illumos-joyent icon indicating copy to clipboard operation
illumos-joyent copied to clipboard

Published 20 hours ago verified publisher icon TritonDataCenter

Cannot create tun0 only with local address

Open tuxillo opened this issue 9 years ago • 3 comments

Hi,

I am trying to setup Tinc VPN in a SmartOS zone and for that I am trying to find the correct set of commands needed to create a tun0 interface with only the local point address set on it, but so far I am not being able to:

[root@vpn01 ~]# dladm create-iptun -T ipv4 -a local=172.16.12.10 tun0
[root@vpn01 ~]# ipadm create-if tun0
[root@vpn01 ~]# ipadm create-addr -T static -a local=172.16.12.10/24 tun0/v4
ipadm: Could not create address: Invalid argument provided
[root@vpn01 ~]# ipadm show-if
IFNAME     STATE    CURRENT      PERSISTENT
lo0        ok       -m-v------46 ---
net0       ok       bm-------Z4- ---
tun0       failed   -mp-------46 -46
[root@vpn01 ~]# dladm show-iptun
LINK            TYPE  FLAGS  LOCAL               REMOTE
tun0            ipv4  --     172.16.12.10        --

Any help is appreciated.

Best regards, Antonio Huete

tuxillo avatar Jul 13 '16 15:07 tuxillo

Hey @tuxillo I happened to stumble upon this issue while helping a customer with tinc vpn. It turns out the dladm and ipadm commands are used for modifying the native ip tunnel devices. Which are actually a bit different from the devices provided by the tun/tap module.

After telling tinc to use /dev/tun you will end up with a device such as tun0. This device can be configured with something like the following in tinc-up

#!/bin/sh
ifconfig $INTERFACE 10.10.10.1 100.64.64.64 netmask 255.255.0.0 up
route add 10.10.10.0/24 100.64.64.64

The 100.64.64.64 address here is not really relevant.

In this configuration I am able to give the alpha host 10.10.10.1 and the beta host 10.10.10.2 These hosts are able to ping each other and pass traffic through.

If you need tinc to also act as a router you will need to allow ip spoofing and enable ipv4 routing via routeadm

papertigers avatar Apr 18 '17 20:04 papertigers

Hi,

Thanks for the comments. Just curious, are you using tinc between to SmartOS zones? If so, are you getting packet drops, connections stuck when transfering certain amount of data (scp) ,etc?

There are a few commits on tinc-vpn master branch like the one below, that help solving the issue. Also I'll be sending upstream the manifest/method I created for starting tinc soon enough

https://github.com/gsliepen/tinc/commit/c6c6ba9969f76eff7b7de9308c2736d7ff1d720e

Regards, Antonio Huete

tuxillo avatar Jun 11 '17 09:06 tuxillo

There is a commit referencing this issue, does it mean this issue is no longer relevant?

tuxillo avatar Jul 30 '19 00:07 tuxillo