# wpa_supplicant and routes

## pholthau

Hi!

I am using wpa_supplicant to authenticate a wired interface (IEEE802.1X).

This is the relevant part in /etc/conf.d/net:

```

routes_eth0=(   "129.AA.AA.AA/16"

                "212.XX.XX.XX/21"

                "212.YY.YY.YY/22"

)

dns_servers_eth0=( "ZZ.ZZ.ZZ.ZZ" )

dhcp_eth0=( "nodns nogateway" )

modules_eth0=( "!plug" )

wpa_timeout_eth0=60

wpa_supplicant_eth0="-Dwired"

```

Since the dhcp server is providing me with a default route that I don't want, I route the subnets, that the interface is connected to manually and turn of gateway. Everything works fine when the interface is fired up. However the dhcp server refreshes it's lease every 3 hours or so. When this is happening, I get a new lease but the routes that I configured in /etc/conf.d/net are not there anymore. Anyone knows why these might be deleted on a dhcp update?

[I--] [  ] sys-apps/baselayout-1.12.11.1 (0)

[I--] [ ~] net-misc/dhcpcd-4.0.4 (0)

----------

## Wormo

 *pholthau wrote:*   

> 
> 
> ```
> 
> routes_eth0=(   "129.AA.AA.AA/16"
> ...

 

My guess is that dhcpcd thinks those routes are obsolete because they are not routed via anything on the ZZ network. You could use dhcpcd hook script to put them back however, something like 

```

dhcpcd_eth0="--script put-back-my-routes.sh"

```

----------

## pholthau

Thanks, trying that now. But this is really confusing me. Why should I put these routes to /etc/conf.d/net if they are not used for every dhcpcd refresh? I thought the route_eth0 var can be used for routes that are _not_ provided by the dhcp server.

----------

## Wormo

I suspect the problem is that you have link-level static routes -- those are not so common. Typical static routes point to gateways, e.g. "x.x.x.0/24 via x.x.x.y". Your link-level routes seem hard to distinguish from automatically generated routes from discarded ip addresses on the 129. and 212. networks that should be deleted as stale. Perhaps you'd like to bring it up as a feature request to the dhcpcd developer and see what he thinks?

http://roy.marples.name/

http://freshmeat.net/projects/dhcpcd/

----------

## UberLord

dhcpcd-4 does not go out of its way to delete routes that it does not control.

Unlike dhcpcd-3 which did.

Do this in /etc/dhcpcd.enter-hook AND /etc/dhcpcd.exit-hook

route

Then with the routes you have configured active, do this

pkill -9 dhcpcd

dhcpcd -d ${iface}

pkill -9 is needed so that dhcpcd doesn't tear anything down on exit.

replace $iface with the name of your real interface, or leave it out.

The output should clairfy what dhcpcd does.

----------

## Wormo

How's that for service, dhcpcd developer came to you   :Very Happy: 

sounds like you have a good reason to move to dhcpcd-4

----------

## UberLord

 *Wormo wrote:*   

> How's that for service, dhcpcd developer came to you   

 

 :Very Happy: 

 *Quote:*   

> sounds like you have a good reason to move to dhcpcd-4

 

He already has dhcpcd-4.0.4 :/

So I'm at a loss to explain why the routes are disappearing

----------

## pholthau

Okay, what I've done now: Stopped eth0. Removed everything in /var/lib/dhcpcd/

The following int /etc/dhcpcd.enter-hook:

route >> /root/route.enter

And /etc/dhcpcd.exit-hook as well:

route >> /root/route.exit

After starting eth0 I get the following two route outputs in route.enter:

- first one without anything eth0 related.

- second one with a single route for eth0 that seems to be provided by the dhcp server (not a default one, but a 212. net).

route.exit output is the same.

The routes that I specified in /etc/conf.d/net are not shown. They _are_ set however.

