wifi AP w/ openvpn eth0

[lowrob]

I have a Pi3, I am having a problem with dnsmasq not giving IP I believe, my client gets "Failed to obtain IP address" when it connects to the AP.
root@raspberrypi:~# lsb_release -a
No LSB modules are available.
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 9.3 (stretch)
Release: 9.3
Codename: stretch

I've got hostapd and dnsmasq installed. I see the ssid.

What I am trying to accomplish:
I have openvpn connected to my vpn service. My initial plan was to use this for my roku stick so I could use the VPN to connect to other regions. Plan A was this was going to be a second gateway routing through the vpn tunnel (had that working) but couldn't use that due to limitation on the Roku so plan B was to get the PI setup as another wifi. Eth0 is on my regular network, tunnel is the default tun0:
root@raspberrypi:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.11 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::2fe8:3cc5:be0:252d prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:dd:b2:1d txqueuelen 1000 (Ethernet)
RX packets 10891 bytes 749228 (731.6 KiB)
RX errors 0 dropped 7 overruns 0 frame 0
TX packets 5557 bytes 1078166 (1.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 18 bytes 1615 (1.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 18 bytes 1615 (1.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 172.21.22.131 netmask 255.255.254.0 destination 172.21.22.131
inet6 fe80::5d05:318:6106:a2eb prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3 bytes 144 (144.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.4.1 netmask 255.255.255.0 broadcast 192.168.4.255
inet6 fe80::7c1b:2537:50ba:a1f0 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:88:e7:48 txqueuelen 1000 (Ethernet)
RX packets 140 bytes 21745 (21.2 KiB)
RX errors 0 dropped 11 overruns 0 frame 0
TX packets 53 bytes 8397 (8.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

I plan to setup iptables to do the forwarding. I've changed so much and there is a lot of info out there but what I think is the simplest piece of this is giving me grief. (Probably should start over)

All I see for entries grep for masq in the syslog are:

Feb 20 18:13:17 raspberrypi systemd[1]: Stopping dnsmasq - A lightweight DHCP and caching DNS server...
Feb 20 18:13:17 raspberrypi dnsmasq[1110]: Too few arguments.
Feb 20 18:13:17 raspberrypi dnsmasq[533]: exiting on receipt of SIGTERM
Feb 20 18:13:17 raspberrypi systemd[1]: Stopped dnsmasq - A lightweight DHCP and caching DNS server.
Feb 20 18:13:45 raspberrypi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Feb 20 18:13:45 raspberrypi dnsmasq[1190]: dnsmasq: syntax check OK.
Feb 20 18:13:45 raspberrypi dnsmasq[1201]: started, version 2.76 cachesize 150
Feb 20 18:13:45 raspberrypi dnsmasq[1201]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
Feb 20 18:13:45 raspberrypi dnsmasq-dhcp[1201]: DHCP, IP range 192.168.4.20 -- 192.168.4.100, lease time 12h
Feb 20 18:13:45 raspberrypi dnsmasq[1201]: reading /run/dnsmasq/resolv.conf
Feb 20 18:13:45 raspberrypi dnsmasq[1201]: using nameserver 8.8.8.8#53
Feb 20 18:13:45 raspberrypi dnsmasq[1201]: read /etc/hosts - 5 addresses
Feb 20 18:13:45 raspberrypi dnsmasq[1202]: Too few arguments.
Feb 20 18:13:45 raspberrypi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
Feb 20 18:23:23 raspberrypi systemd[1]: Stopping dnsmasq - A lightweight DHCP and caching DNS server...
Feb 20 18:23:23 raspberrypi dnsmasq[1374]: Too few arguments.
Feb 20 18:23:23 raspberrypi dnsmasq[1201]: exiting on receipt of SIGTERM
Feb 20 18:23:23 raspberrypi systemd[1]: Stopped dnsmasq - A lightweight DHCP and caching DNS server.
Feb 20 18:23:31 raspberrypi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Feb 20 18:23:31 raspberrypi dnsmasq[1449]: dnsmasq: syntax check OK.
Feb 20 18:23:31 raspberrypi dnsmasq[1460]: started, version 2.76 cachesize 150
Feb 20 18:23:31 raspberrypi dnsmasq[1460]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
Feb 20 18:23:31 raspberrypi dnsmasq-dhcp[1460]: DHCP, IP range 192.168.4.20 -- 192.168.4.100, lease time 12h
Feb 20 18:23:31 raspberrypi dnsmasq[1460]: reading /run/dnsmasq/resolv.conf
Feb 20 18:23:31 raspberrypi dnsmasq[1460]: using nameserver 8.8.8.8#53
Feb 20 18:23:31 raspberrypi dnsmasq[1460]: read /etc/hosts - 5 addresses
Feb 20 18:23:32 raspberrypi dnsmasq[1461]: Too few arguments.
Feb 20 18:23:32 raspberrypi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.

