Re: socat does not provide TUN/TAP support

2023-11-17 Thread Luca Di Gregorio
I decided to do a watchdog script,
vxlan works fine.
One endpoint is an old 5$ raspberry 0, its
CPU is much happier with vxlan than with wg.
Thanks again

Il giorno gio 16 nov 2023 alle 10:41 Stuart Henderson 
ha scritto:

> Ah, so it's an existing upstream feature that just isn't working on
> OpenBSD yet. That wasn't clear from the earlier mails.
>
> That could be something which is reasonable to patch in ports.
> Though for your use case, I think you'll be happier with performance
> of something in-kernel. If vxlan doesn't work for you then wg may well
> be your best bet, as long as you don't have a specific reason to
> avoid encryption.
>
>
> On 2023/11/13 16:29, Luca Di Gregorio wrote:
> > Socat upstream tells me that they don't have resource/time
> > to add tun/tap support on OpenBSD.
> >
> > No matter anyway.
> > Thanks again
> >
> >
> > Il giorno lun 13 nov 2023 alle ore 10:19 Luca Di Gregorio <
> luc...@gmail.com>
> > ha scritto:
> >
> > > I will do it.
> > > Anyway, a few months ago I noticed a similar issue on vlc.
> > > Prior 7.4, OpenBSD port didn't have the telnet interface available.
> > > Some gentlemen here in ports@openbsd.org added it and now it's
> available
> > > in 7.4.
> > > That is why I submitted the question related to socat and TUN.
> > > Thanks
> > >
> > > Il giorno dom 12 nov 2023 alle ore 11:54 Theo de Raadt <
> > > dera...@openbsd.org> ha scritto:
> > >
> > >> you would need to talk to socat upstream, because in general the ports
> > >> team do not add features
> > >>
> > >> Luca Di Gregorio  wrote:
> > >>
> > >> > I would like to set a point to point interface encapsulating
> packets via
> > >> > UDP.
> > >> >
> > >> > It would be like a point to point wireguard but:
> > >> >  - without authentication (I can set permissions in PF on source ip)
> > >> >  - without encryption (content is already encrypted by source
> > >> application)
> > >> >
> > >> > I can't use GIF or GRE interfaces because I'm behind NAT with only
> > >> TCP/UDP
> > >> > capabilities.
> > >> >
> > >> > With linux it's possible with fou-gue interfaces, but I see that in
> > >> OpenBSD
> > >> > fou is not implemented.
> > >> >
> > >> > So, I installed socat with pkg_add and tried to do like this:
> > >> > http://www.dest-unreach.org/socat/doc/socat-tun.html
> > >> >
> > >> > Anyway, I see this:
> > >> > # socat UDP:1.2.3.4:11443 TUN:192.168.255.2/24,up
> > >> > 2023/11/11 14:11:27 socat[4504] E unknown device/address "TUN"
> > >> >
> > >> > Do you think it's possible to add TUN/TAP support in socat?
> > >>
> > >
>


Re: socat does not provide TUN/TAP support

2023-11-16 Thread Stuart Henderson
Ah, so it's an existing upstream feature that just isn't working on
OpenBSD yet. That wasn't clear from the earlier mails.

That could be something which is reasonable to patch in ports.
Though for your use case, I think you'll be happier with performance
of something in-kernel. If vxlan doesn't work for you then wg may well
be your best bet, as long as you don't have a specific reason to
avoid encryption.


