[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: [Openvpn-users] trouble with tun/tap driver

Subject: Re: [Openvpn-users] trouble with tun/tap driver
From: Sean Langford <me@xxxxxxxxxxxxxxxx>
Date: Sat, 27 Apr 2002 18:57:50 -0400

Hi James,

Thank you for your prompt and detailed reply. What was happening earlier was that I built openvpn first, then realized I needed to build the tun/tap kernel module, so built that and then rebuilt openvpn - but configure (god bless it) used the cached result of NOT finding if_tun.h. I cleared configure's cache and rebuilt it again - this time it found "tun/tap v1.4". Now I'm onto a new set of problems though. Now I get:

34: Cannot ioctl TUNSETIFF tun: File descriptor in bad state (errno=77)

when trying to use the command you suggested in your email.

./openvpn --remote sjl --dev tun --ifconfig 10.4.0.1 10.4.0.2 --verb 8

I followed your directions (which match those in /usr/src/linux/Documentation/networking/tuntap.txt) in creating the /dev/net/tun file descriptor. I even deleted it and tried several times and still get this error. I have the module loaded. Strangely, I get this same behavior on both machines where I've installed openvpn. I must be doing something wrong here ... Any ideas?

Thanks!

Sean


James Yonan wrote:

[root@sjl openvpn-1.1.1]# ./openvpn --remote sjl --dev tun0 --ifconfig 10.4.0.1 10.4.0.2 --verb 8 --mktun


You are mixing persistent and non-persistent tun device usage.

For persistent usage, the --mktun flag is used to initially create a
persistent tun device, so you would do something like:

   openvpn --mktun --dev tun0

to initially make the tun device, then

   ifconfig tun0 10.1.0.7 pointopoint 10.1.0.8

to configure it, then

   openvpn --remote sjl --dev tun0 --verb 8

to create the tunnel.

Alternatively, you could do the same thing with a non-persistent tun device
with just a single command:

   openvpn --remote sjl --dev tun0 --ifconfig 10.4.0.1 10.4.0.2 --verb 8

or

   openvpn --remote sjl --dev tun --ifconfig 10.4.0.1 10.4.0.2 --verb 8

Another problem is that this error:

34: Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2)


seems to indicate that your openvpn was built with the old TUN/TAP driver.
OpenVPN's configure script should sense whether the old or new tun driver is
available and adjust accordingly.  If your openvpn was trying to access the
new driver (as it should with kernel 2.4.16), and there was an open problem
on the tun dev, you would have got an error that looked like this:

Cannot open TUN/TAP dev /dev/net/tun: [some error here]

One thing to look for is the presence of the file
/usr/include/linux/if_tun.h -- if that file exists, it tells the openvpn
build process to assume the new tun/tap driver (which supports persistent
tunnels).  If it is not found, openvpn will assume the old driver which uses
/dev/tunx rather than /dev/net/tun -- and building with the old driver will
also cause the --mktun and --rmtun options in openvpn to go away.

So first, let's resolve the ambiguity of old tun driver vs. new and
persistent tunnel vs. non-persistent.

Then, if you are using the new tun/tap driver (which should be bundled with
your kernel), make sure you do:

Make device: mknod /dev/net/tun c 10 200

Load driver: modprobe tun

Openvpn can never seem to find any tun devices. I've also tried "--dev net/tun" and "--dev /dev/net/tun0" and "--dev tun7" and always get the same result. I am running kernel 2.4.16, and have the tun/tap module installed. I've also created /dev/net/tun, and added the appropriate line into my modules.conf as outlined in the tun/tap module documentation. I'm trying this as root.


You should never need to say anything other than --dev tun or --dev tunx
where x is a number.

Ifconfig also fails:
[root@sjl openvpn-1.1.1]# ifconfig tun0 10.1.0.7 pointopoint 10.1.0.8
mtu 1450
SIOCSIFADDR: No such device
tun0: unknown interface: No such device
SIOCSIFDSTADDR: No such device
tun0: unknown interface: No such device
SIOCSIFMTU: No such device
I noticed there used to be a "--mktun" flag, but that doesnt seem to be working for me either. What am I doing wrong?


The mktun flag disappears if openvpn thinks you are using the old tun/tap
driver (this determination is made by configure at build time) which doesn't
support persistent tun/tap devs.

James

_______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users

Follow-Ups:
- Re: [Openvpn-users] trouble with tun/tap driver
  - From: James Yonan

References:
- [Openvpn-users] trouble with tun/tap driver
  - From: Sean Langford
- Re: [Openvpn-users] trouble with tun/tap driver
  - From: James Yonan

Prev by Date: Re: [Openvpn-users] trouble with tun/tap driver
Next by Date: Re: [Openvpn-users] trouble with tun/tap driver
Previous by thread: Re: [Openvpn-users] trouble with tun/tap driver
Next by thread: Re: [Openvpn-users] trouble with tun/tap driver
Index(es):
- Date
- Thread