Messy route table when using static network settings

hestiny · 11 October 2015 21:41

hi im using static settings on my eth0 connection i configured it via settings > my osmc > connection settings.
doing that add some non necessary rules to route table which then messes with my openvpn if i choose to connect to it.

this is my route table with openvpn uninstalled!

osmc@osmc:~$ route -n
Kernel IP routing table
Destination---------Gateway-----------Genmask-------------Flags----Metric-Ref----Use-Iface
0.0.0.0-------------192.168.1.1-------0.0.0.0-------------UG-------0------0--------0-eth0
4.2.2.5-------------192.168.1.1-------255.255.255.255-----UGH------0------0--------0-eth0
8.8.8.8-------------192.168.1.1-------255.255.255.255-----UGH------0------0--------0-eth0
192.168.1.0---------0.0.0.0-----------255.255.255.0-------U--------0------0--------0-eth0
192.168.1.1---------0.0.0.0-----------255.255.255.255-----UH-------0------0--------0-eth0

lines #2 #3 and #5 of the table should not be there. is this connman doing?

ps: i tried to make the output look better, that all i could do
ps 2 : i redirected the output its looking good here : http://paste.osmc.io/icekucequp.lua

srmo · 11 October 2015 22:11

I have no idea, just noticed 8.8.8.8 as Google’s DNS.

hestiny · 11 October 2015 22:41

4.2.2.5 is also another dns that i specified in osmc networkd configuratio dialoge box. but those shouldnt be added to route table…
what about last rule ? why is that added ?
ps: when i remove these they are added again at reboot

DBMandrake · 12 October 2015 10:18

It looks like connman adds explicit host routes to DNS servers that are not on the local subnet. For example if I add google DNS:

osmc@rpi2:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.0.254     0.0.0.0         UG    0      0        0 eth0
8.8.4.4         10.10.0.254     255.255.255.255 UGH   0      0        0 eth0
8.8.8.8         10.10.0.254     255.255.255.255 UGH   0      0        0 eth0
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0
10.10.0.254     0.0.0.0         255.255.255.255 UH    0      0        0 eth0

However if I configure two DNS servers that are on the local network no extra host routes are added:

osmc@rpi2:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.0.254     0.0.0.0         UG    0      0        0 eth0
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0
10.10.0.254     0.0.0.0         255.255.255.255 UH    0      0        0 eth0

Pretty sure this is done on purpose by connman and that there is a good reason for it…(although I’m not sure what off the top of my head)

To use VPN with connman the only proper way to do it is to write a “VPN agent” that will interface with connman via it’s agent API, allowing the VPN to be started and stopped by connman. If you are configuring your VPN externally and starting and stopping it with your own custom external scripts then you are going to see conflicts like this as you are trying to override the networking set up by the network manager…(connman)

hestiny · 12 October 2015 20:43

thx for ur reply.

is there an option to disable this or a workaround? using sudo route del 8.8.8.8 inside rc.local didnt help. i need these static dnses to go through my vpn connection (to bypass internet censorship)

DBMandrake · 12 October 2015 20:49

rc.local is not going to help you - it typically runs before the network even comes up, and even if it didn’t it would not run again if your network was reconfigured. Currently connman does not support /etc/if-up.d/ scripts that would run when an interface comes up.

I’m not aware of a setting that would turn this dns behaviour of connman off, it will be hard coded in connman’s source code. The only solution is probably to write a VPN agent for connman to integrate VPN support properly into connman instead of trying to go around it.

This is on our todo list (as is /etc/if-up.d support) but it is fairly far down the list at the moment.

hestiny · 12 October 2015 21:42

after inspecting some of the services in /lib/systemd/system
including connman.service i assume that using a service file which has After=network.target should run my script to del routes at the right time. what do u think ?

im trying to use this now

[Unit]
Description=fix connman
After=network.target

[Service]
ExecStart=/home/osmc/HMD/scripts/fix-route.sh

[Install]
WantedBy=multi-user.target

which doesn’t solve the problem ;(

ps: i achived what i was lookingfor by adding a simple sleep 20 to my script. i don’t know if thats gonna affect anything else. is it ?

DBMandrake · 13 October 2015 08:41

After=network.target will delay a service until the network manager has loaded, (connman in our case) but will not wait for the network to be up. If you enable “wait for network” in the network GUI and make your service After=network-online.target it will delay your service (and Kodi) until the network is up and configured, which might work as a stop gap.

However if the network goes down and then up again for any reason connman would reconfigure the routes again. The only way to do this properly would be /etc/if-up.d/ scripting (not currently supported) or writing a vpn agent for connman. (Not currently implemented in OSMC, however technically there is nothing stopping anyone else writing a vpn agent - we just haven’t had the time to do it - the API is there in connman)

sam_nazarko · 13 October 2015 08:49

Not only this, but ConnMan will reconfigure its routes regularly as part of the wispr.c module. Would not recommend doing it this way. Someone recently had a similar issue with using an external OpenVPN client and expecting routes to remain intact.

Sam

hestiny · 17 October 2015 21:25

thx for this usefull informations thats did solve some questions i had

hestiny · 17 October 2015 21:31

i wouldn’t try to use openvpn if my internet connection wasn’t censored by my government…
youtube, raido channels, subscene opensubtitle podnapsi etc all blocked . can u imagine that?

hestiny · 20 October 2015 17:32

well openvpn is now blocked here :I so i cant connect to my openvpn server. to bypass the country’s firewall now i need to setup stunnel so i can send openvpn data via this fully encrypted tunnel so they cant filter it out.

i did that and it works on my pc. now to make it work on my pi2 i did setup stunnel and openvpn yet when i connect (it successfully connects to openvpn server ) i cant ping anything i suspect this is a routing problem.
my route-n after connecting to openvpnserver via stunnel . stunnel is set to listen on 127.0.0.1:1194 and sentds its data to myserver-ip:port

osmc@osmc:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.0.5        128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
10.8.0.1        10.8.0.5        255.255.255.255 UGH   0      0        0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
127.0.0.1       192.168.1.1     255.255.255.255 UGH   0      0        0 eth0
128.0.0.0       10.8.0.5        128.0.0.0       UG    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

whats wrong in this table ? is it two 0.0.0.0 unknown hosts?
any idea guys ? @DBMandrake @sam_nazarko
thx in advance