On 2023/11/13 16:29, Luca Di Gregorio wrote:
> Socat upstream tells me that they don't have resource/time
> to add tun/tap support on OpenBSD.
> 
> No matter anyway.
> Thanks again
> 
> 
> Il giorno lun 13 nov 2023 alle ore 10:19 Luca Di Gregorio 
> ha scritto:
> 
> > I will do it.
> > Anyway, a few months ago I noticed a similar issue on vlc.
> > Prior 7.4, OpenBSD port didn't have the telnet interface available.
> > Some gentlemen here in ports@openbsd.org added it and now it's available
> > in 7.4.
> > That is why I submitted the question related to socat and TUN.
> > Thanks
> >
> > Il giorno dom 12 nov 2023 alle ore 11:54 Theo de Raadt <
> > dera...@openbsd.org> ha scritto:
> >
> >> you would need to talk to socat upstream, because in general the ports
> >> team do not add features
> >>
> >> Luca Di Gregorio  wrote:
> >>
> >> > I would like to set a point to point interface encapsulating packets via
> >> > UDP.
> >> >
> >> > It would be like a point to point wireguard but:
> >> >  - without authentication (I can set permissions in PF on source ip)
> >> >  - without encryption (content is already encrypted by source
> >> application)
> >> >
> >> > I can't use GIF or GRE interfaces because I'm behind NAT with only
> >> TCP/UDP
> >> > capabilities.
> >> >
> >> > With linux it's possible with fou-gue interfaces, but I see that in
> >> OpenBSD
> >> > fou is not implemented.
> >> >
> >> > So, I installed socat with pkg_add and tried to do like this:
> >> > http://www.dest-unreach.org/socat/doc/socat-tun.html
> >> >
> >> > Anyway, I see this:
> >> > # socat UDP:1.2.3.4:11443 TUN:192.168.255.2/24,up
> >> > 2023/11/11 14:11:27 socat[4504] E unknown device/address "TUN"
> >> >
> >> > Do you think it's possible to add TUN/TAP support in socat?
> >>
> >



Re: socat does not provide TUN/TAP support

2023-11-13 Thread Luca Di Gregorio
Socat upstream tells me that they don't have resource/time
to add tun/tap support on OpenBSD.

No matter anyway.
Thanks again


Il giorno lun 13 nov 2023 alle ore 10:19 Luca Di Gregorio 
ha scritto:

> I will do it.
> Anyway, a few months ago I noticed a similar issue on vlc.
> Prior 7.4, OpenBSD port didn't have the telnet interface available.
> Some gentlemen here in ports@openbsd.org added it and now it's available
> in 7.4.
> That is why I submitted the question related to socat and TUN.
> Thanks
>
> Il giorno dom 12 nov 2023 alle ore 11:54 Theo de Raadt <
> dera...@openbsd.org> ha scritto:
>
>> you would need to talk to socat upstream, because in general the ports
>> team do not add features
>>
>> Luca Di Gregorio  wrote:
>>
>> > I would like to set a point to point interface encapsulating packets via
>> > UDP.
>> >
>> > It would be like a point to point wireguard but:
>> >  - without authentication (I can set permissions in PF on source ip)
>> >  - without encryption (content is already encrypted by source
>> application)
>> >
>> > I can't use GIF or GRE interfaces because I'm behind NAT with only
>> TCP/UDP
>> > capabilities.
>> >
>> > With linux it's possible with fou-gue interfaces, but I see that in
>> OpenBSD
>> > fou is not implemented.
>> >
>> > So, I installed socat with pkg_add and tried to do like this:
>> > http://www.dest-unreach.org/socat/doc/socat-tun.html
>> >
>> > Anyway, I see this:
>> > # socat UDP:1.2.3.4:11443 TUN:192.168.255.2/24,up
>> > 2023/11/11 14:11:27 socat[4504] E unknown device/address "TUN"
>> >
>> > Do you think it's possible to add TUN/TAP support in socat?
>>
>


Re: socat does not provide TUN/TAP support

2023-11-13 Thread Luca Di Gregorio
Hi, with vlanx(4):
In both endpoints I can set p-t-p mode with a destination UDP port,
but I can't set what is the source UDP port to bind to.

With static IP address I tested and it works fine:
# ifconfig vxlan0 tunnel  :4789 vnetid 1

Anyway, if the REMOTE_IP is not static, I should destroy and recreate the
vlanx0 interface whenever the REMOTE_IP changes.
It would not be difficult with a watchdog script in cron.

But I think that, for my purposes, a wireguard configured in client/server
mode is better,
even with an unnecessary overhead due to encryption.

