Re: [vserver] OpenVPN Interface:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [vserver] OpenVPN Interface

From: Gordan Bobic <gordan_at_bobich.net>
Date: Tue 23 Nov 2010 - 15:29:13 GMT
Message-ID: <4CEBDDC9.9090605@bobich.net>

Gordan Bobic wrote:
> Christian Bricart wrote:
>> Gordan Bobic wrote:
>>> Hi,
>>>
>>> I'm trying to get an OpenVPN server running in a guest and I have a
>>> peculiar problem. I cannot seem to manually create an OpenVPN interface
>>> exactly the same as what is created by:
>>>
>>> # openvpn --mktun --dev tun0
>>> TUN/TAP device tun0 opened
>>> Persist state set to: ON
>>>
>>> # ip link
>>> 77: tun0: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN
>>> qlen 100
>>> link/[65534]
>>>
>>>
>>> How can a device with link type [65534] be created using the ip
>>> commands? The closest I could come up with is something like:
>>> # ip tunnel add tun0 mode ipip local 192.168.0.1 remote 192.168.0.2
>>> # ip link set tun0 mtu 1500
>>> # ip addr add dev tun0 local 192.168.0.1 peer 192.168.0.2
>>>
>>> But that ends up with link type ipip and openvpn with ifconfig-noexec
>>> cannot seem to use it (it tries to look for non-existant device node
>>> /dev/tun0). When tun0 is created using:
>>> # openvpn --mktun --dev tun0
>>> it works fine.
>>>
>>> Ideally I want to make the device come up using the standard distro
>>> ifcfg config scripts rather than the openvpn command. Has anyone managed
>>> to get that to work?
>>
>> You can alternatively use tunctl(8) to set up an persistent TUN/TAP
>> device.
>
> Quick question about this - if my openvpn server daemon is running as an
> unprivileged user in the guest how does/should this relate to the owner
> of the tun interface in the host? Does it matter?
>
> Further, if I create the tunnel interface with:
> # tunctl -t tun0
> # ifconfig tun0 192.168.0.1 pointopoint 192.168.0.2
>
> things work as expected and openvpn doesn't report any errors at startup.
>
> But if I instead do:
> # tunctl -t tun0
> # ip addr add dev tun0 local 192.168.0.1 peer 192.168.0.2
>
> openvn fails to be able to add the routes (just testing this on the host
> at the moment, it's not running in the guest yet).
>
> According to the ip link and ip addr output, when using ifconfig and ip,
> the end result is identical. What did I miss?

*facepalm*

Disregard that last bit, please. I forgot to:
# ip link set dev tun0 up

Gordan
Received on Tue Nov 23 15:29:55 2010

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 23 Nov 2010 - 15:29:55 GMT by hypermail 2.1.8