OpenVPN tun0 missing
Hello,
I am following this tutorial to set up a VPN in Debian: https://www.hugeserver.com/kb/how-to...ubuntu-debian/ when I have the keys and the "server.conf" already configured, I issue "ifconfig", and find out that I have not the necessary "tun0" interface. ¿Why is that so? Besides, I expected to need 2 physical interfaces: one for the incoming traffic and the second to give VPN access to internal resources. I don't understand why "tun0" solves this issue and how.... Many thanks in advance! |
Quote:
https://www.linuxquestions.org/quest...ca-4175635834/ https://www.linuxquestions.org/quest...ca-4175636000/ https://www.linuxquestions.org/quest...sa-4175635749/ Quote:
|
Quote:
I didn't know there was a limit on the number of threads. And maybe you understand the tutorials better since you have more than 20K posts. I guess that also means that you have far more experience in Linux than me. Forgive my lack of intelligence. If you don't want to answer me, or think I'm dumb, no one forces you to reply. All of your replies have a scent of superiority. Maybe you should read a tutorial on humility. Thanks for showing me the path, Master. |
Quote:
Quote:
..then you follow it up with: https://www.linuxquestions.org/quest...ca-4175635834/ https://www.linuxquestions.org/quest...ca-4175636000/ ...where you **USE SSL**, despite being told they were different, and ignoring the instructions/tutorials that plainly told you how to use easy-rsa. And here you post a link that says specifically that the TUN device is created when openvpn is started....and ask us where the TUN device is? Sorry, these are all pretty self-explanatory...the how-to link you posted in this thread (if it's actually FOLLOWED), will get you an openVPN server up and running. You just need to follow the steps, and when you're told this, you come back with "scent of superiority" comments??? Either follow the instructions or don't. Your choice. |
Quote:
|
Quote:
|
Quote:
Tun0 will be up after (as root): Code:
systemctl start openvpn To autostart the service at boot: Code:
systemctl enable openvpn |
Quote:
|
Quote:
Quote:
Quote:
And again. Sorry if I have opened many threads with slightly differences. I don't like to follow the tutorials or advices blindly without knowing what I'm doing. That's why I try to ask whenever I get stuck. I like to understand exactly what I'm doing. Otherwise I won't learn anything. Thank you both. |
Quote:
Then you better explain the details of your network topology as it's not an ordinary VPN installation. Starting from what kind of VM are you using, what type of the network setup are you using for your VM, etc. What's the output of: Quote:
Quote:
Quote:
Answering your question, networking supposes different levels of abstraction. If you're not familiar with the OSI model, then read about it. What a tun0 interface (and the whole VPN) REALLY is, it's a security measure and nothing more than that. Physically the packets flow throught the same wires. If we don't take isolated local networks into account, 'local network' is a logical term. If any of your local PCs is connected to the Internet, your local network actually IS a part of the Internet. The packets flow in, the packets flow out. It's just your router that decides which packet is let in/out, which one is not. There's nothing really that prevents you from letting everyone in and everyone out. So every PC having the right gateway and network settings will be able to use your local network. It would be a disaster from a security point of view, but physically its doable. So even without VPN it's the network administrator who has to decide how will the local traffic be separated from the Internet traffic. You have to decide it prior to any of your VPN activities. Yes, I know, with all those tiny user-friendly routers the things are much easier for the end-user nowadays. But we're talking about network administration here, right? Having done with that, you will have 2 differentiated traffics: the local one and the 'foreign' one from/to the Internet. Generally local traffic is for the machines within a restricted area that are physically connected to each other (no matter wired or wireless), whereas the Internet is the connections to/from the distanced machines outside the restricted area mentioned above. Now you want to let some of the distanced machines to be connected to your local network, while still keeping all the rest out. That's where the VPN steps in. It gives you a framework to identify the dinstanced machine and let in only the predefined ones. So that the traffic from those predefined machines is considered local even thought it's flowing thought the wires intended for the foreign one. So now we have both local and foreign traffic flowing though the same wires over the same interface. Still your router needs to differentiate one from the other and apply different firewall rules for each of them. Having assigned all the local one for that interface to a new virtual interface we are able to do it. Hope that explains a bit. |
Quote:
Quote:
In the past I built an environment with a first layer of VMs running 2 ESX servers with 6 NICs each. Then, on them, I installed a second layer of guest VMs whose hosts where also VMs. What I'm trying to say is that I think that scenario was more complex that what I'm trying to do now. Regarding that I lack the basic knowledge, honestly I think I have some knowledge about networking. I may not know some advanced features, but I think I'm not as newbie as you think.... Anyway, thanks for the explanation and for your help. I will post what you ask as soon as I get home. Maybe I will attach a Visio of what I'm trying to do. Regards! :) |
Quote:
Quote:
Quote:
Quote:
Quote:
If you have ANY other system on your network (Windows, Mac, whatever..), you can load a VPN client on it, and test the connection. Doesn't have to be Linux. |
Quote:
|
Quote:
"service openvpn status" Code:
penvpn.service - OpenVPN service Code:
root@debian9:/etc/openvpn# tail /var/log/myvpn/openvpn.log Now tun0 appears (but I still don't get its purpose, as I kindly ask you in the first lines of this post). No sarcasm. Seriously ;) Quote:
Quote:
I know the rest has to do with routing and firewalling. I'll get to that later. That's why I have made it so complex. I want to cover as many concepts as possible in one machine. It's like a full project. This way I also train in multiple things. PS: I have checked this howto https://community.openvpn.net/openvp...gingAndRouting, and under "Using routing" ther is a basic drawing of what I want to do. The thing is that I thought OpenVPN would give eth1 clients directly a IP of the range 192.168.0.1/24 via eth0, but I see tun0 is needed between to set iptables config. ¿Is that so? Thank you both for your support and sorry for the manners. Let's start over again :) |
All times are GMT -5. The time now is 03:47 PM. |