rcorder for vpn-like tunnels during early rc.d startup
Dave Cottlehuber
dch at skunkwerks.at
Sat Dec 22 14:01:09 UTC 2018
I have a port[1] net/zerotier that provides a p2p layer2+ vpn via tap(4) interfaces. Ideally zerotier/zt would be available early enough during boot that later daemons such as ssh and other network services would be able to bind to those interfaces.
I've tried a variety of tricks to achieve the following outcomes:
- start after netif
- default route is available so that zt can initialise itself
- started before firewalls and later network daemons
I have this working for DHCP, but not for statically assigned IPs.
Any suggestions on what else I could try?
The patch[2] achieves this for DHCP systems, as the default route is made available during `netif`, but for statically assigned systems, it arrives later with `routing`. Trying to include routing in the REQUIRE section results in the expected circular dependency, and the startup daemon hangs in the check loop as the default route isn't available to it yet.
# rcorder /usr/local/etc/rc.d/* /etc/rc.d/* |less
rcorder: Circular dependency on provision `routing' in file `/usr/local/etc/rc.d/zerotier'.
/etc/rc.d/netif
/etc/rc.d/devd
/etc/rc.d/zfsd
/etc/rc.d/ipsec
/etc/rc.d/stf
/etc/rc.d/defaultroute
/etc/rc.d/devfs
/usr/local/etc/rc.d/zerotier
/etc/rc.d/pfsync
/etc/rc.d/pflog
/etc/rc.d/pf
/etc/rc.d/ppp
/etc/rc.d/routing
/etc/rc.d/ipfw
/etc/rc.d/netwait
/etc/rc.d/resolv
[1]: https://freshports.org/net/zerotier
[2]: https://reviews.freebsd.org/D18533
[3]: https://www.freebsd.org/cgi/man.cgi?query=if_tap
A+
Dave
More information about the freebsd-hackers
mailing list