openvpn install on slackware
I've done quite a bit of searching and banging my head against the wall... Has anyone gotten open vpn setup on slackware 10.2? This is my system setup.. Slackware 10.2, kernel 2.6.15.7 running dhcpd for dhcp-server; iptables for router; asterisk for voip-pbx. I'm trying to set this up as a VPN as well so that I can access my networked windows machines at my home when I am traveling and group them with my office in another state.
I have followed the "how-to" at http://openvpn.net/howto.html using bridged-ethernet. When I try to start with bridge-start I get the following errors: root@homepbx:/usr/local/openvpn-2.0.7/sample-scripts# ./bridge-start Thu Sep 7 16:08:36 2006 Note: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19) Thu Sep 7 16:08:36 2006 Note: Attempting fallback to kernel 2.2 TUN/TAP interface Thu Sep 7 16:08:36 2006 Cannot open TUN/TAP dev /dev/tap0: No such device or address (errno=6) Thu Sep 7 16:08:36 2006 Exiting ./bridge-start: line 26: /usr/sbin/brctl: cannot execute binary file ./bridge-start: line 27: /usr/sbin/brctl: cannot execute binary file ./bridge-start: line 30: /usr/sbin/brctl: cannot execute binary file SIOCSIFADDR: No such device tap0: unknown interface: No such device tap0: unknown interface: No such device tap0: unknown interface: No such device SIOCSIFADDR: No such device br0: unknown interface: No such device SIOCSIFNETMASK: No such device SIOCSIFBRDADDR: No such device br0: unknown interface: No such device ### Here is the config file for "bridge-start": ### #!/bin/bash ################################# # Set up Ethernet bridge on Linux # Requires: bridge-utils ################################# # Define Bridge Interface br="br0" # Define list of TAP interfaces to be bridged, # for example tap="tap0 tap1 tap2". tap="tap0" # Define physical ethernet interface to be bridged # with TAP interface(s) above. eth="eth0" eth_ip="10.77.76.1" eth_netmask="255.255.255.0" eth_broadcast="10.77.76.255" for t in $tap; do openvpn --mktun --dev $t done brctl addbr $br brctl addif $br $eth for t in $tap; do brctl addif $br $t done for t in $tap; do ifconfig $t 0.0.0.0 promisc up done ifconfig $eth 0.0.0.0 promisc up ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast ##### I'm lost and really need this to work. What am I missing?? If anyone can be of some assistance I would greatly appreciate it. Kind Regards |
It seems you miss tun/tapi device in kernel. Try to load it as a module with
Code:
modprobe tun |
didn't find it:
root@homepbx:~# modprobe tun FATAL: Module tun not found. root@homepbx:~# modprobe tap FATAL: Module tap not found. root@homepbx:~# any idea where in the kernel that is at?? in networking I have the following options currently: <*> Packet socket [ ] Packet socket: mmapped IO <*> Unix domain sockets < > PF_KEY sockets[*] TCP/IP networking[*] IP: multicasting [ ] IP: advanced router [ ] IP: kernel level autoconfiguration < > IP: tunneling < > IP: GRE tunnels over IP [ ] IP: multicast routing [ ] IP: ARP daemon support (EXPERIMENTAL) [ ] IP: TCP syncookie support (disabled per default) < > IP: AH transformation < > IP: ESP transformation < > IP: IPComp transformation < > IP: tunnel transformation <*> INET: socket monitoring interface [ ] TCP: advanced congestion control IP: Virtual Server Configuration ---> < > The IPv6 protocol[*] Network packet filtering (replaces ipchains) ---> DCCP Configuration (EXPERIMENTAL) ---> SCTP Configuration (EXPERIMENTAL) ---> < > Asynchronous Transfer Mode (ATM) (EXPERIMENTAL) < > 802.1d Ethernet Bridging < > 802.1Q VLAN Support < > DECnet Support < > ANSI/IEEE 802.2 LLC type 2 Support < > The IPX protocol < > Appletalk protocol support < > CCITT X.25 Packet Layer (EXPERIMENTAL) < > LAPB Data Link Driver (EXPERIMENTAL) [ ] Frame Diverter (EXPERIMENTAL) < > Acorn Econet/AUN protocols (EXPERIMENTAL) < > WAN router QoS and/or fair queueing ---> Network testing ---> I am assuming that I need what I highlighted in red... should I do as a module or built-in.. also.. is there anything else I would need in the kernel to make this work? Kind Regards |
ok.. got the tun/tap kernel module installed.. thanks so much for the help it's gotten me furthur, but not quite there yet... so now I get this error:
Code:
root@homepbx:/usr/local/openvpn-2.0.7/sample-scripts# ./bridge-start Code:
#!/bin/bash |
Did you fixed it?