The above describes the output right after interface startup. I will report back in a few hours, after the dhcp server has updated the lease. But I guess the routes are already "forgotten" somehow  :Wink: 

----------

## pholthau

Oh what I just found was that there was a file /var/lib/dhcpcd/dhcpcd-eth0.info with some interesting lines:

ROUTES=''

INTERFACE='eth0'

CLASSID='dhcpcd 3.2.3'

plus a netmask/network that corresponds to the netmask/network for the route that I mentioned in my last post. Could it be that this file (apparently a leftover from dhcpcd 3) is interfering somehow?

----------

## UberLord

The old info file is harmless and won't affect anything. I'm starting to think it's not dhcpcd related.

Try this

IN_BACKGROUND=true /etc/init.d/net.eth0 stop

IN_BACKGROUND=true /etc/init.d/net.eth0 start

I'm guessing that it will show dhcpcd being run but no routes being added. If so, please post the whole conf.d/net with comments stripped.

----------

## pholthau

there you go:

http://wwwhomes.uni-bielefeld.de/pholthaus/public/system/dhcpcd-outputs.txt

----------

## UberLord

So the routes are added? Do they show in the routing table?

----------

## pholthau

Yes they show up in the routing table. But only in the beginnging. After 4 hours, when the dhcp server refreshes the lease, they're gone.

They show up in the route output of enter/exit-hook, too. But only one time. The first time that the lease gets renewed.

----------

## UberLord

so if you do this

dhcpcd -x

dhcpcd -dB eth0

launch another terminal

route -n

<verify routes there>

dhcpcd -n eth1

<swap back to first terminal, verify dhcpcd has renewed lease>

route -n

<verify routes there>

Does it work as expected?

----------

## pholthau

sorry for the late reply, i was doing some sports (believe it or not  :Wink:  ). should I do it when the interface is up? and shouldn't it be dhcpcd -x eth0? and everytime eth0 not eth1?  :Wink: 

supposing that I should do it when the interface is up

 *Quote:*   

> 
> 
> so if you do this
> 
> dhcpcd -x
> ...

 

routes are NOT there. They are removed as soon as I type dhcpcd -x eth0.

they won't come back after any of the other commands.

----------

## UberLord

OK, manually re-add the routes after dhcpcd -x, or replace the dhcpcd -x command with pkill -9 dhcpcd with the routes in place.

