| View previous topic :: View next topic |
| Author |
Message |
daemonflower
Apprentice
Joined: 17 Jul 2004
Posts: 290
|
 Posted: Mon Aug 28, 2006 4:12 pm Post subject: OpenVPN trouble (tap0 does not exist) [SOLVED] |
 |
|
Hey,
I don't know much about VPNs in the first place, and setting up an OpenVPN client is beating me.
I tried to follow the HOWTO at gentoo-wiki-com, but I'm stuck at the point where I actually have to start the bridged interface: | Code: | # /etc/init.d/net.br0 start
* Service net.br0 starting
network interface tap0 does not exist
Please verify hardware or kernel module (driver) [ !! ]
* ERROR: net.br0 failed to start |
Now I don't understand much about tunnels, taps or bridge devices, but I followed the tutorial as good as I could (setting up only a client and not the server too, as in the HOWTO). That is, I have Ethernet bridging (CONFIG_BRIDGE) and TUN/TAP support (CONFIG_TUN) compiled into the kernel, emerged openvpn, created the necessary certificates and got them signed by the server, then created the configuration (really just copied them from what the server side's admin gave me). As far as I understood it, I should be able to start the bridge interface then, as above.
Here is my /etc/openvpn/openvpn.conf: | Code: | persist-tun
dev tun0
verb 2
comp-lzo
client
tls-client
proto udp
persist-key
ca /etc/openvpn/ca.crt
key /etc/openvpn/triton.key
cert /etc/openvpn/triton.crt
key-method 2
ns-cert-type server
writepid /var/run/openvpn.pid
remote *************
route 10.0.0.0 255.0.0.0
route 192.168.0.0 255.255.0.0
route 172.16.0.0 255.240.0.0
route 212.91.251.180
route 212.91.251.181 |
Any help appreciated.
Thanks!
Last edited by daemonflower on Fri Sep 01, 2006 9:02 am; edited 1 time in total |
|
| Back to top |
|
 |
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Mon Aug 28, 2006 4:20 pm Post subject: |
|
|
| Device failure is tap0 but device in config is tun0. |
|
| Back to top |
|
|
daemonflower
Apprentice
Joined: 17 Jul 2004
Posts: 290
|
| Posted: Mon Aug 28, 2006 4:44 pm Post subject: |
|
|
That's true. It does not work any way.
In fact I noticed that before and tried to change tun0 in the config file to tap0. That gave me the exact same error.
I thought OpenVPN is supposed to create the device by itself...
Just a wild guess: Would it help to do a ln -s /etc/init.d/net.lo /etc/init.d/net.tun0?
And finally, here is my /etc/conf.d/net, adapted from the HOWTO: | Code: | config_eth0=( "dhcp" )
config_eth1=( "192.168.32.30 netmask 255.255.255.0 broadcast 192.168.32.255" )
# I had to comment out the following, because starting the service gave the error
# The module "openvpn" does not exist
#modules=( "openvpn" )
# config_tap0=( "0.0.0.0" )
bridge_br0=( "eth0 tap0" )
config_br0=( "192.168.0.254/24" )
brctl_br0=( "stp on" )
depend_br0() {
need net.eth0 openvpn
} |
|
|
| Back to top |
|
|
drescherjm
Advocate
Joined: 05 Jun 2004
Posts: 2790
Location: Pittsburgh, PA, USA
|
| Posted: Wed Aug 30, 2006 6:07 pm Post subject: |
|
|
Are you sure that the tun driver is loaded?
If not
And then place it in your /etc/modules.autoload.d/kernel-2.6 | Code: | | echo "tun" >> /etc/modules.autoload.d/kernel-2.6 |
_________________
John
My gentoo overlay
Instructons for overlay |
|
| Back to top |
|
|
daemonflower
Apprentice
Joined: 17 Jul 2004
Posts: 290
|
| Posted: Wed Aug 30, 2006 7:01 pm Post subject: |
|
|
Thank you for your reply. You've hit on something. As I discovered, the HOWTO I mentioned above forgot to note that I need this. I have in the meantime compiled it into the kernel and it did not change the error message.
