2.4.25 tun device for openVPN [solved - bad config]

Message

flickerfly · Post by **flickerfly** » Tue Mar 16, 2004 7:41 pm

I have installed and configured openVPN. I have also compiled the tun module and issued the command modprobe tun. I have /dev/net/tun in place. When I run openvpn with verbose messaging I get the following

Code: Select all

86: tun/tap device tun0 opened
87: /sbin/ifconfig tun0 10.3.0.1 pointopoint 255.255.255.0 mtu 1256
SIOCSIFDSTADDR: Invalid argument
88: Linux ifconfig failed: shell command exited with error status: 1
89: Exiting

I tried the command by hand at get the following:

Code: Select all

# ifconfig tun0 10.3.0.1 pointopoint 255.255.255.0
SIOCSIFADDR: No such device
tun0: unknown interface: No such device
SIOCSIFDSTADDR: No such device
tun0: unknown interface: No such device

I've been looking all over for information on how to better troubleshoot this, but have been shooting blanks so far. Any help would be appreciated. I'm thinking that in order to do this by hand, I'll have to learn a bit more about setting up a tunnel.

I assume that openvpn is having issues because the destination address is being set to a netmask. The config file is below:

Code: Select all

dev tun
remote 10.3.0.2
ifconfig 10.3.0.1 255.255.255.0
secret /etc/openvpn/test/openvpn.key

Chris W · Post by **Chris W** » Tue Mar 16, 2004 10:53 pm

You really need to understand the Simple Examples from the man page--particularly Example 2.

The two arguments to the ifconfig configuration file option are the addresses of the near and far endpoints of the tunnel--typically two private addresses like 10.0.0.1 and 10.0.0.2 that are not address from either private network. You have the far address and a netmask. The argument to remote should be the public address of the far end--the real Internet address if that's what is in between. I assume you've tried using a netmask in order to establish routing between the two tunnelled networks. This must be done by adding routing information after the tunnel is established. The openvpn executable can automatically run a script to do this for you.

Your config should look like:

Code: Select all

dev tun
remote far.end.real.ip
ifconfig 10.3.0.1 10.3.0.2
secret /etc/openvpn/test/openvpn.key
up tunnel.up
down tunnel.down

At the far end the ifconfig line will have the addresses reversed and your public ip address in the remote argument. Tunnel.up and tunnel.down are scripts to add/remove routes when the tunnel is established/torn down. You need to write these yourself using knowledge of the remote network. Something like:

Code: Select all

#!/bin/bash
route add -net 192.168.1.0 netmask 255.255.255.0 gw $5

and

Code: Select all

#!/bin/bash
route del -net 192.168.1.0 netmask 255.255.255.0 gw $5

flickerfly · Post by **flickerfly** » Wed Mar 17, 2004 2:11 am

Thanks, you are right. I entirely missed on the examples. I pulled and patched that together from various examples on the web. I obviously didn't do a good job of patching, eh. Anyway, what you described helped me to get it up and running. Now I just need to get the TLS/SSL working instead and I'll be all set. I'll have to see if I can put together a Gentoo doc on this as I'm sure many would enjoy it. VPN is a cool technology that I wish I'd explored awhile ago.