0

I'm attempting to combine Scott Lowe's guide to creating a namespace with this answer on forwarding traffic between two interfaces.

I have this script that runs on each reboot using the cron @reboot directive: (I am using the script because none of these commands seem to persist across reboots.)

# Setup VPN
ip netns add vpnspace
ip link add vpnopen type veth peer name vpnbind
ip link set vpnopen netns vpnspace
ip netns exec vpnspace ifconfig vpnopen 10.0.0.1/24 up

When I run the script manually using sudo, it executes fine. However, when the script is run by cron, the fourth line, ip netns exec vpnspace ifconfig vpnopen 10.0.0.1/24 up, does not execute. Why is this happening? How do I get it to execute?

TL;DR: ifconfig vpnopen 10.0.0.1/24 up doesn't execute when called by cron inside a namespace

=============

Clarifications:

  1. My cron job is @reboot /home/ubuntu/startupscripts/rootscripts.sh
  2. The code given above is the first part of the shell script called
  3. By "does not execute", I mean that if I run command sudo ip netns exec vpnspace ifconfig in the terminal to check if the IP address was brought up, terminal returns a blank output. I tried logging the output by appending >>rootscripts.log, but nothing is logged and no error message returned.
Brandon Lebedev
  • 177
  • 1
  • 1
  • 10
  • Not entirely familiar with the syntax here but I would have said that you don't mix `ip` and `ifconfig`. In fact `ifconfig` isn't available by default in systemd Linux systems. The consistent syntax would seem to be `ip link set vpnopen up`. – Simon Greenwood Feb 17 '18 at 08:59
  • So `ip netns exec vpnspace` is a directive that tells the following command to execute inside the `vpnspace` namespace. Everything after is the same. – Brandon Lebedev Feb 17 '18 at 09:33
  • @SimonGreenwood - Your solution works so far that the code executes from cron, but how would I assign the interface an IP address? – Brandon Lebedev Feb 17 '18 at 09:34
  • `ip link set vpnopen 10.0.0.1/24 up` – Simon Greenwood Feb 17 '18 at 09:41
  • Tried it before I asked. Didn't do the trick. :/ – Brandon Lebedev Feb 17 '18 at 09:57
  • Does it return an error? – Simon Greenwood Feb 17 '18 at 10:21
  • What does "does not execute" mean exactly? What is the error message you get? Differences between running in a terminal and via cron are usually attributable to the environment. Also, do you run these commands together as a script via cron or do you have multiple cron entries running independently? – Olaf Dietsche Feb 17 '18 at 14:53
  • On another note, did you run `ip link set vpnopen 10.0.0.1/24 up` or rather `ip netns exec vpnspace ip link set vpnopen 10.0.0.1/24 up`? – Olaf Dietsche Feb 17 '18 at 14:55
  • cron commands typically execute with a default PATH. While ip is typically in /bin, ifconfig is typically in /sbin . . . so try putting /sbin/ifconfig in your command line. – Brandon Xavier Feb 17 '18 at 15:54
  • @SimonGreenwood - No error that I can see. I logged the output to check. – Brandon Lebedev Feb 17 '18 at 19:28
  • @OlafDietsche - See clarification edits. Also, I ran [1] `ip netns exec vpnspace ip link set vpnopen 10.0.0.1/24 up` from the script and then [2] `sudo ip netns exec vpnspace ip link show` and [3] `sudo ip netns exec vpnspace ifconfig` to check it. [2] returns that the interface is established, but [3] shows that no IP address is assigned. Compared to my original version (`sudo ip netns exec vpnspace ifconfig`), both [2] and [3] would return an empty result. – Brandon Lebedev Feb 17 '18 at 19:37
  • Maybe this is taking it from a different angle, but should/could I be calling this script to run on startup by some other means than cron, if calling the command from cron is the issue? – Brandon Lebedev Feb 17 '18 at 19:48
  • @BrandonXavier - `ip netns exec vpnspace /sbin/ifconfig vpnopen 10.0.0.1/24 up` did it! Will you submit as an answer? – Brandon Lebedev Feb 17 '18 at 19:54

1 Answers1

0

cron commands usually execute with a default PATH. While ip is typically in /bin, ifconfig is most often found in /sbin . . . so try putting /sbin/ifconfig in your command line.

Brandon Xavier
  • 1,942
  • 13
  • 15
  • 1
    It's still a very good idea to rewrite this to use `ip` instead of `ifconfig`, which might not even be installed on a modern Linux system. Later `ifconfig` might not even be packaged and distributed anymore. – Michael Hampton Feb 18 '18 at 04:11