| 1 |
pcg |
1.1 |
=head1 NAME |
| 2 |
|
|
|
| 3 |
|
|
gvpe.osdep - os dependent information |
| 4 |
|
|
|
| 5 |
|
|
=head1 DESCRIPTION |
| 6 |
|
|
|
| 7 |
|
|
This file tries to capture OS-dependent configuration or build issues, |
| 8 |
|
|
quirks and platform limitations, as known. |
| 9 |
|
|
|
| 10 |
pcg |
1.9 |
=head1 TUN vs. TAP interface |
| 11 |
pcg |
1.1 |
|
| 12 |
|
|
Most operating systems nowadays support something called a |
| 13 |
|
|
I<tunnel>-device, which makes it possible to divert IPv4 (and often other |
| 14 |
|
|
protocols, too) into a userspace daemon like C<gvpe>. This is being |
| 15 |
|
|
referred to as a TUN-device. |
| 16 |
|
|
|
| 17 |
|
|
This is fine for point-to-point tunnels, but for a virtual ethernet, an |
| 18 |
|
|
additional ethernet header is needed. This functionality (called a TAP |
| 19 |
|
|
device here) is only provided by a subset of the configurations. |
| 20 |
|
|
|
| 21 |
|
|
On platforms only supporting a TUN-device, gvpe will invoke it's magical |
| 22 |
|
|
ethernet emulation package, which currently only handles ARP requests for |
| 23 |
|
|
the IPv4 protocol (but more could be added, bu the tincd network drivers |
| 24 |
|
|
might need to be modified for this to work). This means that on those |
| 25 |
|
|
platforms, only IPv4 will be supported. |
| 26 |
|
|
|
| 27 |
|
|
Also, since there is no way (currently) to tell gvpe which IP subnets are |
| 28 |
|
|
found on a specific host, you will either need to hardwire the MAC address |
| 29 |
|
|
for TUN-style hosts on all networks (and avoid ARP altogether, which is |
| 30 |
|
|
possible), or you need to send a packet from these hosts into the vpn |
| 31 |
|
|
network to tell gvpe the local interface address. |
| 32 |
|
|
|
| 33 |
pcg |
1.9 |
=head1 Interface Initialisation |
| 34 |
pcg |
1.8 |
|
| 35 |
pcg |
1.9 |
Unless otherwise notes, the network interface will be initialized with the |
| 36 |
|
|
expected MAC address and correct MTU value. With most interface drivers, |
| 37 |
pcg |
1.8 |
this is done by running C</sbin/ifconfig>, so make sure that this command |
| 38 |
|
|
exists. |
| 39 |
|
|
|
| 40 |
pcg |
1.9 |
=head1 Interface Types |
| 41 |
|
|
|
| 42 |
pcg |
1.1 |
=head2 native/linux |
| 43 |
|
|
|
| 44 |
pcg |
1.3 |
TAP-device; already part of the kernel (only 2.4+ supported, but see |
| 45 |
pcg |
1.1 |
tincd/linux). This is the configuration tested best, as gvpe is being |
| 46 |
|
|
developed on this platform. |
| 47 |
|
|
|
| 48 |
pcg |
1.8 |
C<ifname> should be set to the name of the network device. |
| 49 |
pcg |
1.1 |
|
| 50 |
pcg |
1.4 |
To hardwire ARP addresses, use iproute2 (C<arp> can do it, too): |
| 51 |
pcg |
1.1 |
|
| 52 |
|
|
MAC=fe:fd:80:00:00:$(printf "%02x" $NODEID) |
| 53 |
|
|
ip neighbour add 10.11.12.13 lladdr $MAC nud permanent dev $IFNAME |
| 54 |
|
|
|
| 55 |
|
|
=head2 tincd/linux |
| 56 |
|
|
|
| 57 |
pcg |
1.8 |
TAP-device; already part of the kernel (2.2 only). See |
| 58 |
pcg |
1.3 |
C<native/linux> for more info. |
| 59 |
pcg |
1.1 |
|
| 60 |
pcg |
1.8 |
C<ifname> should be set to the path of a tap device, |
| 61 |
|
|
e.g. C</dev/tap0>. The interface will be named accordingly. |
| 62 |
