Debian eth0 to wlan0 forwarding, with openvpn

Solution 1:

I had the same problem setting up openvpn over wifi on my raspberrypi. It turned out, that the flaw was wpa-roam.

The wlan0 section in /etc/network/interfaces had to be changed to:

allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

The important part was replacing wpa-roam by wpa-conf.

Background

In my /var/log/daemon.log I found the following entry after enabling openvpn:

Jan 13 22:40:19 raspberrypi ifplugd(tun0)[28971]: Executing '/etc/ifplugd/ifplugd.action tun0 up'.

which was followd by

Jan 13 22:40:19 raspberrypi wpa_supplicant[3177]: wlan0: CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=0
...
Jan 13 22:40:20 raspberrypi ifplugd(wlan0)[3108]: Link beat lost.
...
Jan 13 22:40:30 raspberrypi ifplugd(wlan0)[3108]: Executing '/etc/ifplugd/ifplugd.action wlan0 down'.
Jan 13 22:40:30 raspberrypi ifplugd(wlan0)[3108]: client: /sbin/ifdown: interface wlan0 not configured
Jan 13 22:40:30 raspberrypi ifplugd(wlan0)[3108]: Program executed successfully.

So it had to be somewhat related to the creation of the new network device.
Analyzing /etc/ifplugd/ifplugd.action tun0 up returned, that /etc/ifplugd/action.d/action_wpa is executed.

/etc/ifplugd/action.d/action_wpa

#!/bin/sh

# Action script to enable/disable wpa-roam interfaces in reaction to
# ifplugd events.
#
# Copyright: Copyright (c) 2008-2010, Kel Modderman <[email protected]>
# License:   GPL-2
#

PATH=/sbin:/usr/sbin:/bin:/usr/bin

if [ ! -x /sbin/wpa_action ]; then
    exit 0
fi

# ifplugd(8) - <iface> <action>
#
# If an ifplugd managed interface is brought up, disconnect any
# wpa-roam managed interfaces so that only one "roaming" interface
# remains active on the system.

IFPLUGD_IFACE="${1}"

case "${2}" in
    up)
        COMMAND=disconnect
        ;;
    down)
        COMMAND=reconnect
        ;;
    *)
        echo "$0: unknown arguments: ${@}" >&2
        exit 1
        ;;
esac

for CTRL in /var/run/wpa_supplicant/*; do
    [ -S "${CTRL}" ] || continue

    IFACE="${CTRL#/var/run/wpa_supplicant/}"

    # skip if ifplugd is managing this interface
    if [ "${IFPLUGD_IFACE}" = "${IFACE}" ]; then
        continue
    fi

    if wpa_action "${IFACE}" check; then
        wpa_cli -i "${IFACE}" "${COMMAND}"
    fi
done

So in order to save maybe roaming-costs all roaming devices are deactivated, if an other network device is available. May it be a real device or just virtual.

I only had access to the pi over ssh over wifi. Killed remotely and had to wait to come back home for hard reboot ;-)

Possible other way

An other way could be, to configure the tun0 device in /etc/network/interfaces so that it doesn't call /etc/ifplugd/action.d/action_wpa. That way roaming would still work.