I have changed the /etc/conf.d/net somewhat. It became clear that I had no idea about how VPNs, tunnels and taps work. I think the place to solve the problem is now /etc/conf.d/net. The example I took from gentoo-wiki.com is unusable, this is how far I got until now. If anybody could debug it, that would be nice.
| Code: | # commented out because /etc/init.d/net.br0 start gives the error:
# The module "openvpn" does not exist
#modules=( "openvpn" )
# taken from net.example
tuntap_tap0="tap"
# net.example says I need to set them to null for bridging
config_eth0=( "null" )
config_tap0=( "null")
bridge_br0=( "eth0 tap0" )
config_br0=( "dhcp" )
# routes_br0=( "default via 192.168.2.44" )
# do I need the following?
brctl_br0=( "stp on" )
depend_br0() {
need net.eth0 openvpn net.tap0
} |
With this configuration I get the following messages in the syslog on starting net.br0: | Code: | Aug 30 20:32:44 ganymede udevd-event[23876]: rename_netif: error changing netif name: Invalid argument
Aug 30 20:32:44 ganymede device tap0 entered promiscuous mode
Aug 30 20:32:44 ganymede br0: port 2(tap0) entering listening state
Aug 30 20:32:44 ganymede br0: port 1(eth0) entering listening state
Aug 30 20:32:54 ganymede tap0: no IPv6 routers present
Aug 30 20:32:54 ganymede br0: no IPv6 routers present
Aug 30 20:32:59 ganymede br0: port 2(tap0) entering learning state
Aug 30 20:32:59 ganymede br0: port 1(eth0) entering learning state
Aug 30 20:33:14 ganymede br0: topology change detected, propagating
Aug 30 20:33:14 ganymede br0: port 2(tap0) entering forwarding state
Aug 30 20:33:14 ganymede br0: topology change detected, propagating
Aug 30 20:33:14 ganymede br0: port 1(eth0) entering forwarding state
Aug 30 20:33:44 ganymede dhcpcd[24360]: timed out waiting for a valid DHCP server response
Aug 30 20:33:44 ganymede br0: port 2(tap0) entering disabled state
Aug 30 20:33:44 ganymede br0: port 1(eth0) entering disabled state
Aug 30 20:33:44 ganymede rc-scripts: ERROR: net.br0 failed to start |
Strangely, retrying it to reproduce the messages gives me yet another error: | Code: | Aug 30 20:51:43 ganymede skge eth0: enabling interface
Aug 30 20:51:45 ganymede skge eth0: Link is up at 100 Mbps, full duplex, flow control tx and rx
Aug 30 20:51:48 ganymede openvpn[28863]: OpenVPN 2.0.7 x86_64-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Aug 28 2006
Aug 30 20:51:48 ganymede openvpn[28863]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Aug 30 20:51:48 ganymede openvpn[28863]: WARNING: file '/etc/openvpn/triton.key' is group or others accessible
Aug 30 20:51:48 ganymede openvpn[28863]: LZO compression initialized
Aug 30 20:51:48 ganymede openvpn[28863]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Aug 30 20:51:48 ganymede openvpn[28863]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Aug 30 20:51:48 ganymede openvpn[28863]: Local Options hash (VER=V4): '41690919'
Aug 30 20:51:48 ganymede openvpn[28863]: Expected Remote Options hash (VER=V4): '530fdded'
Aug 30 20:51:48 ganymede openvpn[28865]: UDPv4 link local (bound): [undef]:1194
Aug 30 20:51:48 ganymede openvpn[28865]: UDPv4 link remote: 212.91.251.174:1194
Aug 30 20:51:48 ganymede openvpn[28865]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=DE/ST=Berlin/L=Berlin/O=taz_OpenVPN/OU=EDV/CN=openvpn.taz.de/emailAddress=openvpn@taz.de
Aug 30 20:51:48 ganymede openvpn[28865]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Aug 30 20:51:48 ganymede openvpn[28865]: TLS Error: TLS object -> incoming plaintext read error