I haven't tested with private LOCAL_IP or REMOTE_IP natted to public IPs.

Thanks anyway, regards




Il giorno lun 13 nov 2023 alle ore 07:49 Stuart Henderson <
s...@spacehopper.org> ha scritto:

> On 2023/11/11 14:17, Luca Di Gregorio wrote:
> > I would like to set a point to point interface encapsulating packets via
> > UDP.
> >
> > It would be like a point to point wireguard but:
> >  - without authentication (I can set permissions in PF on source ip)
> >  - without encryption (content is already encrypted by source
> application)
>
> How about vxlan(4)?
>
>


Re: socat does not provide TUN/TAP support

2023-11-13 Thread Janne Johansson
> Linux UDP Client, start a ping but no replies received
> $ ping 192.168.74.1
>
> OpenBSD UDP Server, tcpdump -ni tun0 shows:
> 11:02:15.130291
>
> So, maybe socat doesn't know how to decode raw data received on tun0.

OpenBSD tun(4) devices always prepend the address family of the
received packet when reading them off /dev/tunX, perhaps this trips
socat up. Some OSes have ifconfig link flags or something to change
this behaviour, but I think obsd always adds it.

-- 
May the most significant bit of your life be positive.



Re: socat does not provide TUN/TAP support

2023-11-13 Thread Luca Di Gregorio
Test:

OpenBSD UDP Server:
# ifconfig tun0 create
# ifconfig tun0 inet 192.168.74.1/24
# socat -d -d UDP-LISTEN:11443,reuseaddr GOPEN:/dev/tun0
2023/11/13 10:30:58 socat[31554] N listening on UDP LEN=16 AF=2
0.0.0.0:11443
2023/11/13 10:33:27 socat[31554] N accepting UDP connection from LEN=16
AF=2 192.168.255.2:59152
2023/11/13 10:33:27 socat[31554] N opening character device "/dev/tun0" for
reading and writing

Linux UDP Client:
$ socat UDP:1.2.3.4:11443 TUN:192.168.74.2/24,up

OpenBSD UDP Server, this line appears:
2023/11/13 10:33:27 socat[31554] N starting data transfer loop with FDs
[5,5] and [6,6]

Linux UDP Client, start a ping but no replies received
$ ping 192.168.74.1

OpenBSD UDP Server, tcpdump -ni tun0 shows:
11:02:15.130291
11:02:16.130410
11:02:17.130223
11:02:18.130072
11:02:19.131211
11:02:20.130417
11:02:21.130218


So, maybe socat doesn't know how to decode raw data received on tun0.

Thanks anyway


Il giorno dom 12 nov 2023 alle ore 14:03 Sebastien Marie <
sema...@kapouay.eu.org> ha scritto:

> Luca Di Gregorio  writes:
>
> > So, I installed socat with pkg_add and tried to do like this:
> > http://www.dest-unreach.org/socat/doc/socat-tun.html
> >
> > Anyway, I see this:
> > # socat UDP:1.2.3.4:11443 TUN:192.168.255.2/24,up
> > 2023/11/11 14:11:27 socat[4504] E unknown device/address "TUN"
> >
>
> Have you try to manually configure tun(4) interface and simply use
> /dev/tun0 ?
>
> To keep your example:
>   # ifconfig tun0 create
>   # ifconfig tun0 inet 192.168.255.2/24
>   # socat UDP:1.2.3.4:11443 GOPEN:/dev/tun0
>
> Regards.
> --
> Sebastien Marie
>


Re: socat does not provide TUN/TAP support

2023-11-13 Thread Luca Di Gregorio
I was thinking about using a more "point-to-point-oriented" method than
vxlan.
Anyway, I'll do some tests with it and let you know.
Thanks

Il giorno lun 13 nov 2023 alle ore 07:49 Stuart Henderson <
s...@spacehopper.org> ha scritto:

