2015-10-14 14:29 GMT+08:00 Magiel van der Meer <[email protected]>:
> The tap0 interface seems down, thats why ifconfig isnt showing it. Ifconfig
> is deprecated and will, depending on your distro, be removed in favor of 'ip'.
>
> You can try to tell the client to bring the tap device up but you should
> google for the command, dont know it by heart. Not sure why the tap interface
> is down, I believe the openvpn client process should bring it up when the
> connection is succesfull
Thanks, I tried the following two commands:
sudo ifconfig tap0 up
or
sudo ip link set tap0 up
Bothe of them can bring up the tap device. See the followong for detail:
$ sudo ifconfig
[snipped]
tap0 Link encap:Ethernet HWaddr 16:66:ee:12:66:1e
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:55 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2610 (2.5 KiB) TX bytes:0 (0.0 B)
But, as you can see, the tap device leave unconfiged with any addresses.
How should solve this issue?
Regards
>
> --
> Met vriendelijke groet,
> With kind regards,
>
> Magiel van der Meer
> [email protected]
>
> On 14 Oct 2015, at 03:46, Hongyi Zhao <[email protected]> wrote:
>
>>> Hi,
>>
>>> I see what you mean. It has been a while I have last worked with TUN
>>> adapters. I’m always using TAP. But I remember > that TUN interfaces aren’t
>>> ‘normal’ network devices as we're used to. Look at the net mask definition
>>> of the tungfwlbist > interface. This is a /32. For your Linux system there
>>> is only 1 IP address in this /32, namely 10.211.72.117. Any other > address
>>> (even the remote site ’10.211.72.118’) is outside this scope. Linux will
>>> fail adding custom routing to an
>>> address outside the subnet.
>>
>>> You can try two things: let openvpn handle all routing, although I
>>> understand that this is not desirable in your situation. > Second, switch
>>> to use TAP interfaces. These emulate ethernet devices and if you’re using a
>>> bigger subnet with the
>>> VPN server having an IP address ending in .1, you can use personal, custom
>>> routing within your operating system. For > this reason i’m always using
>>> TAP.
>>
>>> Regards,
>>> Magiel
>>
>> Based on your advice, I've tried the openvpn with ``--dev tap``
>> option, for detail, you can see the following output
>> log by openvpn:
>>
>>
>> ----------------
>> $ sudo openvpn --config vpngate_183.161.242.87_tcp_1220.ovpn --dev tap
>> [snipped]
>> Wed Oct 14 09:29:29 2015 TUN/TAP device tap0 opened
>> Wed Oct 14 09:29:29 2015 TUN/TAP TX queue length set to 100
>> Wed Oct 14 09:29:29 2015 Initialization Sequence Completed
>> -------------------
>>
>> Then I run the following commands to check the openvpn tap0 nic card
>> and corresponding route table setting:
>>
>> $ sudo ifconfig
>> eth0 Link encap:Ethernet HWaddr 0c:c4:7a:6a:f7:f0
>> inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> RX packets:27503 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:26596 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:1000
>> RX bytes:15565564 (14.8 MiB) TX bytes:6109190 (5.8 MiB)
>> Memory:de200000-de27ffff
>>
>> eth1 Link encap:Ethernet HWaddr 0c:c4:7a:6a:f7:f1
>> UP BROADCAST MULTICAST MTU:1500 Metric:1
>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:1000
>> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
>> Memory:de100000-de17ffff
>>
>> lo Link encap:Local Loopback
>> inet addr:127.0.0.1 Mask:255.0.0.0
>> UP LOOPBACK RUNNING MTU:65536 Metric:1
>> RX packets:13629 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:13629 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:1462913 (1.3 MiB) TX bytes:1462913 (1.3 MiB)
>>
>> $ ip link
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
>> mode DEFAULT group default
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
>> mode DEFAULT group default qlen 1000
>> link/ether 0c:c4:7a:6a:f7:f0 brd ff:ff:ff:ff:ff:ff
>> 3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state
>> DOWN mode DEFAULT group default qlen 1000
>> link/ether 0c:c4:7a:6a:f7:f1 brd ff:ff:ff:ff:ff:ff
>> 16: tap0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
>> DEFAULT group default qlen 100
>> link/ether c6:d0:66:11:4e:be brd ff:ff:ff:ff:ff:ff
>>
>> As you can see, the ifconfid will not show the tap0 at all for me,
>> while the ``ip link`` can give the information on it.
>>
>> And the route table for tap0 is empty:
>>
>> $ ip route show dev tap0
>>
>> At this step, how should I do the further settings so let the openvpn
>> client can work for me with appropriate routing tables?
>>
>> Regards
>>
>>
>>> On 13 Oct 2015, at 15:04, Hongyi Zhao <[email protected]> wrote:
>>>
>>> 2015-10-13 14:54 GMT+08:00 Magiel van der Meer <[email protected]>:
>>>> This means most likely that the default gateway you're trying to add isn't
>>>> within a local connected subnet.
