Re: [Openvpn-users] Unnumbered Tunnel interfaces?

["Erik Anderson" <erikba@xxxxxxxxxxxxxxxxx>]

Title: Unnumbered Tunnel interfaces?

I'm thinking that you're running into the rules of IP networking here.  I'm thinking that it's possible to assign the same IP to all of the TUN devices, but I'm not exactly sure what that will do.

 

You may want to look into TAP devices.  They aren't as efficient as TUN devices, but you don't have to assign IP addresses to use them.

----- Original Message -----

From: Brown, Zachary S.

To: 'openvpn-users@xxxxxxxxxxxxxxxxxxxxx'

Sent: Monday, November 03, 2003 12:09 PM

Subject: [Openvpn-users] Unnumbered Tunnel interfaces?

I want to be able to create unnumbered tunnel interfaces. I know this is possible with a little hacking around with ifconfig...

For instance, I create my tunnels on each machine:

openvpn --local X.X.X.X --remote Y.Y.Y.Y --dev tun200 --daemon

This creates my tun200 interface... Now I have to bring it up:

ifconfig tun200 up

But if I try to route anything over the tunnel, it doesn't work:

route add -net 192.168.1.0/24 dev tun200
SIOCADDRT: No such device

However, Linux does seem to support the unnumbered interface function like a Cisco router. (i.e. ip unnumbered Loopback0 would use the Loopback interface IP)

I can issue the command:

ifconfig tun200 X.X.X.X

This sets the Point-2-Point tunnel to use address X.X.X.X of the local machine, I can then add the route:

route add -net 192.168.1.0/24 dev tun200

and it will take and route properly.

I guess my question is more to the developers, is there any way to add this as a feature to allow the use of unnumbered tunnels? (i.e. each tunnel just has to use the public IP of the machine as it's side of the P2P link)

This would save on IP addresses and make things much more practical when using a large number of tunnels.

Thanks,
-Zach