> On 2023/11/11 14:17, Luca Di Gregorio wrote:
> > I would like to set a point to point interface encapsulating packets via
> > UDP.
> >
> > It would be like a point to point wireguard but:
> >  - without authentication (I can set permissions in PF on source ip)
> >  - without encryption (content is already encrypted by source
> application)
>
> How about vxlan(4)?
>
>


Re: socat does not provide TUN/TAP support

2023-11-13 Thread Luca Di Gregorio
I will do it.
Anyway, a few months ago I noticed a similar issue on vlc.
Prior 7.4, OpenBSD port didn't have the telnet interface available.
Some gentlemen here in ports@openbsd.org added it and now it's available in
7.4.
That is why I submitted the question related to socat and TUN.
Thanks

Il giorno dom 12 nov 2023 alle ore 11:54 Theo de Raadt 
ha scritto:

> you would need to talk to socat upstream, because in general the ports
> team do not add features
>
> Luca Di Gregorio  wrote:
>
> > I would like to set a point to point interface encapsulating packets via
> > UDP.
> >
> > It would be like a point to point wireguard but:
> >  - without authentication (I can set permissions in PF on source ip)
> >  - without encryption (content is already encrypted by source
> application)
> >
> > I can't use GIF or GRE interfaces because I'm behind NAT with only
> TCP/UDP
> > capabilities.
> >
> > With linux it's possible with fou-gue interfaces, but I see that in
> OpenBSD
> > fou is not implemented.
> >
> > So, I installed socat with pkg_add and tried to do like this:
> > http://www.dest-unreach.org/socat/doc/socat-tun.html
> >
> > Anyway, I see this:
> > # socat UDP:1.2.3.4:11443 TUN:192.168.255.2/24,up
> > 2023/11/11 14:11:27 socat[4504] E unknown device/address "TUN"
> >
> > Do you think it's possible to add TUN/TAP support in socat?
>


Re: socat does not provide TUN/TAP support

2023-11-12 Thread Stuart Henderson
On 2023/11/11 14:17, Luca Di Gregorio wrote:
> I would like to set a point to point interface encapsulating packets via
> UDP.
> 
> It would be like a point to point wireguard but:
>  - without authentication (I can set permissions in PF on source ip)
>  - without encryption (content is already encrypted by source application)

How about vxlan(4)?



Re: socat does not provide TUN/TAP support

2023-11-12 Thread Sebastien Marie
Luca Di Gregorio  writes:

> So, I installed socat with pkg_add and tried to do like this:
> http://www.dest-unreach.org/socat/doc/socat-tun.html
>
> Anyway, I see this:
> # socat UDP:1.2.3.4:11443 TUN:192.168.255.2/24,up
> 2023/11/11 14:11:27 socat[4504] E unknown device/address "TUN"
>

Have you try to manually configure tun(4) interface and simply use
/dev/tun0 ?

To keep your example:
  # ifconfig tun0 create
  # ifconfig tun0 inet 192.168.255.2/24
  # socat UDP:1.2.3.4:11443 GOPEN:/dev/tun0

Regards.
-- 
Sebastien Marie



Re: socat does not provide TUN/TAP support

2023-11-12 Thread Theo de Raadt
you would need to talk to socat upstream, because in general the ports
team do not add features

Luca Di Gregorio  wrote:

> I would like to set a point to point interface encapsulating packets via
> UDP.
> 
> It would be like a point to point wireguard but:
>  - without authentication (I can set permissions in PF on source ip)
>  - without encryption (content is already encrypted by source application)
> 
> I can't use GIF or GRE interfaces because I'm behind NAT with only TCP/UDP
> capabilities.
> 
> With linux it's possible with fou-gue interfaces, but I see that in OpenBSD
> fou is not implemented.
> 
> So, I installed socat with pkg_add and tried to do like this:
> http://www.dest-unreach.org/socat/doc/socat-tun.html
> 
> Anyway, I see this:
> # socat UDP:1.2.3.4:11443 TUN:192.168.255.2/24,up
> 2023/11/11 14:11:27 socat[4504] E unknown device/address "TUN"
> 
> Do you think it's possible to add TUN/TAP support in socat?