Ubuntu 18.04 netplan static routes
Need help with static routes in new netplan config. Have ubuntu server 18.04 with 2 network interfaces, ethernet and wlan. After successful basic configuring in /etc/netplan/50-cloud-init.yaml i has both networks. But enp3s0 is intranet, wlp2s0 is wifi router. And i cant make internet over wifi. After few days configuring/reconfiguring Yaml file I cant get it to work.
Only deleting default gateway /sbin/route del default gw 10.185.0.1 works, but than no routing to intranet. Route -n list
How add this routes i has no idea...
network:
version: 2
renderer: networkd
ethernets:
enp3s0:
addresses: []
dhcp4: true
gateway4: 10.185.0.1
nameservers:
addresses: [10.185.x.x, y.y.y.y]
routes:
- to: 10.185.0.0/0
via: 10.185.0.1
metric: 100
table: 101
routing-policy:
- from: 10.185.0.0/24
table: 101
wifis:
wlp2s0:
addresses: []
dhcp4: true
optional: true
gateway4: 192.168.8.1
access-points:
"Wifi":
password: "password"
nameservers:
addresses: [8.8.8.8,8.8.4.4]
routes:
- to: 0.0.0.0/0
via: 192.168.8.1
metric: 90
table: 91
routing-policy:
- from: 192.168.8.0/24
table: 91
UPD:
Override config /etc/systemd/network/. Using UseRoutes=false cause infinite network search at boot, setting RouteMetric=700 works better, got internet over wifi after boot! But adding new route like: 10.180.0.0/16 via 10.185.0.1 cause not effect, not appear in route kernel routing table.
And i still misunderstand why tracerout 172.16.185.194 go through 192.168.8.1. I read about ip4 table, but - to: 172.16.0.0/12 or /16 doesn`t works.
Solution 1:
In general, what you want here is:
-
Set up a single default gateway (with
gateway4), on the interface that goes to the Internet. If you set default gateways on both, then half the packets will be routed to your Intranet and won't be able to reach their desintation. -
If your Intranet has multiple subnets, then you need static routes to reach those through the interface connected to your Intranet. (One example might be routing any RFC1918 subnets to that interface, which would probably be a good idea.)
Now, in your specific example, you didn't describe your Intranet completely, but let's assume your Intranet is made of the 10.185.x.y network, in other words, 10.185.0.0/16.
Let's also assume your enp3s0 interface giving you access to the intranet will receive an IP in the 10.185.0.z subnet, in other words, 10.185.0.0/24 subnet, and that the gateway in that subnet is 10.185.0.1.
So you need a static route to reach the remaining of the 10.185.x.y subnets where x is not 0.
You can use a configuration such as the one below to set this up:
network:
version: 2
renderer: networkd
ethernets:
enp3s0:
addresses: []
dhcp4: true
nameservers:
addresses: [10.185.x.x, y.y.y.y]
routes:
- to: 10.185.0.0/16
via: 10.185.0.1
wifis:
wlp2s0:
addresses: []
dhcp4: true
optional: true
gateway4: 192.168.8.1
access-points:
"Wifi":
password: "password"
nameservers:
addresses: [8.8.8.8,8.8.4.4]
In this edited configuration, notice that:
-
There is no
gateway4in enp3s0 configuration, since you don't want traffic to go to that interface by default, only when it's traffic destined to your Intranet, which is set up through the static route. -
Conversely, the wlp2s0 doesn't need any static routes, since it has a default gateway attached to it, which is enough.
-
There's no need for routing tables and routing policies, all you need to do is set up a static route (or a few static routes) to cover the internal addresses in your Intranet and route them through the IP of the gateway in that network that can route you to the other subnets you're not directly connected to.
Please note that this setup actually depends on some of what your DHCP server in the internal network is provisioning for you, such as your interface being in the 10.185.0/24 network and that 10.185.0.1 is the gateway you can use in that interface... For that reason, perhaps a better setup would be to have the DHCP server in your Intranet push the static routes (instead of configuring them in netplan.) That way if the Intranet is reconfigured, perhaps to change the IP of the gateway, or perhaps extended to include other RFC1819 private ranges, only the DHCP server needs to be reconfigured and not everything else...
But if the DHCP server is out of your control, then this setup might be acceptable, assuming the internal network is not reconfigured too often so that the gateway IP would change. You might want to consider adding static routes to all the RFC1918 ranges, since those will be invalid in the Internet, so they might only be made valid in the Intranet:
routes:
- to: 10.0.0.0/8
via: 10.185.0.1
- to: 172.16.0.0/12
via: 10.185.0.1
- to: 192.168.0.0/16
via: 10.185.0.1
I hope you find this helpful!
Solution 2:
workaround , for getting internet and intranet both on two different interfaces.
Intranet IP : 192.168.10.0/24 , interface enp0s8
Internet IP : 0.0.0.0/0 , interface enp0s3
Nat gateway : 10.0.2.2
a) Create a file rc.local into /etc directory.
put the static routes into that as below.
#!/bin/sh -e
ip route del 0.0.0.0/0 via 192.168.10.1 dev enp0s8
ip route add 0.0.0.0/0 via 10.0.2.2 dev enp0s3
ip route add 192.168.10.0/24 via 192.168.10.1 dev enp0s8
exit 0
b) make it executable and restart the vm.