1

Maybe this question has been answered somewhere before but I can’t seems to figure it out as yet. Lately I’m having some issues with my Ubuntu 20.04 server. I installed OpenVPN and I can successfully create a vpn tunnel with NordVPN. Problem is that when the tunnel is created the connection breaks down and I cannot ssh back into the server unless I add some ip routes. I found a solution for this: Assuming the server real ip is 185.230.125.107, I manually added the routes as follows:

sudo ip rule add from 185.230.125.107 table 128
sudo ip route add table 128 185.230.125.107/32 dev eno0
sudo ip route add table 128 default via 185.230.125.254

This works fine until reboot. After the machine restarts, I have to add those rules back in again. My question is this: How would I add these rules, making them persistent so at reboot they stay in place!? Where and how should I add them!? I read somewhere that I need to create some sort of a script in /etc/network/if-up.d but I have no idea how to make such a script. Please, is somebody willing to help!? I’d really appreciate that guys. Many thanks Nick

Jos
  • 29,224
Nicola
  • 13
  • I am pretty sure you can add this somewhere in Netplan configuration, however I don't know Netplan, because Ubuntu Desktop uses Network Manager and not Netplan. In Network Manager you can add persistent routes, so I'm sure it's possible in Netplan too. Hope someone would give an answer how to do it. – raj Jun 12 '21 at 10:49
  • Thank you anyways mate – Nicola Jun 12 '21 at 10:52

3 Answers3

3
  1. Hello mate, i cannot comment so i will try to answer here.
  2. There are few options to create a scheduled process to solve that problem.
  3. Here are two options:
    • crontab - wich is less fitting your problem.
    • making a service - wich is fitting your problem perfectly.
    • there might be more and a better ways to solve that problem.
  4. About crontab:
    • The crontab is a list of commands that you want to run on a regular schedule.
    • To add a command you want to schedule run you have to edit the crontab file with the command crontab -e.
    • you can use this site to help you calculate the interval you want to execute a specific command crontabCalculator
    • you can use this guide to figure your own crontab file crontabGuide
  5. The better option for my opinion is to create your own service.
    • when you create a service you can run it just as all the other services, that means that you can enable, disable, restart, start and all other options that coming with systemctl command.
    • you have to create your service as a text file and name it myServiceName.service.
    • then you have to locate that service in /etc/systemd/system/.
    • use this guide to have a service template howToMakeAServiceGuide.
    • after creating the service and locating him in the specific directory you can enable and start him by this commands: systemctl enable serviceName.service and systemctl start serviceName.service.
    • the service should start on any reboot so it might solve your problem.
  6. Edited after comments.
    • create a script with sudo nano /usr/local/sbin/SCRIPT_NAME.sh
    • example for a script with your commands:
    • #/bin/bash!
    • ip rule add from 185.230.125.107 table 128
    • ip route add table 128 185.230.125.107/32 dev eno0
    • ip route add table 128 default via 185.230.125.254
    • now give the script a execute permissions with chmod a+x SCRIPT_NAME.sh
    • now create a service with sudo nano /systemd/system/SERVICE_NAME.service
    • use that template: in the ExecStart field execute your script
Description=ROT13 demo service
After=network.target
StartLimitIntervalSec=0
[Service]
Type=simple
Restart=always
RestartSec=1
User=centos
ExecStart=/usr/local/sbin/./SCRIPT_NAME.sh