Aug 30 20:51:48 ganymede openvpn[28865]: TLS Error: TLS handshake failed
Aug 30 20:51:48 ganymede openvpn[28865]: TCP/UDP: Closing socket
Aug 30 20:51:48 ganymede openvpn[28865]: SIGUSR1[soft,tls-error] received, process restarting
Aug 30 20:51:48 ganymede device tap0 left promiscuous mode
Aug 30 20:51:48 ganymede br0: port 2(tap0) entering disabled state
Aug 30 20:51:48 ganymede device tap0 entered promiscuous mode
Aug 30 20:51:48 ganymede br0: port 2(tap0) entering listening state
Aug 30 20:51:48 ganymede br0: port 1(eth0) entering listening state
Aug 30 20:51:49 ganymede br0: port 2(tap0) entering disabled state
Aug 30 20:51:49 ganymede br0: port 1(eth0) entering disabled state
Aug 30 20:51:49 ganymede br0: port 1(eth0) entering disabled state
Aug 30 20:51:49 ganymede device tap0 left promiscuous mode
Aug 30 20:51:49 ganymede br0: port 2(tap0) entering disabled state
Aug 30 20:51:49 ganymede rc-scripts: network interface br0 does not exist
Aug 30 20:51:49 ganymede rc-scripts: Please verify hardware or kernel module (driver)
Aug 30 20:51:49 ganymede rc-scripts: ERROR: net.br0 failed to start |
|
|
| Back to top |
|
|
daemonflower
Apprentice
Joined: 17 Jul 2004
Posts: 290
|
| Posted: Fri Sep 01, 2006 9:01 am Post subject: |
|
|
After a long time of experimenting and emailing with the server's admin I found a solution. Sorry that the way to it was too convoluted so I can't really reproduce what the solution really was. I'll just post my openvpn.conf and conf.d/net which work, in case it helps someone.
openvpn.conf: | Code: | persist-tun
dev tun0
verb 2
comp-lzo
client
tls-client
proto udp
persist-key
ca /etc/openvpn/ca.crt
key /etc/openvpn/triton.key
cert /etc/openvpn/triton.crt
key-method 2
ns-cert-type server
writepid /var/run/openvpn.pid
remote ******.***.**
route 10.0.0.0 255.0.0.0
route 192.168.0.0 255.255.0.0
route 172.16.0.0 255.240.0.0
route ***.**.***.***
route ***.**.***.*** |
/etc/conf.d/net: | Code: | config_eth0=( "dhcp" )
bridge_br0=( "eth0 tap0" )
config_br0=(
"dhcp"
)
brctl_br0=( "stp on" )
depend_br0() {
need net.eth0 openvpn
} |
|
|
| Back to top |
|
|
mhl_cz
n00b
Joined: 21 Aug 2005
Posts: 6
|
| Posted: Wed Mar 07, 2007 5:58 pm Post subject: |
|
|
Hi, I followed this HOWTO. I've enabled TUN/TAP in kernel, successfully loaded "tun" module, set up /etc/conf.d/net regarding to my current setup of net interfaces(see below) however I've got this error:
| Code: | /etc/init.d/net.br0 start
* Starting tap0
* Bringing up tap0
* 0.0.0.0
* tap0 does not exist
* ERROR: Problem starting needed services.
* "net.br0" was not started.
|
/etc/conf.d/net
| Code: | #eth0 - internet
#eth1 - private network
config_eth0=( "dhcp" )
depend_br0()
{
need net.tap0 net.eth1
}
tuntap_tap0="tap"
config_eth0=( "null" )
config_tap0=( "0.0.0.0 promisc" )
bridge_br0="eth1 tap0"
config_br0=( "192.168.2.1" )
|
dmesg seems all right
| Code: | dmesg | tail
eth1: RealTek RTL8139 at 0xe000, 4c:00:10:70:3d:34, IRQ 11
eth1: Identified 8139 chip type 'RTL-8100B/8139D'
IPv4 over IPv4 tunneling driver
Bridge firewalling registered
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
eth1: link up, 100Mbps, full-duplex, lpa 0x45E1
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
|
thanks, mhl_cz |
|
| Back to top |
|
|
magic919
Advocate
Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
|
| Posted: Wed Mar 07, 2007 6:49 pm Post subject: |
|
|
| People don't generally reply to posts marked as solved. You should start a thread. |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
