If I want to bring down tap0.service (or systemd wants to do this
during a configuration-change which changes the path to tunctl),
openvpn (or other services using tap0) need to be brought down as
well, otherwise tunctl -d is not able to remove the tap0 device,
leaving it in a failed (but "up") state.
Restarting <interface>-cfg.service may cause the interface's IP
addresses to be flushed. If the default gateway goes through that
interface, then the default gateway is deleted. So we need to
restart network-setup.target.
This allows setting the max tcp window size for the route of
the default gateway (usually the internet access).
It works only for non-DHCP configurations by now.
Thus
networking.interfaces = [ { name = "eth0"; ipAddress = "192.168.15.1"; } ];
can now be written as
networking.interfaces.eth0.ipAddress = "192.168.15.1";
The old notation still works though.
Flushing is bad if the Nix store is on a remote filesystem accessed
over that interface.
http://hydra.nixos.org/build/3184162
Also added a interface option ‘prefixLength’ as a better alternative
to ‘subnetMask’.
Instead it's enough to depend on
sys-subsystem-net-devices-<interface>.device, which in turn has a
"wants" dependency on the service (if any) that creates the interface.
For each statically configured interface, we now create a unit
‘<interface>-cfg.service’ which gets started as soon as the network
device comes up. Similarly, each bridge defined in
‘networking.bridges’ and virtual interface in ‘networking.interfaces’
is created by a service ‘<interface>.service’.
So if we have
networking.bridges.br0.interfaces = [ "eth0" "eth1" ];
networking.interfaces =
[ { name = "br0";
ipAddress = "192.168.1.1";
}
];
then there will be a unit ‘br0.service’ that depends on
‘sys-subsystem-net-devices-eth0.device’ and
‘sys-subsystem-net-devices-eth1.device’, and a unit ‘br0-cfg.service’
that depends on ‘sys-subsystem-net-devices-br0.device’.
proxy_arp (and proxy_ndp for ipv6) can be turned on on a few
interfaces (at least 2).
This is mainly useful for creating pseudo-bridges between a real
interface and a virtual network such as VPN or a virtual machine for
interfaces that don't support real bridging (most wlan interfaces).
As ARP proxying acts slightly above the link-layer, below-ip traffic
isn't bridged, so things like DHCP won't work. The advantage above
using NAT lies in the fact that no IP addresses are shared, so all
hosts are reachable/routeable.
many services depend on other services that bring up network interfaces.
Examples are ipv6 tunneling clients or VPNs.
As there are multiple choices for these network-interface-providing services,
it's not nice to hardcore these deps in every service.
This change sets up a generic config option for this purpose.
providers (gw6c/gogoclient/openvpn) can plug into this to signal they bring up
an important interface.
Daemons that need these interfaces, can then depend on the 'all-interfaces' event,
instead of the individual services.
By default, the event fires when network-interfaces completes.
svn path=/nixos/trunk/; revision=32764
since the latter is rather deprecated and has been unmaintained
since 2001. Note that "ip" doesn't know about classful addressing,
so you can no longer get away with not specifying the subnet mask
for explicitly configured interfaces. So if you had
networking.interfaces =
[ { name = "eth0"; ipAddress = "192.168.1.1"; } ];
this should be changed to
networking.interfaces =
[ { name = "eth0";
ipAddress = "192.168.1.1";
subnetMask = "255.255.255.0";
}
];
otherwise you end up with a subnet mask of 255.255.255.255.
svn path=/nixos/trunk/; revision=26279