Only thing I see is the too few arguments message but the service is running .. would expect to get an IP on the device just internet access to be broken potentially.

root@raspberrypi:~# service dnsmasq status
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2018-02-20 18:23:32 UTC; 2h 52min ago
Process: 1374 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
Process: 1461 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCES
Process: 1452 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 1449 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Main PID: 1460 (dnsmasq)
CGroup: /system.slice/dnsmasq.service
└─1460 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -

Feb 20 18:23:31 raspberrypi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Feb 20 18:23:31 raspberrypi dnsmasq[1449]: dnsmasq: syntax check OK.
Feb 20 18:23:31 raspberrypi dnsmasq[1460]: started, version 2.76 cachesize 150
Feb 20 18:23:31 raspberrypi dnsmasq[1460]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCP
Feb 20 18:23:31 raspberrypi dnsmasq-dhcp[1460]: DHCP, IP range 192.168.4.20 -- 192.168.4.100, lease time
Feb 20 18:23:31 raspberrypi dnsmasq[1460]: reading /run/dnsmasq/resolv.conf
Feb 20 18:23:31 raspberrypi dnsmasq[1460]: using nameserver 8.8.8.8#53
Feb 20 18:23:31 raspberrypi dnsmasq[1460]: read /etc/hosts - 5 addresses
Feb 20 18:23:32 raspberrypi dnsmasq[1461]: Too few arguments.
Feb 20 18:23:32 raspberrypi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.

[SurferTim]

Check the status of the dnsmasq service.

Code: Select all

sudo service dnsmasq status

If it shows active (running), then it should also show the IP assignments issued.

[lowrob]

root@raspberrypi:~# service dnsmasq status
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-02-21 02:57:06 UTC; 1 day 14h ago
Process: 1124 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf (code=exited, status=0/SUCCESS)
Process: 1186 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
Process: 1177 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
Process: 1174 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
Main PID: 1185 (dnsmasq)
CGroup: /system.slice/dnsmasq.service
└─1185 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.d

Feb 21 02:57:05 raspberrypi systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Feb 21 02:57:05 raspberrypi dnsmasq[1174]: dnsmasq: syntax check OK.
Feb 21 02:57:05 raspberrypi dnsmasq[1185]: started, version 2.76 cachesize 150
Feb 21 02:57:05 raspberrypi dnsmasq[1185]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset
Feb 21 02:57:05 raspberrypi dnsmasq-dhcp[1185]: DHCP, IP range 192.168.4.20 -- 192.168.4.100, lease time 12h
Feb 21 02:57:05 raspberrypi dnsmasq[1185]: reading /run/dnsmasq/resolv.conf
Feb 21 02:57:05 raspberrypi dnsmasq[1185]: using nameserver 8.8.8.8#53
Feb 21 02:57:05 raspberrypi dnsmasq[1185]: read /etc/hosts - 5 addresses
Feb 21 02:57:06 raspberrypi dnsmasq[1186]: Too few arguments.
Feb 21 02:57:06 raspberrypi systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.


in the syslog when I try connect I see:
root@raspberrypi:~# tail -f /var/log/syslog
Feb 22 17:28:56 raspberrypi dhcpcd[1420]: wlan0: adding route to 192.168.4.0/24
Feb 22 17:28:56 raspberrypi dhcpcd[1420]: wlan0: adding default route via 192.168.4.1
Feb 22 17:28:56 raspberrypi dhcpcd[1420]: wlan0: soliciting an IPv6 router
Feb 22 17:28:57 raspberrypi avahi-daemon[400]: Joining mDNS multicast group on interface wlan0.IPv6 with address fe80::7c1b:2537:50ba:a1f0.
Feb 22 17:28:57 raspberrypi avahi-daemon[400]: New relevant interface wlan0.IPv6 for mDNS.
Feb 22 17:28:57 raspberrypi avahi-daemon[400]: Registering new address record for fe80::7c1b:2537:50ba:a1f0 on wlan0.*.
Feb 22 17:29:09 raspberrypi dhcpcd[1420]: wlan0: no IPv6 Routers available
Feb 22 17:32:45 raspberrypi hostapd: wlan0: STA dc:ef:ca:86:cc:75 IEEE 802.11: associated
Feb 22 17:32:45 raspberrypi hostapd: wlan0: STA dc:ef:ca:86:cc:75 RADIUS: starting accounting session 5A8EFDD7-00000000
Feb 22 17:32:45 raspberrypi hostapd: wlan0: STA dc:ef:ca:86:cc:75 WPA: pairwise key handshake completed (RSN)
Feb 22 17:33:22 raspberrypi hostapd: wlan0: STA dc:ef:ca:86:cc:75 IEEE 802.11: disassociated
Feb 22 17:33:22 raspberrypi hostapd: wlan0: STA dc:ef:ca:86:cc:75 IEEE 802.11: associated
Feb 22 17:33:22 raspberrypi hostapd: wlan0: STA dc:ef:ca:86:cc:75 RADIUS: starting accounting session 5A8EFDD7-00000001
Feb 22 17:33:22 raspberrypi hostapd: wlan0: STA dc:ef:ca:86:cc:75 WPA: pairwise key handshake completed (RSN)
Feb 22 17:33:58 raspberrypi hostapd: wlan0: STA dc:ef:ca:86:cc:75 IEEE 802.11: disassociated

[lowrob]

I got the IP assignment worked out, did a tcpdump and wasn't seeing the OFFER so I added an iptable rule to allow udp port 67 and 68 to the wlan interface and got an IP. Now I am sure I will have routing and other issues but I think this is progress.
Here is the command for anyone following along.

iptables -I INPUT -i wlan0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT