OpenVPN trouble (tap0 does not exist) [SOLVED]

[daemonflower]

Hey,

I don't know much about VPNs in the first place, and setting up an OpenVPN client is beating me.

I tried to follow the HOWTO at gentoo-wiki-com, but I'm stuck at the point where I actually have to start the bridged interface:

Code: Select all

# /etc/init.d/net.br0 start
 * Service net.br0 starting
 network interface tap0 does not exist
 Please verify hardware or kernel module (driver)                         [ !! ]
 * ERROR:  net.br0 failed to start

Now I don't understand much about tunnels, taps or bridge devices, but I followed the tutorial as good as I could (setting up only a client and not the server too, as in the HOWTO). That is, I have Ethernet bridging (CONFIG_BRIDGE) and TUN/TAP support (CONFIG_TUN) compiled into the kernel, emerged openvpn, created the necessary certificates and got them signed by the server, then created the configuration (really just copied them from what the server side's admin gave me). As far as I understood it, I should be able to start the bridge interface then, as above.

Here is my /etc/openvpn/openvpn.conf:

Code: Select all

persist-tun
dev tun0
verb 2
comp-lzo
client
tls-client
proto udp
persist-key
ca /etc/openvpn/ca.crt
key /etc/openvpn/triton.key
cert /etc/openvpn/triton.crt
key-method 2
ns-cert-type server
writepid /var/run/openvpn.pid
remote *************
route 10.0.0.0 255.0.0.0
route 192.168.0.0 255.255.0.0
route 172.16.0.0 255.240.0.0
route 212.91.251.180
route 212.91.251.181

Any help appreciated.

Thanks!

[magic919]

Device failure is tap0 but device in config is tun0.

[daemonflower]

That's true. It does not work any way.

In fact I noticed that before and tried to change tun0 in the config file to tap0. That gave me the exact same error.

I thought OpenVPN is supposed to create the device by itself...

Just a wild guess: Would it help to do a ln -s /etc/init.d/net.lo /etc/init.d/net.tun0?

And finally, here is my /etc/conf.d/net, adapted from the HOWTO:

Code: Select all

config_eth0=( "dhcp" )
config_eth1=( "192.168.32.30 netmask 255.255.255.0 broadcast 192.168.32.255" )
# I had to comment out the following, because starting the service gave the error
# The module "openvpn" does not exist
#modules=( "openvpn" )
# config_tap0=( "0.0.0.0" )
bridge_br0=( "eth0 tap0" )
config_br0=( "192.168.0.254/24" )
brctl_br0=( "stp on" )
depend_br0() {
        need net.eth0 openvpn
}

[drescherjm]

Are you sure that the tun driver is loaded?

Code: Select all

lsmod | grep tun

If not

Code: Select all

modprobe tun

And then place it in your /etc/modules.autoload.d/kernel-2.6

Code: Select all

echo "tun" >> /etc/modules.autoload.d/kernel-2.6

[daemonflower]

Thank you for your reply. You've hit on something. As I discovered, the HOWTO I mentioned above forgot to note that I need this. I have in the meantime compiled it into the kernel and it did not change the error message.

I have changed the /etc/conf.d/net somewhat. It became clear that I had no idea about how VPNs, tunnels and taps work. I think the place to solve the problem is now /etc/conf.d/net. The example I took from gentoo-wiki.com is unusable, this is how far I got until now. If anybody could debug it, that would be nice.

Code: Select all

# commented out because /etc/init.d/net.br0 start gives the error:
# The module "openvpn" does not exist
#modules=( "openvpn" )
# taken from net.example
tuntap_tap0="tap"
# net.example says I need to set them to null for bridging
config_eth0=( "null" )
config_tap0=( "null")

bridge_br0=( "eth0 tap0" )
config_br0=( "dhcp" )
# routes_br0=( "default via 192.168.2.44" )

# do I need the following?
brctl_br0=( "stp on" )

depend_br0() {
        need net.eth0 openvpn net.tap0
}

With this configuration I get the following messages in the syslog on starting net.br0:

Code: Select all

Aug 30 20:32:44 ganymede udevd-event[23876]: rename_netif: error changing netif name: Invalid argument
Aug 30 20:32:44 ganymede device tap0 entered promiscuous mode
Aug 30 20:32:44 ganymede br0: port 2(tap0) entering listening state
Aug 30 20:32:44 ganymede br0: port 1(eth0) entering listening state
Aug 30 20:32:54 ganymede tap0: no IPv6 routers present
Aug 30 20:32:54 ganymede br0: no IPv6 routers present
Aug 30 20:32:59 ganymede br0: port 2(tap0) entering learning state
Aug 30 20:32:59 ganymede br0: port 1(eth0) entering learning state
Aug 30 20:33:14 ganymede br0: topology change detected, propagating
Aug 30 20:33:14 ganymede br0: port 2(tap0) entering forwarding state
Aug 30 20:33:14 ganymede br0: topology change detected, propagating
Aug 30 20:33:14 ganymede br0: port 1(eth0) entering forwarding state
Aug 30 20:33:44 ganymede dhcpcd[24360]: timed out waiting for a valid DHCP server response
Aug 30 20:33:44 ganymede br0: port 2(tap0) entering disabled state
Aug 30 20:33:44 ganymede br0: port 1(eth0) entering disabled state
Aug 30 20:33:44 ganymede rc-scripts: ERROR:  net.br0 failed to start

Strangely, retrying it to reproduce the messages gives me yet another error:

Code: Select all

Aug 30 20:51:43 ganymede skge eth0: enabling interface
Aug 30 20:51:45 ganymede skge eth0: Link is up at 100 Mbps, full duplex, flow control tx and rx
Aug 30 20:51:48 ganymede openvpn[28863]: OpenVPN 2.0.7 x86_64-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Aug 28 2006
Aug 30 20:51:48 ganymede openvpn[28863]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Aug 30 20:51:48 ganymede openvpn[28863]: WARNING: file '/etc/openvpn/triton.key' is group or others accessible
Aug 30 20:51:48 ganymede openvpn[28863]: LZO compression initialized
Aug 30 20:51:48 ganymede openvpn[28863]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Aug 30 20:51:48 ganymede openvpn[28863]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Aug 30 20:51:48 ganymede openvpn[28863]: Local Options hash (VER=V4): '41690919'
Aug 30 20:51:48 ganymede openvpn[28863]: Expected Remote Options hash (VER=V4): '530fdded'
Aug 30 20:51:48 ganymede openvpn[28865]: UDPv4 link local (bound): [undef]:1194
Aug 30 20:51:48 ganymede openvpn[28865]: UDPv4 link remote: 212.91.251.174:1194
Aug 30 20:51:48 ganymede openvpn[28865]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=DE/ST=Berlin/L=Berlin/O=taz_OpenVPN/OU=EDV/CN=openvpn.taz.de/emailAddress=openvpn@taz.de
Aug 30 20:51:48 ganymede openvpn[28865]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Aug 30 20:51:48 ganymede openvpn[28865]: TLS Error: TLS object -> incoming plaintext read error
Aug 30 20:51:48 ganymede openvpn[28865]: TLS Error: TLS handshake failed
Aug 30 20:51:48 ganymede openvpn[28865]: TCP/UDP: Closing socket
Aug 30 20:51:48 ganymede openvpn[28865]: SIGUSR1[soft,tls-error] received, process restarting
Aug 30 20:51:48 ganymede device tap0 left promiscuous mode
Aug 30 20:51:48 ganymede br0: port 2(tap0) entering disabled state
Aug 30 20:51:48 ganymede device tap0 entered promiscuous mode
Aug 30 20:51:48 ganymede br0: port 2(tap0) entering listening state
Aug 30 20:51:48 ganymede br0: port 1(eth0) entering listening state
Aug 30 20:51:49 ganymede br0: port 2(tap0) entering disabled state
Aug 30 20:51:49 ganymede br0: port 1(eth0) entering disabled state
Aug 30 20:51:49 ganymede br0: port 1(eth0) entering disabled state
Aug 30 20:51:49 ganymede device tap0 left promiscuous mode
Aug 30 20:51:49 ganymede br0: port 2(tap0) entering disabled state
Aug 30 20:51:49 ganymede rc-scripts: network interface br0 does not exist
Aug 30 20:51:49 ganymede rc-scripts: Please verify hardware or kernel module (driver)
Aug 30 20:51:49 ganymede rc-scripts: ERROR:  net.br0 failed to start

[daemonflower]

After a long time of experimenting and emailing with the server's admin I found a solution. Sorry that the way to it was too convoluted so I can't really reproduce what the solution really was. I'll just post my openvpn.conf and conf.d/net which work, in case it helps someone.

openvpn.conf:

Code: Select all

persist-tun
dev tun0
verb 2
comp-lzo
client
tls-client
proto udp
persist-key
ca /etc/openvpn/ca.crt
key /etc/openvpn/triton.key
cert /etc/openvpn/triton.crt
key-method 2
ns-cert-type server
writepid /var/run/openvpn.pid
remote ******.***.**
route 10.0.0.0 255.0.0.0
route 192.168.0.0 255.255.0.0
route 172.16.0.0 255.240.0.0
route ***.**.***.***
route ***.**.***.***

/etc/conf.d/net:

Code: Select all

config_eth0=( "dhcp" )
bridge_br0=( "eth0 tap0" )
config_br0=(
        "dhcp"
)
brctl_br0=( "stp on" )
depend_br0() {
        need net.eth0 openvpn
}

[mhl_cz]

Hi, I followed this HOWTO. I've enabled TUN/TAP in kernel, successfully loaded "tun" module, set up /etc/conf.d/net regarding to my current setup of net interfaces(see below) however I've got this error:

Code: Select all

/etc/init.d/net.br0 start
 * Starting tap0
 *   Bringing up tap0
 *     0.0.0.0
 *     tap0 does not exist
 * ERROR:  Problem starting needed services.
 *         "net.br0" was not started.

/etc/conf.d/net

Code: Select all

#eth0 - internet
#eth1 - private network
config_eth0=( "dhcp" )

depend_br0()
{
   need net.tap0 net.eth1
}

tuntap_tap0="tap"
config_eth0=( "null" )
config_tap0=( "0.0.0.0 promisc" )
bridge_br0="eth1 tap0"
config_br0=( "192.168.2.1" )

dmesg seems all right

Code: Select all

dmesg | tail
eth1: RealTek RTL8139 at 0xe000, 4c:00:10:70:3d:34, IRQ 11
eth1:  Identified 8139 chip type 'RTL-8100B/8139D'
IPv4 over IPv4 tunneling driver
Bridge firewalling registered
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
eth1: link up, 100Mbps, full-duplex, lpa 0x45E1
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>

thanks, mhl_cz

[magic919]

People don't generally reply to posts marked as solved. You should start a thread.

[UberLord]

Have you emerged openvpn or usermode-utilities?