|
|
|
| 63 |
pcg |
1.1 |
=head2 native/cygwin |
| 64 |
|
|
|
| 65 |
pcg |
1.3 |
TAP-device; The TAP device to be used must either be the CIPE driver |
| 66 |
|
|
(C<http://cipe-win32.sourceforge.net/>), or (highly recommended) the newer |
| 67 |
|
|
TAP-Win32 driver bundled with openvpn (http://openvpn.sf.net/). Just |
| 68 |
|
|
download and run the openvpn installer. The only option you need to select |
| 69 |
|
|
is the TAP driver. |
| 70 |
|
|
|
| 71 |
pcg |
1.8 |
C<ifname> should be set to the name of the device, found in the registry |
| 72 |
|
|
at (no kidding :): |
| 73 |
|
|
|
| 74 |
|
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\<adapterid>\Connection\Name |
| 75 |
|
|
|
| 76 |
|
|
The MAC address is dynamically being patched into packets and |
| 77 |
|
|
ARP-requests, so only IPv4 works with ARP on this platform. |
| 78 |
pcg |
1.1 |
|
| 79 |
|
|
=head2 tincd/freebsd |
| 80 |
|
|
|
| 81 |
pcg |
1.8 |
TAP-device; part of the kernel (since 4.x, maybe earlier). |
| 82 |
pcg |
1.1 |
|
| 83 |
pcg |
1.8 |
C<ifname> should be set to the path of a tap device, |
| 84 |
|
|
e.g. C</dev/tap0>. The interface will be named accordingly. |
| 85 |
pcg |
1.1 |
|
| 86 |
pcg |
1.7 |
These commands might be helpful examples: |
| 87 |
|
|
|
| 88 |
|
|
ifconfig $IFNAME 10.0.0.$NODEID |
| 89 |
|
|
route add -net 10.0.0.0 -netmask 255.255.255.0 -interface $IFNAME 10.0.0.$NODEID |
| 90 |
|
|
|
| 91 |
pcg |
1.1 |
=head2 tincd/netbsd |
| 92 |
|
|
|
| 93 |
pcg |
1.8 |
TUN-device; The interface is a point-to-point device. To initialize it, |
| 94 |
|
|
you currently need to configure it as a point-to-point device, giving it |
| 95 |
|
|
an address on your vpn (the exact address doesn't matter), like this: |
| 96 |
pcg |
1.1 |
|
| 97 |
|
|
ifconfig $IFNAME mtu $MTU up |
| 98 |
|
|
ifconfig $IFNAME 10.11.12.13 10.55.66.77 |
| 99 |
|
|
route add -net 10.0.0.0 10.55.66.77 255.0.0.0 |
| 100 |
|
|
ping -c1 10.55.66.77 # ping once to tell gvpe your gw ip |
| 101 |
|
|
|
| 102 |
pcg |
1.8 |
The ping is required to tell the ARP emulator inside GVPE the local IP |
| 103 |
|
|
address. |
| 104 |
|
|
|
| 105 |
|
|
C<ifname> should be set to the path of a tun device, |
| 106 |
|
|
e.g. C</dev/tun0>. The interface will be named accordingly. |
| 107 |
|
|
|
| 108 |
pcg |
1.1 |
=head2 tincd/openbsd |
| 109 |
|
|
|
| 110 |
pcg |
1.3 |
TUN-device; already part of the kernel. See C<tincd/netbsd> for more information. |
| 111 |
pcg |
1.1 |
|
| 112 |
pcg |
1.6 |
=head2 native/darwin |
| 113 |
pcg |
1.1 |
|
| 114 |
pcg |
1.6 |
TAP-device; |
| 115 |
pcg |
1.1 |
|
| 116 |
|
|
The necessary kernel extension can be found here: |
| 117 |
|
|
|
| 118 |
pcg |
1.6 |
http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ |
| 119 |
|
|
|
| 120 |
|
|
There are two drivers, the one to use is the "tap" driver. It driver must |
| 121 |
pcg |
1.7 |
be loaded before use, read the docs on how to install it as a startup |
| 122 |
|
|
item. |
| 123 |
|
|
|
| 124 |
pcg |
1.8 |
C<ifname> should be set to the path of a tap device, |
| 125 |
|
|
e.g. C</dev/tap0>. The interface will be named accordingly. |
| 126 |
pcg |
1.7 |
|
| 127 |
|
|
These commands might be helpful examples: |