>>>
>>> See the information in detail for my case:
>>>
>>> $ sudo ifconfig
>>> eth0 Link encap:Ethernet HWaddr 0c:c4:7a:6a:f7:f0
>>> inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>> RX packets:5605 errors:0 dropped:0 overruns:0 frame:0
>>> TX packets:10072 errors:0 dropped:0 overruns:0 carrier:0
>>> collisions:0 txqueuelen:1000
>>> RX bytes:2846126 (2.7 MiB) TX bytes:2330753 (2.2 MiB)
>>> Memory:de200000-de27ffff
>>>
>>> eth1 Link encap:Ethernet HWaddr 0c:c4:7a:6a:f7:f1
>>> UP BROADCAST MULTICAST MTU:1500 Metric:1
>>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>> collisions:0 txqueuelen:1000
>>> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
>>> Memory:de100000-de17ffff
>>>
>>> lo Link encap:Local Loopback
>>> inet addr:127.0.0.1 Mask:255.0.0.0
>>> UP LOOPBACK RUNNING MTU:65536 Metric:1
>>> RX packets:4969 errors:0 dropped:0 overruns:0 frame:0
>>> TX packets:4969 errors:0 dropped:0 overruns:0 carrier:0
>>> collisions:0 txqueuelen:0
>>> RX bytes:468967 (457.9 KiB) TX bytes:468967 (457.9 KiB)
>>>
>>> tun-gfwlist Link encap:UNSPEC HWaddr
>>> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>>> inet addr:10.211.72.117 P-t-P:10.211.72.118 Mask:255.255.255.255
>>> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
>>> RX packets:1919 errors:0 dropped:0 overruns:0 frame:0
>>> TX packets:1597 errors:0 dropped:0 overruns:0 carrier:0
>>> collisions:0 txqueuelen:100
>>> RX bytes:1215481 (1.1 MiB) TX bytes:200464 (195.7 KiB)
>>>
>>> For my case, the eth0 is up, the eth0 is down. And the vpn created a
>>> virtual nic named as tun-gfwlist.
>>>
>>> As you can see, the tun-gfwlist use point to point method to connetc
>>> the remote network. And the gateway may be different for each
>>> connection. So I use the the following command to create all of these
>>> route table entries used by openvpn:
>>>
>>> sudo ip route add dstination-network-address/cidr-prefix dev
>>> tun-gfwlist table openvpn
>>>
>>> And then I meet the issue I posted here.
>>>
>>> Regards
>>>
>>>>
>>>> --
>>>> Met vriendelijke groet,
>>>> With kind regards,
>>>>
>>>> Magiel van der Meer
>>>> [email protected]
>>>>
>>>>> On 13 Oct 2015, at 05:58, Hongyi Zhao <[email protected]> wrote:
>>>>>
>>>>> Hi all,
>>>>>
>>>>> I use openvpn to access the web via the vpngate's vpn servers.
>>>>>
>>>>> I don't use the global vpn mode, so I must add some specific routes
>>>>> for the websites which I want to access throuth the
>>>>> vpngate's vpn servers. For my case, I use the --route-nopull option
>>>>> for this purpose.
>>>>>
>>>>> Due to the route tables used by openvpn for my purpose may be so huge.
>>>>> I use the following method to save the route tables used by openvpn
>>>>> and restore them:
>>>>>
>>>>> ip route save table openvpn > rt_openvpn
>>>>>
>>>>> And then, after I restart my openvpn and connected susscessfully,
>>>>> issuing the following command:
>>>>>
>>>>> sudo ip route restore table openvpn < rt_openvpn
>>>>>
>>>>> But, at this step, I meet the following errors:
>>>>>
>>>>> RTNETLINK answers: No such device
>>>>>
>>>>> And failed to restore the previously save route tables.
>>>>>
>>>>> Any hints for this issue?
>>>>>
>>>>> Regards
>>>>> --
>>>>> Hongyi Zhao <[email protected]>
>>>>> Xinjiang Technical Institute of Physics and Chemistry
>>>>> Chinese Academy of Sciences
>>>>> GnuPG DSA: 0xD108493
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> _______________________________________________
>>>>> Openvpn-users mailing list
>>>>> [email protected]
>>>>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>>>
>>>
>>>
>>> --
>>> Hongyi Zhao <[email protected]>
>>> Xinjiang Technical Institute of Physics and Chemistry
>>> Chinese Academy of Sciences
>>> GnuPG DSA: 0xD108493
>> <smime.p7s>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Openvpn-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
--
Hongyi Zhao <[email protected]>
Xinjiang Technical Institute of Physics and Chemistry
Chinese Academy of Sciences
GnuPG DSA: 0xD108493
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
