Debian eth0 to wlan0 forwarding, with openvpn

debian openvpn bridge raspberry-pi

Solution 1:

I had the same problem setting up openvpn over wifi on my raspberrypi. It turned out, that the flaw was wpa-roam.

The wlan0 section in /etc/network/interfaces had to be changed to:

allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

The important part was replacing wpa-roam by wpa-conf.

Background

In my /var/log/daemon.log I found the following entry after enabling openvpn:

Jan 13 22:40:19 raspberrypi ifplugd(tun0)[28971]: Executing '/etc/ifplugd/ifplugd.action tun0 up'.

which was followd by

Jan 13 22:40:19 raspberrypi wpa_supplicant[3177]: wlan0: CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=0
...
Jan 13 22:40:20 raspberrypi ifplugd(wlan0)[3108]: Link beat lost.
...
Jan 13 22:40:30 raspberrypi ifplugd(wlan0)[3108]: Executing '/etc/ifplugd/ifplugd.action wlan0 down'.
Jan 13 22:40:30 raspberrypi ifplugd(wlan0)[3108]: client: /sbin/ifdown: interface wlan0 not configured
Jan 13 22:40:30 raspberrypi ifplugd(wlan0)[3108]: Program executed successfully.

So it had to be somewhat related to the creation of the new network device.
Analyzing /etc/ifplugd/ifplugd.action tun0 up returned, that /etc/ifplugd/action.d/action_wpa is executed.

/etc/ifplugd/action.d/action_wpa

#!/bin/sh

# Action script to enable/disable wpa-roam interfaces in reaction to
# ifplugd events.
#
# Copyright: Copyright (c) 2008-2010, Kel Modderman <[email protected]>
# License:   GPL-2
#

PATH=/sbin:/usr/sbin:/bin:/usr/bin

if [ ! -x /sbin/wpa_action ]; then
    exit 0
fi

# ifplugd(8) - <iface> <action>
#
# If an ifplugd managed interface is brought up, disconnect any
# wpa-roam managed interfaces so that only one "roaming" interface
# remains active on the system.

IFPLUGD_IFACE="${1}"

case "${2}" in
    up)
        COMMAND=disconnect
        ;;
    down)
        COMMAND=reconnect
        ;;
    *)
        echo "$0: unknown arguments: ${@}" >&2
        exit 1
        ;;
esac

for CTRL in /var/run/wpa_supplicant/*; do
    [ -S "${CTRL}" ] || continue

    IFACE="${CTRL#/var/run/wpa_supplicant/}"

    # skip if ifplugd is managing this interface
    if [ "${IFPLUGD_IFACE}" = "${IFACE}" ]; then
        continue
    fi

    if wpa_action "${IFACE}" check; then
        wpa_cli -i "${IFACE}" "${COMMAND}"
    fi
done

So in order to save maybe roaming-costs all roaming devices are deactivated, if an other network device is available. May it be a real device or just virtual.

I only had access to the pi over ssh over wifi. Killed remotely and had to wait to come back home for hard reboot ;-)

Possible other way

An other way could be, to configure the tun0 device in /etc/network/interfaces so that it doesn't call /etc/ifplugd/action.d/action_wpa. That way roaming would still work.

Related

The network can't be identified, what requirements must the interface meet?
Why does Windows 7 64-bit require more memory than 32-bit?
Windows 7 likes to crash on me about every week
How can I bind mount a directory with a space in it?
How to SSH into VM running within Parallels on OSX while connected via Junos Pulse VPN?
Can't access Windows shares after Windows 10 build 1803 update
Mountable filesystem that automatically splits files
ChrUbuntu (Acer): How to load kernel 3.8.0-16 instead 3.4.0?
How to create vdi from existing (off line) partition?
Fastest screen sharing between mac and windows? [closed]
How do I use a single wireless adapter for both an access point and client on Raspberry Pi?
Installing firmware with samsung magician dc