Questions tagged [tun]

73 questions
110
votes
11 answers

Should I use tap or tun for openvpn?

What are the differences between using dev tap and dev tun for openvpn? I know the different modes cannot inter-operate. What is the technical differences, other then just layer 2 vs 3 operation. Are there different performance characteristics, or…
Thomaschaaf
  • 3,012
  • 5
  • 29
  • 24
11
votes
1 answer

How to create /dev/tun device inside unprivileged LXC container?

This question is similar to No tun device in lxc guest for openvpn . The LXC has evolved and the unprivileged LXC containers were introduced recently that offer another layer of security against breaking the jail. I need to create an OpenVPN server…
Adam Ryczkowski
  • 690
  • 1
  • 9
  • 29
10
votes
2 answers

Forwarding traffic from TUN device (C++ backend) to the default gateway

The following problem is just a piece of the bigger solution I have a problem with. All other elements seem working so far, so I'll try to describe very small piece which I have problem with. I've got a linux machine, with tun0 (tunneling interface)…
Marcin Górski
  • 101
  • 1
  • 5
9
votes
2 answers

OpenVPN persist-tun option - what's the point?

According the OpenVPN 2 Cookbook: The persist-tun and persist-key options are used to ensure that the connection comes back up automatically if the underlying network is disrupted. These options are necessary when using user nobody and group…
tenjohn
  • 193
  • 1
  • 1
  • 5
6
votes
8 answers

opvnvpn: addressing nodes in LAN-behinds

I've setup an openvpn server which i can access remotely, once it is connected, it creates a tun0 device on both server and client with virtual ip 10.15.119.x. the openvpn server is itself 10.15.119.1. Question: how do i address other nodes in the…
lurscher
  • 162
  • 1
  • 3
  • 17
6
votes
2 answers

OpenVPN with iptables and a tun interface

With an openvpn tunnel that uses a tun device, what iptables rules allow the encapsulated traffic through and what rules control the packets after encapsulation? Basically, I am wondering how the order of operations works with iptables and openvpn…
Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
5
votes
3 answers

How do VPN servers/clients avoid routing their own remote connection packets through themself?

I am trying to conceptualise how networking works under the hood for linux VPNs which use TUN interfaces. My current best guess is as follows (please correct me): Connection established to remote client/server. TUN interface created and brought…
5
votes
2 answers

openvpn: connection established, can't ping server tun interface (debian server, windows & os x clients)

My goal: I want to set up openVPN on a vServer from the company netcup, running Debian squeeze. I only want a VPN connection from client to server; clients should not be able to see each other, also the server doesn't need to serve as a gateway to…
hreimer
  • 171
  • 1
  • 2
  • 9
5
votes
2 answers

How can I configure openvpn to proxy traffic only for processes that bind to the tun interface?

I'm trying to configure openvpn so that only traffic from certain processes goes over the vpn, but those processes could connect to anywhere. I'm trying to do that by having openvpn not do any route configuration (--route-noexec) and having…
bobpoekert
  • 263
  • 2
  • 8
4
votes
1 answer

iptables: access connected openvpn client from the LAN with the VPN server

I have what is essentially a routing problem, and I'm not familiar enough with routing and iptables to effectively troubleshoot and set up my network needs. What's working I have an openVPN network set up and working; clients can connect to a LAN…
jobu1324
  • 475
  • 4
  • 9
  • 17
4
votes
1 answer

Why doesn't TUN device have BROADCAST flag?

When creating a TUN device in Linux, on my machine the created TUN device has following flags: Clearly MULTICAST is listed in there but not BROADCAST. Since TUN device works with IP packets, it's the…
Song Gao
  • 141
  • 4
4
votes
1 answer

Forward IP packets to tunnel device

I have created an tunnel device using ip tuntap add dev tun0 mode tun user 0 group 0 I then assign it an ip address 192.168.0.1/22 ifconfig tun0 192.168.0.1 netmask 255.255.252.0 On my ethernet device eth0, I receive packets from machines in the…
Ashwin
  • 41
  • 3
4
votes
3 answers

How do I enable TUN/TAP forwarding?

I have a program which writes packets (destination address 10.3.0.2) to the TUN/TAP interface. Network: host1|tun0----eth1(10.3.0.1)|-------------------host2|eth1(10.3.0.2)| Wireshark captures these packets from interface tun0 but they are not…
rafal
  • 41
  • 1
  • 1
  • 2
4
votes
1 answer

OpenVPN Cannot allocate TUN/TAP dev dynamically

OpenVPN clients work fine when they're started by /etc/init.d/openvpn for the first time, but they can't reconnect if the master server is restarted. This is the error I get in syslog: ovpn-openvpn[8113]: Note: Cannot ioctl TUNSETIFF tun: Operation…
Akarot
  • 143
  • 1
  • 2
  • 10
3
votes
1 answer

Multiqueue tun/tap interface

I am trying to understand how Multiqueue tuntap interface works. Following the instructions provided at: https://www.kernel.org/doc/Documentation/networking/tuntap.txt I was able to create multiple queues. However, I don't know how to check the…
Deys Nima
  • 51
  • 5
1
2 3 4 5