----------

## pholthau

It's a bit tricky to remotely run the commands you told me  :Wink:  but today, i had access to the machine. dhcpcd -n eth0 issued two times.

```

dhcpcd -dB eth0

eth0: dhcpcd 4.0.4 starting

eth0: hardware address = 00:00:e8:69:ba:d8

eth0: executing `/lib/dhcpcd/dhcpcd-run-hooks', reason PREINIT

Kernel IP routing table                                       

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

212.201.94.0    0.0.0.0         255.255.255.0   U     1      0        0 eth0 

10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tap0 

192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1 

212.201.92.0    0.0.0.0         255.255.254.0   U     1      0        0 eth0 

212.201.88.0    0.0.0.0         255.255.254.0   U     1      0        0 eth0 

212.201.88.0    0.0.0.0         255.255.252.0   U     1      0        0 eth0 

212.201.80.0    0.0.0.0         255.255.248.0   U     1      0        0 eth0 

129.70.0.0      0.0.0.0         255.255.0.0     U     1      0        0 eth0 

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo   

0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth1 

Kernel IP routing table                                                      

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

212.201.94.0    0.0.0.0         255.255.255.0   U     1      0        0 eth0 

10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tap0 

192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1 

212.201.92.0    0.0.0.0         255.255.254.0   U     1      0        0 eth0 

212.201.88.0    0.0.0.0         255.255.254.0   U     1      0        0 eth0 

212.201.88.0    0.0.0.0         255.255.252.0   U     1      0        0 eth0 

212.201.80.0    0.0.0.0         255.255.248.0   U     1      0        0 eth0 

129.70.0.0      0.0.0.0         255.255.0.0     U     1      0        0 eth0 

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo   

0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth1 

eth0: DUID = 00:01:00:01:0f:3f:d7:d7:00:00:e8:69:ba:d8                       

eth0: broadcasting for a lease                                               

eth0: sending DHCP_DISCOVER with xid 0x4a19bf05, next in 4.18 seconds        

eth0: offered 212.201.89.149 from 129.70.182.24                              

eth0: sending DHCP_REQUEST with xid 0x4a19bf05, next in 3.10 seconds         

eth0: acknowledged 212.201.89.149 from 129.70.182.24                         

eth0: leased 212.201.89.149 for 14400 seconds                                

eth0: adding IP address 212.201.89.149/23                                    

eth0: adding route to 0.0.0.0/0 via 212.201.88.1                             

eth0: executing `/lib/dhcpcd/dhcpcd-run-hooks', reason BOUND                 

Kernel IP routing table                                                      

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

212.201.94.0    0.0.0.0         255.255.255.0   U     1      0        0 eth0 

10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tap0 

192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1 

212.201.92.0    0.0.0.0         255.255.254.0   U     1      0        0 eth0 

212.201.88.0    0.0.0.0         255.255.254.0   U     1      0        0 eth0 

212.201.88.0    0.0.0.0         255.255.252.0   U     1      0        0 eth0 

212.201.80.0    0.0.0.0         255.255.248.0   U     1      0        0 eth0 

129.70.0.0      0.0.0.0         255.255.0.0     U     1      0        0 eth0 

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo   

0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth1 

Kernel IP routing table                                                      

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

212.201.94.0    0.0.0.0         255.255.255.0   U     1      0        0 eth0 

10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tap0 

192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1 

212.201.92.0    0.0.0.0         255.255.254.0   U     1      0        0 eth0 

212.201.88.0    0.0.0.0         255.255.254.0   U     1      0        0 eth0 

212.201.88.0    0.0.0.0         255.255.252.0   U     1      0        0 eth0 

212.201.80.0    0.0.0.0         255.255.248.0   U     1      0        0 eth0 

129.70.0.0      0.0.0.0         255.255.0.0     U     1      0        0 eth0 

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo   

0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth1 

eth0: sending ARP announce (1 of 2), next in 2.00 seconds                    

eth0: sending ARP announce (2 of 2)                                          

eth0: renew in 7197 seconds                                                  

eth0: received SIGALRM, renewing lease                                       

eth0: rebinding lease of 212.201.89.149                                      

eth0: sending DHCP_REQUEST with xid 0x325c006c, next in 4.68 seconds         

eth0: acknowledged 212.201.89.149 from 129.70.182.24                         

eth0: leased 212.201.89.149 for 14400 seconds                                

eth0: adding IP address 212.201.89.149/23                                    

eth0: adding route to 0.0.0.0/0 via 212.201.88.1                             

eth0: executing `/lib/dhcpcd/dhcpcd-run-hooks', reason RENEW                 

Kernel IP routing table                                                      

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

212.201.94.0    0.0.0.0         255.255.255.0   U     1      0        0 eth0 

10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tap0 

192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1 

212.201.92.0    0.0.0.0         255.255.254.0   U     1      0        0 eth0 

212.201.88.0    0.0.0.0         255.255.254.0   U     1      0        0 eth0 

212.201.88.0    0.0.0.0         255.255.252.0   U     1      0        0 eth0 

212.201.80.0    0.0.0.0         255.255.248.0   U     1      0        0 eth0 

129.70.0.0      0.0.0.0         255.255.0.0     U     1      0        0 eth0 

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo   

0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth1 

Kernel IP routing table                                                      

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

212.201.94.0    0.0.0.0         255.255.255.0   U     1      0        0 eth0 

10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tap0 

192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1 

212.201.92.0    0.0.0.0         255.255.254.0   U     1      0        0 eth0 

212.201.88.0    0.0.0.0         255.255.254.0   U     1      0        0 eth0 

212.201.88.0    0.0.0.0         255.255.252.0   U     1      0        0 eth0 

212.201.80.0    0.0.0.0         255.255.248.0   U     1      0        0 eth0

129.70.0.0      0.0.0.0         255.255.0.0     U     1      0        0 eth0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth1

eth0: renew in 7199 seconds

eth0: received SIGALRM, renewing lease

eth0: rebinding lease of 212.201.89.149

eth0: sending DHCP_REQUEST with xid 0x73be374f, next in 3.67 seconds

eth0: NAK: (null) from 129.70.182.24

eth0: deleting IP address 212.201.89.149/23

eth0: executing `/lib/dhcpcd/dhcpcd-run-hooks', reason EXPIRE

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tap0

192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth1

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tap0

192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth1

eth0: broadcasting for a lease

eth0: sending DHCP_DISCOVER with xid 0x530dab85, next in 3.31 seconds

eth0: offered 212.201.88.159 from 129.70.182.24

eth0: checking 212.201.88.159 is available on attached networks

eth0: sending ARP probe (1 of 3), next in 1.64 seconds

eth0: sending ARP probe (2 of 3), next in 1.35 seconds

eth0: sending ARP probe (3 of 3), next in 2.00 seconds

eth0: sending DHCP_REQUEST with xid 0x530dab85, next in 4.13 seconds

eth0: acknowledged 212.201.88.159 from 129.70.182.24

eth0: leased 212.201.88.159 for 14400 seconds

eth0: adding IP address 212.201.88.159/23

eth0: adding route to 0.0.0.0/0 via 212.201.88.1

eth0: executing `/lib/dhcpcd/dhcpcd-run-hooks', reason BOUND

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tap0

192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

212.201.88.0    0.0.0.0         255.255.254.0   U     0      0        0 eth0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth1

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tap0

192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

212.201.88.0    0.0.0.0         255.255.254.0   U     0      0        0 eth0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth1

eth0: sending ARP announce (1 of 2), next in 2.00 seconds

eth0: sending ARP announce (2 of 2)

eth0: renew in 7197 seconds

```

----------

## UberLord

```
eth0: renew in 7199 seconds

eth0: received SIGALRM, renewing lease

eth0: rebinding lease of 212.201.89.149

eth0: sending DHCP_REQUEST with xid 0x73be374f, next in 3.67 seconds

eth0: NAK: (null) from 129.70.182.24

eth0: deleting IP address 212.201.89.149/23

eth0: executing `/lib/dhcpcd/dhcpcd-run-hooks', reason EXPIRE
```

That's the error right there - your DHCP server NAKed the renew request, causing the IP address to be deleted which in turn removes the routes.

What DHCP server are you using and why is it NAKing your lease?

----------

## pholthau

That's my university's dhcp server. I don't have influence on it's behavior  :Sad:  Don't have a clue why it's NAKing. Can I disable it somehow?

EDIT: I think that they don't want us to offer services on the network so they force a new address by NAK. But a question remains: Why are the routes not added again? Since they are not part of the dhcp request but static, imo they shouldn't be deleted by the dhcp server response.....

----------

## UberLord

 *pholthau wrote:*   

> That's my university's dhcp server. I don't have influence on it's behavior  Don't have a clue why it's NAKing. Can I disable it somehow?

 

No, and I won't give you the ability to violate RFC2131 either.

 *Quote:*   

> EDIT: I think that they don't want us to offer services on the network so they force a new address by NAK. But a question remains: Why are the routes not added again? Since they are not part of the dhcp request but static, imo they shouldn't be deleted by the dhcp server response.....

 

One the IP address is removed, the routes have nowhere to go, so the kernel automatically deletes them. dhcpcd isn't deleting the routes itself.

One potential work around is to re-add them after each dhcpcd renew. You could do something like this in /etc/dhcpcd.exit-hook

ip route add 129.AA.AA.AA/16 dev eth0

ip route add 212.XX.XX.XX/21 dev eth0

ip route add 212.YY.YY.YY/22 dev eth0

See man dhcpcd-run-hooks for details.

Another alternative is to manually add an address that the routes can use, but dhcpcd or any other machine on the network will never get either. This of course is more tricky and I cannot help you there.

----------

## pholthau

Okay, I guess, i'll re-add them manually.

Thanks for your troubleshooting and explaining all the details to me!

----------

