A question about the virtual NIC

Issues related to configuring your network
hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

A question about the virtual NIC

Post by hack3rcon » 2023/07/27 11:41:39

Hello,
Is the behavior of a virtual NIC and its creation rules different in different Linux distributions? For example, on https://wiki.debian.org/NetworkConfigur ... _Interface you can see:
An alias interface should not have "gateway" or "dns-nameservers"; dynamic IP assignment is permissible.
So, on Debian Linux, a virtual NIC doesn't need a gateway and a netmask. How about CentOS, Red Hat and other Red Hat based Linux distributions?


Thank you.

User avatar
jlehtone
Posts: 4551
Joined: 2007/12/11 08:17:33
Location: Finland

Re: A question about the virtual NIC

Post by jlehtone » 2023/07/27 12:35:00

That page says that "alias interface" is a legacy method and therefore should not be used (in any distro).

Prefix is simpler and less error-prone method to state the same as netmask does. Both split IP address into subnet anh host-specific parts.

The gateway is used to tell which router is used in default route. Logically, the machine should have only one default regardless of the number of interfaces (and addresses).

hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

Re: A question about the virtual NIC

Post by hack3rcon » 2023/07/27 20:51:49

jlehtone wrote:
2023/07/27 12:35:00
That page says that "alias interface" is a legacy method and therefore should not be used (in any distro).

Prefix is simpler and less error-prone method to state the same as netmask does. Both split IP address into subnet anh host-specific parts.

The gateway is used to tell which router is used in default route. Logically, the machine should have only one default regardless of the number of interfaces (and addresses).
Hello,
Thank you so much for your reply.
Prefix?
What is the new method of creating a virtual NIC?

User avatar
jlehtone
Posts: 4551
Joined: 2007/12/11 08:17:33
Location: Finland

Re: A question about the virtual NIC

Post by jlehtone » 2023/07/27 22:01:46

hack3rcon wrote:
2023/07/27 20:51:49
What is the new method of creating a virtual NIC?
Forget the "virtual NIC" for a moment and do describe what you actually want to achieve.

hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

Re: A question about the virtual NIC

Post by hack3rcon » 2023/07/28 18:36:10

jlehtone wrote:
2023/07/27 22:01:46
hack3rcon wrote:
2023/07/27 20:51:49
What is the new method of creating a virtual NIC?
Forget the "virtual NIC" for a moment and do describe what you actually want to achieve.
Hello,
Thanks again.
Suppose you have an OpenVPN server with a NIC and three public IP addresses. For example:

Code: Select all

1.2.3.4
1.2.3.5
1.2.3.6
You want to set up multiple OpenVPN servers on each of these IP addresses. For example, on the IP 1.2.3.4, you want to run OpenVPN configuration files Server-1.conf, Server-2.conf and Server-3.conf. A number of servers should be run on the rest of the IP addresses in the same way. Each OpenVPN configuration file is something like below:

Code: Select all

port 1196
proto udp
dev tun1
topology "subnet"
push "topology subnet"
ca /etc/openvpn/ca.crt 
cert /etc/openvpn/server.crt 
key /etc/openvpn/server.key 
dh /etc/openvpn/dh.pem
server 10.10.0.0 255.255.255.0 
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8" 
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0 
data-ciphers AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1
This is my goal.

User avatar
jlehtone
Posts: 4551
Joined: 2007/12/11 08:17:33
Location: Finland

Re: A question about the virtual NIC

Post by jlehtone » 2023/07/28 20:58:09

Do you say that one can run three openvpn services on one interface/address?
If true, then one can surely run nine openvpn services on the same address too.
The use of more than one address on that one subnet is thus not necessary.


It is possible to assign multiple addresses to one interface, just like the Debian page said.
For example:

Code: Select all

nmcli con mod eth0 ipv4.addresses "1.2.3.4/24, 1.2.3.5/24, 1.2.3.6/24"
(Assuming that the prefix of the subnet is 24 and that the name of the connection is eth0.)

