0

I'm attempting to combine Scott Lowe's guide to creating a namespace with this answer on forwarding traffic between two interfaces.

I have this script that runs on each reboot using the cron @reboot directive: (I am using the script because none of these commands seem to persist across reboots.)

# Setup VPN
ip netns add vpnspace
ip link add vpnopen type veth peer name vpnbind
ip link set vpnopen netns vpnspace
ip netns exec vpnspace ifconfig vpnopen 10.0.0.1/24 up

When I run the script manually using sudo, it executes fine. However, when the script is run by cron, the fourth line, ip netns exec vpnspace ifconfig vpnopen 10.0.0.1/24 up, does not execute. Why is this happening? How do I get it to execute?

TL;DR: ifconfig vpnopen 10.0.0.1/24 up doesn't execute when called by cron inside a namespace

=============

Clarifications:

  1. My cron job is @reboot /home/ubuntu/startupscripts/rootscripts.sh
  2. The code given above is the first part of the shell script called
  3. By "does not execute", I mean that if I run command sudo ip netns exec vpnspace ifconfig in the terminal to check if the IP address was brought up, terminal returns a blank output. I tried logging the output by appending >>rootscripts.log, but nothing is logged and no error message returned.
Brandon Lebedev
  • 247
  • Not entirely familiar with the syntax here but I would have said that you don't mix ip and ifconfig. In fact ifconfig isn't available by default in systemd Linux systems. The consistent syntax would seem to be ip link set vpnopen up. – Simon Greenwood Feb 17 '18 at 08:59
  • So ip netns exec vpnspace is a directive that tells the following command to execute inside the vpnspace namespace. Everything after is the same. – Brandon Lebedev Feb 17 '18 at 09:33
  • @SimonGreenwood - Your solution works so far that the code executes from cron, but how would I assign the interface an IP address? – Brandon Lebedev Feb 17 '18 at 09:34
  • ip link set vpnopen 10.0.0.1/24 up – Simon Greenwood Feb 17 '18 at 09:41
  • Tried it before I asked. Didn't do the trick. :/ – Brandon Lebedev Feb 17 '18 at 09:57
  • Does it return an error? – Simon Greenwood Feb 17 '18 at 10:21
  • What does "does not execute" mean exactly? What is the error message you get? Differences between running in a terminal and via cron are usually attributable to the environment. Also, do you run these commands together as a script via cron or do you have multiple cron entries running independently? – Olaf Dietsche Feb 17 '18 at 14:53
  • On another note, did you run ip link set vpnopen 10.0.0.1/24 up or rather ip netns exec vpnspace ip link set vpnopen 10.0.0.1/24 up? – Olaf Dietsche Feb 17 '18 at 14:55
  • cron commands typically execute with a default PATH. While ip is typically in /bin, ifconfig is typically in /sbin . . . so try putting /sbin/ifconfig in your command line. – Brandon Xavier Feb 17 '18 at 15:54
  • @SimonGreenwood - No error that I can see. I logged the output to check. – Brandon Lebedev Feb 17 '18 at 19:28
  • @OlafDietsche - See clarification edits. Also, I ran [1] ip netns exec vpnspace ip link set vpnopen 10.0.0.1/24 up from the script and then [2] sudo ip netns exec vpnspace ip link show and [3] sudo ip netns exec vpnspace ifconfig to check it. [2] returns that the interface is established, but [3] shows that no IP address is assigned. Compared to my original version (sudo ip netns exec vpnspace ifconfig), both [2] and [3] would return an empty result. – Brandon Lebedev Feb 17 '18 at 19:37
  • Maybe this is taking it from a different angle, but should/could I be calling this script to run on startup by some other means than cron, if calling the command from cron is the issue? – Brandon Lebedev Feb 17 '18 at 19:48
  • @BrandonXavier - ip netns exec vpnspace /sbin/ifconfig vpnopen 10.0.0.1/24 up did it! Will you submit as an answer? – Brandon Lebedev Feb 17 '18 at 19:54

1 Answers1

0

cron commands usually execute with a default PATH. While ip is typically in /bin, ifconfig is most often found in /sbin . . . so try putting /sbin/ifconfig in your command line.

Brandon Xavier
  • 2,032
  • 1
    It's still a very good idea to rewrite this to use ip instead of ifconfig, which might not even be installed on a modern Linux system. Later ifconfig might not even be packaged and distributed anymore. – Michael Hampton Feb 18 '18 at 04:11