I am trying similar setup. And I used the default kennel setup and bridge-utils, and the openvpn server(linux) talks to the client(win xp), can assign their address, however the client can not routing all its traffic throughout vpn networks, even I already tried to use push redirect-gateway local def1 within the server.conf. and I add: route add default gw 192.168.3.1 in my vpn server, I am using 10.8.0.4 for the tap0; br0 is 192.168.3.1; eth0 was 192.168.3.1; any help is appreciated |
Quote:
BTW, brctl is in the tcpip package. |
ok finally figure out the problem; openvpn and bridge mode
Network Background: Internet go into a router; which has two NICs, one go out to internet which gets its ip address from ISP, the second is my own private network which has net address 192.168.3.0/255.255.255.0; very simple and straight froward setup; all my other computers shared on this sub-net with a hub/switch; On my openvpn server which has its NIC IP address assigned 192.168.3.205 by the router (DHCP server too). this server still run other services by this address. First; made change in bridge-start script; I want the openvpn's br0 run at different address; made change eth_ip to 192.168.3.254/255.255.255.0, so br0 will have this address. Second; made following change in my openvpn server.conf. (for example and demonstration only) local 192.168.3.254 1194 ----->vpn local address, your vpn client will look for it at this address which is public and put it in your client configuration file, proto tcp-server dev tap0 ifconfig 192.168.11.1 255.255.255.0 -----> vpn virtual address is of tap0 address. tls-server server-bridge 192.168.11.1 255.255.255.255.0 192.168.11.10 192.168.11.109 --------> vpn's virtual address range for vpn's client. push "dhcp-option DNS myisp's dns" push "redirect-gateway local def1" Manually put back my eth0 address on this openvpn server; because you loose eth0 address by running bridge-start; or you can modify this script so it wouldn't loose its address. such as add ifconfig eth0 old_ip at the end of this file ifconfig eth0 192.168.3.205; I can still ping back eth0 and br0 at different address, but they share this same MAC address. openvpn server: br0 has 192.168.3.254 eth0 has 192.168.3.205. after running openvpn server.conf tap0 has 192.168.11.1 /255.255.255.0; now, my client is running and can get its address from this vpn server, however it can't route its traffic out. So I have to add these following routing table in my vpn server. route add -net 192.168.11.0 netmask 255.255.255.0 gw 192.168.3.254 ----> br0 ip address route add default gw 192.168.3.1 -----> my router's ip address AND I have to add this routing table in my router: route add -net 192.168.11.0 netmask 255.255.255.0 gw 192.168.3.254 >>> br0 ip address my router already has default gateways. And everything works from here, I hope this can help someone for their vpn adventure. Next step, I will put the IP port forwarding in my router with iptables, so the vpn will run cross a firewall on my router. My conclusion; from this experiment, the assumption about bridge will automatically add route tables is wrong, bridge(osi layer 2) will not work with router(osi layer 4) without proper routing tables. AFAIC, I am using the 2.4 kernel, and bridge will not simplify routing. |
All times are GMT -5. The time now is 08:06 AM. |