From 7a02ddd9e194747f1878506f242a8297ce08cfbc Mon Sep 17 00:00:00 2001 From: iBug Date: Mon, 6 Nov 2023 03:33:37 +0800 Subject: [PATCH] gateway+tinc: misc updates --- docs/infrastructure/intranet/gateway.md | 23 ++++++++++++----------- docs/infrastructure/tinc.md | 2 +- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/docs/infrastructure/intranet/gateway.md b/docs/infrastructure/intranet/gateway.md index d4cccb60..0b55c21b 100644 --- a/docs/infrastructure/intranet/gateway.md +++ b/docs/infrastructure/intranet/gateway.md @@ -13,13 +13,13 @@ For server configuration on each gateway, refer to their corresponding documenta - [Gateway EL](../../services/gateway-el.md) - [Gateway NIC](../../services/gateway-nic.md) -- Gateway JP (missing) +- [Gateway JP](../../services/gateway-jp.md) ## Tinc "received packet on ustclug with own address as source address" workaround {#tinc-workaround-1} After migrating to PVE, we found that sometimes tinc works abnormally within gateway-el and gateway-nic, with following kernel log: -``` +```text bridge: received packet on ustclug with own address as source address (addr:12:34:56:78:90:ab, vlan:0) bridge: received packet on ustclug with own address as source address (addr:12:34:56:78:90:ab, vlan:0) bridge: received packet on ustclug with own address as source address (addr:12:34:56:78:90:ab, vlan:0) @@ -35,28 +35,29 @@ net_ratelimit: 2 callbacks suppressed We still don't know the source of this issue. To workaround that, following self-check timer is deployed now: -```console -$ cat /opt/tinc-check.sh +```shell title="/opt/tinc-check.sh" #!/bin/bash restart() { - systemctl stop tinc@ustclug.service - sleep 3 # avoid race condition - systemctl start tinc@ustclug.service - echo "tinc restarted" + systemctl stop tinc@ustclug.service + sleep 3 # avoid race condition + systemctl start tinc@ustclug.service + echo "tinc restarted" } dmesg | tail -n 2 | grep 'received packet on ustclug with own address as source address' && restart || echo "tinc OK now"; -$ cat /etc/systemd/system/tinc-check.service +``` + +```ini title="/etc/systemd/system/tinc-check.service" [Unit] Description=Tinc Check and Auto-Restart - [Service] Type=oneshot ExecStart=/opt/tinc-check.sh +``` -$ cat /etc/systemd/system/tinc-check.timer +```ini title="/etc/systemd/system/tinc-check.timer" [Unit] Description=Tinc Check and Auto-Restart Timer diff --git a/docs/infrastructure/tinc.md b/docs/infrastructure/tinc.md index ba10df41..86e86199 100644 --- a/docs/infrastructure/tinc.md +++ b/docs/infrastructure/tinc.md @@ -93,7 +93,7 @@ Match LocalAddress 10.254.0.0 Match LocalAddress 202.38.95.110,202.141.160.110,202.141.176.110,218.104.71.170 AllowUsers root PubkeyAuthentication yes - AuthorizedKeysFile /dev/null # 屏蔽公钥,仅允许证书登录 + AuthorizedKeysFile none # 屏蔽公钥,仅允许证书登录 # For SSH Push trigger Match User mirror