed to open /dev/pts/1: No such file or directory
Jul 27 16:25:26 isharonov-pc pppd[27622]: Failed to open /dev/pts/1: No such file or directory

@mmahut
Copy link
Member

mmahut commented Aug 11, 2019

Are there any updates on this pull request, please?

@stale
Copy link

stale bot commented Jun 1, 2020

Thank you for your contributions.
This has been automatically marked as stale because it has had no activity for 180 days.
If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.
Here are suggestions that might help resolve this more quickly:

  1. Search for maintainers and people that previously touched the
    related code and @ mention them in a comment.
  2. Ask on the NixOS Discourse. 3. Ask on the #nixos channel on
    irc.freenode.net.

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jun 1, 2020
@igsha
Copy link
Contributor Author

igsha commented Jun 2, 2020

Just close it very outdated PR because I don't have xl2tpd server any more and can't test.

@igsha igsha closed this Jun 2, 2020
@igsha igsha deleted the xl2tpd branch November 18, 2021 18:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md 9.needs: clean-up
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@igsha @mention-bot @obadz @edolstra @mmahut @grahamc @veprbl