Re: [vserver] OpenVPN Interface

From: Gordan Bobic <gordan_at_bobich.net>
Date: Tue 23 Nov 2010 - 14:50:09 GMT
Message-ID: <4CEBD4A1.6000309@bobich.net>

Christian Bricart wrote:
> Gordan Bobic wrote:
>> Hi,
>>
>> I'm trying to get an OpenVPN server running in a guest and I have a
>> peculiar problem. I cannot seem to manually create an OpenVPN interface
>> exactly the same as what is created by:
>>
>> # openvpn --mktun --dev tun0
>> TUN/TAP device tun0 opened
>> Persist state set to: ON
>>
>> # ip link
>> 77: tun0: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN
>> qlen 100
>> link/[65534]
>>
>>
>> How can a device with link type [65534] be created using the ip
>> commands? The closest I could come up with is something like:
>> # ip tunnel add tun0 mode ipip local 192.168.0.1 remote 192.168.0.2
>> # ip link set tun0 mtu 1500
>> # ip addr add dev tun0 local 192.168.0.1 peer 192.168.0.2
>>
>> But that ends up with link type ipip and openvpn with ifconfig-noexec
>> cannot seem to use it (it tries to look for non-existant device node
>> /dev/tun0). When tun0 is created using:
>> # openvpn --mktun --dev tun0
>> it works fine.
>>
>> Ideally I want to make the device come up using the standard distro
>> ifcfg config scripts rather than the openvpn command. Has anyone managed
>> to get that to work?
>
> You can alternatively use tunctl(8) to set up an persistent TUN/TAP device.

Thanks, I'll look into tunctl, but the problem is that the default init
initiated interface config is done by ip rather than tunctl.

> I would have answered your question about "distro config", if you'd stated
> what your "distro" is.. ;-)

It's RedHat 6, but Fedora and SuSE use very similar init scripts, too. I
was hoping to have it come up at boot time by having a suitable
/etc/sysconfig/network-scripts/ifcfg-tun0 config file so I don't have to
write a custom init script for it and more importantly, so I don't have
to have openvpn installed in the host.

Gordan
Received on Tue Nov 23 14:50:56 2010

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 23 Nov 2010 - 14:50:56 GMT by hypermail 2.1.8