我正在尝试创建 tun 接口并通过 systemd-networkd 的 .netdev 和 .network 文件添加地址和对等点。我正在使用 Ubuntu 22.04.3 LTS 和 systemd 249。
我有以下两个配置文件:
/etc/systemd/network/991-tun1.netdev
[NetDev]
Name=tun1
Kind=tun
[Tun]
User=me
/etc/systemd/network/991-tun1.network
[Match]
Name=tun1
[Network]
Address=192.168.3.1/24
IPForward=yes
[Address]
Address=192.168.3.1/24
Peer=192.168.3.2/24
重新启动后,tun1 接口创建正常,但没有地址。
me@host:~$ ip a
...
4: tun1: <NO-CARRIER,POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 500
link/none
但如果我使用 ifconfig 那么地址会按预期添加。
me@host:~$ sudo ifconfig tun1 192.168.3.1 pointopoint 192.168.3.2 netmask 255.255.255.0
me@host:~$ ip a
...
4: tun1: <NO-CARRIER,POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 500
link/none
inet 192.168.3.1 peer 192.168.3.2/24 scope global tun1
valid_lft forever preferred_lft forever
重新启动后我可以在日志中看到这一点
me@host:~$ sudo journalctl --unit systemd-networkd -fe|grep tun1
...
systemd-networkd[513]: tun1: loaded tun
systemd-networkd[513]: tun1: Created
systemd-networkd[513]: tun1: netdev has index 4
systemd-networkd[513]: tun1: Permanent MAC address not found for new device, continuing without: Operation not supported
systemd-networkd[513]: tun1: Link 4 added
systemd-networkd[513]: tun1: Saved original MTU 1500 (min: 68, max: 65535)
systemd-networkd[513]: tun1: Flags change: +MULTICAST +POINTOPOINT +NOARP
systemd-networkd[513]: tun1: link pending udev initialization...
systemd-networkd[513]: tun1: udev initialized link
systemd-networkd[513]: tun1: State changed: pending -> initialized
systemd-networkd[513]: tun1: Link state is up-to-date
systemd-networkd[513]: tun1: found matching network '/etc/systemd/network/991-tun1.network'.
systemd-networkd[513]: tun1: State changed: initialized -> configuring
systemd-networkd[513]: Setting '/proc/sys/net/ipv6/conf/tun1/disable_ipv6' to '0'
systemd-networkd[513]: Setting '/proc/sys/net/ipv6/conf/tun1/use_tempaddr' to '0'
systemd-networkd[513]: Setting '/proc/sys/net/ipv6/conf/tun1/accept_ra' to '0'
systemd-networkd[513]: Setting '/proc/sys/net/ipv6/conf/tun1/proxy_ndp' to '0'
systemd-networkd[513]: Setting '/proc/sys/net/ipv4/conf/tun1/promote_secondaries' to '1'
systemd-networkd[513]: tun1: Requested to set IPv6LL address generation mode
systemd-networkd[513]: tun1: Requested to set master interface
systemd-networkd[513]: tun1: Requested to activate link
systemd-networkd[513]: tun1: Requesting address: 192.168.3.1/24 (valid forever, preferred forever), flags: n/a
systemd-networkd[513]: tun1: Requesting address: 192.168.3.1 peer 192.168.3.2/24 (valid forever, preferred forever), flags: n/a
systemd-networkd[513]: tun1: Setting addresses
systemd-networkd[513]: tun1: link_check_ready(): link layer is configuring.
systemd-networkd[513]: tun1: link_check_ready(): link layer is configuring.
systemd-networkd[513]: tun1: link_check_ready(): link layer is configuring.
systemd-networkd[513]: tun1: link_check_ready(): link layer is configuring.
systemd-networkd[513]: tun1: link_check_ready(): link layer is configuring.
systemd-networkd[513]: tun1: link_check_ready(): link layer is configuring.
systemd-networkd[513]: tun1: link_check_ready(): link layer is configuring.
systemd-networkd[513]: tun1: link_check_ready(): link layer is configuring.
systemd-networkd[513]: tun1: Setting IPv6LL address generation mode
systemd-networkd[513]: tun1: Setting master interface
systemd-networkd[513]: tun1: IPv6LL address generation mode set.
systemd-networkd[513]: tun1: master interface set.
systemd-networkd[513]: tun1: link_check_ready(): link is not activated.
systemd-networkd[513]: tun1: Bringing link up
systemd-networkd[513]: tun1: Flags change: +UP
systemd-networkd[513]: tun1: Link UP
systemd-networkd[513]: tun1: link_check_ready(): static addresses are not configured.
为什么 systemd-networkd 没有将地址添加到 tun1 接口以及如何使其添加地址?
Systemd networkd(如 NetworkManager)对运营商状态做出反应,这会影响接口上的地址配置。
对于 TUN/TAP 接口,状态将保持在
NO-CARRIER
,直到用户空间进程(例如ssh -w ...
)正确连接到接口:然后虚拟载体状态将切换为已检测到。默认情况下,只有以下部分的配置(例如添加地址)才会由networkd完成。要使其忽略运营商状态,应为设备添加以下参数:
特别是描述
ConfigureWithoutCarrier
告诉:第二个参数(在第一个参数启用时可能默认启用,因此这里可能实际上不需要),允许停止并重新启动附加到 TUN 接口(例如
ssh -w ...
)的用户空间进程,而不会导致设置发生任何更改。