tinc starts too early on boot

Hamish Moffatt hamish at cloud.net.au
Fri Apr 20 04:21:10 CEST 2018 

On 19/04/18 06:46, Guus Sliepen wrote:
> On Mon, Apr 16, 2018 at 09:10:02AM +1000, Hamish Moffatt wrote:
>
>
>> Apr 16 06:54:43 dbtest3 tinc[3206]: tincd 1.1pre14 (JunĀ  5 2017 01:24:43)
>> starting, debug level 0
>> Apr 16 06:54:43 dbtest3 tinc[3206]: /dev/net/tun is a Linux tun/tap device
>> (tun mode)
>> Apr 16 06:54:43 dbtest3 tinc[3206]: Error starting /usr/sbin/tincd
>> Apr 16 06:54:43 dbtest3 tinc[3206]: SIOCSIFADDR: No such device
>> Apr 16 06:54:43 dbtest3 tinc[3206]: rsvpn: ERROR while getting interface
>> flags: No such device
>> Apr 16 06:54:43 dbtest3 tinc[3206]: SIOCSIFNETMASK: No such device
>> Apr 16 06:54:43 dbtest3 tinc[3206]: SIOCADDRT: No such device
>> Apr 16 06:54:43 dbtest3 tinc[3206]: SIOCADDRT: No such device
> That sounds like tinc's tun interface is not being configured correctly.
> Can you show us your tinc-up script?

Yes that turned out to be the problem. I was using DNS in my tinc-up 
script (so I can get the local VPN address from the DNS using 
$HOST.myvpndomain, rather than customising the script for every host):

ifconfig $INTERFACE $NAME.myvpndomain netmask 255.255.0.0


This was running before the network was up, so it failed. I modified the 
script to return an error, and then tinc logged the following:

Apr 16 08:03:16 dbtest3 tincd[3152]: /dev/net/tun is a Linux tun/tap 
device (tun mode)
Apr 16 08:03:16 dbtest3 tincd[3152]: dbtest3.[redacted]: Host name 
lookup failure
Apr 16 08:03:16 dbtest3 tincd[3152]: ifconfig: `--help' gives usage 
information.
Apr 16 08:03:16 dbtest3 tincd[3152]: SIOCADDRT: Network is down
Apr 16 08:03:16 dbtest3 tincd[3152]: SIOCADDRT: Network is down
Apr 16 08:03:16 dbtest3 tincd[3152]: Script tinc-up exited with non-zero 
status 7
Apr 16 08:03:16 dbtest3 tincd[3152]: Ready
Apr 16 08:03:16 dbtest3 tincd[3152]: Error looking up [redacted] port 
655: Temporary failure in name resolution
Apr 16 08:03:16 dbtest3 tincd[3152]: Error looking up [redacted2] port 
655: Temporary failure in name resolution
Apr 16 08:03:31 dbtest3 tincd[3152]: Can't write to Linux tun/tap device 
(tun mode) /dev/net/tun: Input/output error

but then it kept running with a broken tun interface. Might it be better 
to exit if the tinc-up script fails?

Actually changing the systemd unit to wait for network-online didn't 
help as the DNS still wasn't reliable at that stage. I also converted 
all my hosts from legacy ifupdown configuration to systemd network 
configuration thinking that might be the reason why tinc was started too 
early but it didn't help.

Ultimately I used DeviceStandby=yes in the configuration. Then by the 
time tincd can find the ConnectTo hosts (which are specified by 
hostname), the tinc-up script will be also be successful.


Hamish

More information about the tinc mailing list