| 128 |
|
|
|
| 129 |
|
|
ifconfig $IFNAME 10.0.0.$NODEID |
| 130 |
|
|
route add -net 10.0.0.0 -interface $IFNAME 255.255.255.0 |
| 131 |
pcg |
1.6 |
|
| 132 |
|
|
=head2 tincd/darwin |
| 133 |
pcg |
1.1 |
|
| 134 |
pcg |
1.6 |
TUN-device; See C<tincd/netbsd> for more information. C<native/darwin> is |
| 135 |
|
|
preferable. |
| 136 |
pcg |
1.3 |
|
| 137 |
pcg |
1.6 |
The necessary kernel extension can be found here: |
| 138 |
pcg |
1.3 |
|
| 139 |
pcg |
1.6 |
http://chrisp.de/en/projects/tunnel.html |
| 140 |
pcg |
1.5 |
|
| 141 |
pcg |
1.8 |
C<ifname> should be set to the path of a tun device, |
| 142 |
|
|
e.g. C</dev/tun0>. The interface will be named accordingly. |
| 143 |
|
|
|
| 144 |
pcg |
1.5 |
The driver must be loaded before use: |
| 145 |
|
|
|
| 146 |
|
|
kmodload tunnel |
| 147 |
pcg |
1.3 |
|
| 148 |
pcg |
1.1 |
=head2 tincd/solaris |
| 149 |
|
|
|
| 150 |
pcg |
1.7 |
TUN-device; already part of the kernel(?), or available here: |
| 151 |
pcg |
1.5 |
|
| 152 |
|
|
http://vtun.sourceforge.net/tun/ |
| 153 |
|
|
|
| 154 |
|
|
Some precompiled tun drivers might be available here: |
| 155 |
|
|
|
| 156 |
|
|
http://www.monkey.org/~dugsong/fragroute/ |
| 157 |
|
|
|
| 158 |
pcg |
1.8 |
The interface MAC and MTU are I<NOT> set up for you. Please try it out and |
| 159 |
|
|
send me an C<ifconfig> command invocation that does that. |
| 160 |
|
|
|
| 161 |
pcg |
1.5 |
See C<tincd/netbsd> for more information. |
| 162 |
|
|
|
| 163 |
|
|
Completely unstested so far. |
| 164 |
pcg |
1.1 |
|
| 165 |
|
|
=head2 tincd/mingw |
| 166 |
|
|
|
| 167 |
pcg |
1.5 |
TAP-device; see C<native/cygwin> for more information. |
| 168 |
|
|
|
| 169 |
pcg |
1.8 |
The setup is likely to be similar to C<native/cygwin>. |
| 170 |
|
|
|
| 171 |
pcg |
1.5 |
Completely untested so far. |
| 172 |
|
|
|
| 173 |
|
|
=head2 tincd/raw_socket |
| 174 |
|
|
|
| 175 |
|
|
TAP-device; purpose unknown and untested, probably binds itself on an |
| 176 |
pcg |
1.8 |
existing ethernet device (given by C<ifname>). It must be down prior to |
| 177 |
|
|
running the command, and GVPE will try to set it's MAC address and MTU to |
| 178 |
|
|
the "correct" values. |
| 179 |
|
|
|
| 180 |
|
|
Completely untested so far. |
| 181 |
pcg |
1.5 |
|
| 182 |
|
|
=head2 tincd/uml_socket |
| 183 |
|
|
|
| 184 |
|
|
TAP-device; purpose unknown and untested, probably creates a unix datagram |
| 185 |
|
|
socket (path given by C<ifname>) and reads and writes raw packets, so |
| 186 |
|
|
might be useful in other than UML contexts. |
| 187 |
pcg |
1.1 |
|
| 188 |
pcg |
1.8 |
No network interface is created, and the MAC and MTU must be set as |
| 189 |
|
|
approriate on the other side of the socket. GVPE will exit if the MAC |
| 190 |
|
|
address doesn't match what it expects. |
| 191 |
|
|
|
| 192 |
|
|
Completely untested so far. |
| 193 |
|
|
|
| 194 |
pcg |
1.1 |
=head2 tincd/cygwin |
| 195 |
|
|
|
| 196 |
pcg |
1.5 |
Known to be broken, use C<native/cygwin> instead. |
| 197 |
pcg |
1.1 |
|
| 198 |
|
|
=head1 SEE ALSO |
| 199 |
|
|
|
| 200 |
|
|
gvpe(5). |
| 201 |
|
|
|
| 202 |
|
|
=head1 AUTHOR |
| 203 |
|
|
|
| 204 |
|
|
Marc Lehmann <gvpe@plan9.de> |
| 205 |
|
|
|
