How to replace default network interface with macvlan?

  • Hi,


    I've set up docker containers which use macvlan interfaces.These include pi-hole and a vpn server (softether). Everything works fine, except for one little thing: I can't reach the webinterface if I am connected from external via vpn. This is by design, because macvlan are isolated and can't communicate with it's parent device. But the different macvlan interfaces can communicate with each other. (I.e. the vpn-connection is filtered by pihole).


    I found a solution how docker containers with macvlan interfaces could communicate with OMV - theoretically. The idea is to replace the physical interface with a macvlan interface and let all communication run through it. To achive this, /etc/netwokrs/interfaces needs to be modified.


    Look here: https://www.reddit.com/r/docke…ommunicating_with/dqd16zx and here: http://infrastructuredevops.co…-2018/docker-macvlan.html
    Unfortunately I don't know how to put this in Openmediavault (I am also a bloody linux noob).


    OMV has control over the interfaces, so that they can't be edited directly (http://openmediavault.readthed…latest/various/files.html).
    According to this post (Customize /etc/network/interfaces the OMV way [>= 1.11]) it is possible to add additional interfaces. But I'm not sure if it is possible to edit or override a existing interface....


    Anyway, I created a new file "my-macvlan" in /etc/network/interface.d/ with the following content (since I use dhcp and want a static mac address I had to modify the template):


    I restartet OMV afterwards but nothing changed. My /etc/network/interface remainded unchanged:


    Where did I make a mistake? Can this even work?

  • I haven't given up yet!
    I think my configuration script above was wrong and couldn't work at all. In the help I found this example: https://openmediavault.readthe…atest/various/advset.html.


    I also made some progress with the macvlan topic. With the help of these hints: https://unix.stackexchange.com…-namespaces/400247#400247 (first method) I was able to access the host via vpn dial-in. I can now access the omv gui as well as smb shares from outside my lan. This is a temporay solution till next reboot, though.


    I'm not sure if this it a good solution in terms of performance and reliability. Creating two interfaces with the same ip seems a little bit "dirty" to me, but I'm no expert at all.
    The second solution (replace physical interface with macvlan completely) seems to be the "clean" way, but I haven't been brave enough to test this yet ;). I'm afraid that problems may occur later (e.g. updates) if I change the network configuration so substantially.


    What you do think?

    Bash
    # enp1s0 is physical interface
    # host/omv: 192.168.1.3
    # vpn container: 192.168.1.4
    
    
    ip link add macvlan0 link enp1s0 type macvlan mode bridge
    ip addr add 192.168.1.3 dev macvlan0 noprefixroute
    ip link set macvlan0 up
    ip route add 192.168.1.4/32 dev macvlan0

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!