[Install]
WantedBy=multi-user.target
  1. Edited after comments two:
  2. To make sure your service is configured correctly follow this steps:
    • locate the service in /etc/systemd/system/LOCATE_HERE.service
    • give your script that running by the service the execute permission with sudo chmod a+x yourscript.sh
    • execute the command sudo systemctl daemon-reload to reload the new service.
    • execute the command sudo systemctl enable serviceName.service
    • execute the command sudo systemctl start serviceName.service
    • execute the command sudo systemctl status serviceName.service
    • if the service is running reboot your system.
    • after the reboot execute the command sudo systemctl status serviceName.service to check if the service is running.
    • images:
    • serviceExampleThatWorksForMe
    • howToStartTheServiceCommands
    • if all that solution is not working there might be a problem with the file type - check for solution here solutionForFileTypeError
CrazyTux
  • 458
  • Thank you very much my friend. You made my life much more easier. This is the perfect solution. – Nicola Jun 12 '21 at 10:56
  • your welcome, again i guess there are more solutions that might be better, but that's should work out, if it is working you can accept the answer by clicking on V near my answer field. – CrazyTux Jun 12 '21 at 10:58
  • i just found this topic that can be helpful and maybe better then my answer https://askubuntu.com/questions/168033/how-to-set-static-routes-in-ubuntu-server?rq=1 – CrazyTux Jun 12 '21 at 11:03
  • So here I’m again. The script I made like you suggested works perfectly. Only problem is that at boot, the service won’t start. Through Journalctl I found out that systemd failed to start the service because “Assignment outside of section. Ignoring". I don’t know what went wrong. The script I created I changed the ownership to root. If I run it manually it works but systemd won’t start it as a service. – Nicola Jun 13 '21 at 12:29
  • There are two passible suolutions: the recommended one is to fix the service. (You can send the service you made so i can take a look at him, please delete your personal details), the other one premitive but works, is to use the crontab to run the script. – CrazyTux Jun 13 '21 at 14:51
  • Hi and thank you for getting back to me. This is how the service file looks like:

    Description=iprules_service After=network.target StartLimitIntervalSec=0 [Service] Type=simple Restart=always RestartSec=1 User=nick ExecStart=/usr/local/sbin/iprules.sh

    [Install] WantedBy=multi-user.target

    The *.sh file works just fine because i can start it manually with sudo without problems I prefer this solution because is more elegant than crontab. Hop I'll figure it out somehow. Ty very much

     – Nicola Jun 13 '21 at 15:15
  • i will now edit my answer and hope that will work out for you, i just run the service on my vps and its running perfectly. – CrazyTux Jun 13 '21 at 21:09
  • IT WORKED!! Thank you very much for your patience. I owe you one. – Nicola Jun 14 '21 at 11:45
0

You can definitely do this in Netplan. I just did it and confirmed persistence following a reboot. The Netplan official website's Examples page shows many examples of this.

Example:

  1. Edit your netplan config file (located in /etc/netplan/)

  2. Locate the interface where you want the route (ex. eth0)

  3. Locate the addresses section

  4. Add the routes keyword and route details under the addresses section

    routes:
   - to: default
     via: 1.1.1.254

  5. Save and close

  6. Type: sudo netplan generate (and press Enter)

  7. Type: sudo netplan apply (and press Enter)

  8. Test your route by pinging a known IP on the target network

TitaniumCoder477
  • 19
  • It would be nice if you could add some more specific instructions. – Zanna Feb 17 '22 at 17:08
  • This does not work. – Drew Mar 16 '22 at 19:12
  • @Drew These are steps that work for Ubuntu 20.04 with Netplan, both what I did and also what is documented in the official Netplan examples section. What you said doesn't help me help you. Provide some details, please. – TitaniumCoder477 Mar 18 '22 at 00:12
  • @TitaniumCoder477 Thank you for your reply. Would be great if you could explain what exactly those lines do? What does 1.1.1.254 mean? Default gateway? Does that mean that all the traffic would not go via the VPN gateway? – Drew Mar 23 '22 at 18:21
0

Here is what ended up working for me using netplan. Taking the IPs from your post, here is what you will do in /etc/netplan/*.yaml:

network:
    version: 2
    ethernets:
        eno0:
            ...
            routing-policy:
            - from: 185.230.125.107
              table: 128
            routes:
            -   to: 0.0.0.0/0
                via: 185.230.125.254
            -   to: default
                via: 185.230.125.254
                on-link: True
                table: 128
            -   to: 185.230.125.107/32
                on-link: True
                table: 128
            ...
            set-name: eno0

The things I was missing for a while was - to: default

GeneralJudy
  • 1