However, in order to get the addresses that are on same subnet to somewhat work, one has to also
configure policy-based routing (aka source-based routing). That too is possible with nmcli.

hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

Re: A question about the virtual NIC

Post by hack3rcon » 2023/07/29 05:02:14

jlehtone wrote:
2023/07/28 20:58:09
Do you say that one can run three openvpn services on one interface/address?
If true, then one can surely run nine openvpn services on the same address too.
The use of more than one address on that one subnet is thus not necessary.


It is possible to assign multiple addresses to one interface, just like the Debian page said.
For example:

Code: Select all

nmcli con mod eth0 ipv4.addresses "1.2.3.4/24, 1.2.3.5/24, 1.2.3.6/24"
(Assuming that the prefix of the subnet is 24 and that the name of the connection is eth0.)

However, in order to get the addresses that are on same subnet to somewhat work, one has to also
configure policy-based routing (aka source-based routing). That too is possible with nmcli.
Hello,
Thank you so much for your reply.
No.
In which file does this command write the settings?
How do I delete the added IP?

User avatar
jlehtone
Posts: 4551
Joined: 2007/12/11 08:17:33
Location: Finland

Re: A question about the virtual NIC

Post by jlehtone » 2023/07/29 13:31:40

hack3rcon wrote:
2023/07/29 05:02:14
In which file does this command write the settings?
How do I delete the added IP?
In whatever file the NetworkManager does use for storing the config. We supposedly don't need to know.
(The rationale is that the tools, like nmcli, do use proper syntax in file -- something that humans can fail to do.)

Up to EL8 the NM did use the legacy RH's initscripts config syntax and files (for most connections).
In EL9 NM uses it's own, new config file format and location.


AFAIK, there are two possibilities:
1. Since ipv4.addresses is a list, a remove from list should function:

Code: Select all

nmcli con mod eth0 -ipv4.addresses "1.2.3.5/24"
(This should leave 1.2.3.4/24 and 1.2.3.6/24.)

2. The other option is to set the addresses that you want:

Code: Select all

nmcli con mod eth0 ipv4.addresses "1.2.3.4/24"
You can see the defined connections with nmcli con show
You can see the details of connection "eth0" with nmcli con show eth0

hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

Re: A question about the virtual NIC

Post by hack3rcon » 2023/07/29 13:45:33

jlehtone wrote:
2023/07/29 13:31:40
hack3rcon wrote:
2023/07/29 05:02:14
In which file does this command write the settings?
How do I delete the added IP?
In whatever file the NetworkManager does use for storing the config. We supposedly don't need to know.
(The rationale is that the tools, like nmcli, do use proper syntax in file -- something that humans can fail to do.)

Up to EL8 the NM did use the legacy RH's initscripts config syntax and files (for most connections).
In EL9 NM uses it's own, new config file format and location.


AFAIK, there are two possibilities:
1. Since ipv4.addresses is a list, a remove from list should function:

Code: Select all

nmcli con mod eth0 -ipv4.addresses "1.2.3.5/24"
(This should leave 1.2.3.4/24 and 1.2.3.6/24.)

2. The other option is to set the addresses that you want:

Code: Select all

nmcli con mod eth0 ipv4.addresses "1.2.3.4/24"
You can see the defined connections with nmcli con show
You can see the details of connection "eth0" with nmcli con show eth0
Hello,
Thanks again.
1- No option to delete?
2- How do I apply these changes permanently?

User avatar
jlehtone
Posts: 4551
Joined: 2007/12/11 08:17:33
Location: Finland

Re: A question about the virtual NIC

Post by jlehtone » 2023/07/29 14:47:14

Delete what? All addresses? Set ipv4.addresses ""

All changes by nmcli are permanent. In fact, some don't even show in action until you reload.
(Reboot, or restart NetworkManager.service, or nmcli con down eth0 ; nmcli con up eth0.)

Post Reply