| … | |
… | |
| 5 | =head1 DESCRIPTION |
5 | =head1 DESCRIPTION |
| 6 | |
6 | |
| 7 | This file tries to capture OS-dependent configuration or build issues, |
7 | This file tries to capture OS-dependent configuration or build issues, |
| 8 | quirks and platform limitations, as known. |
8 | quirks and platform limitations, as known. |
| 9 | |
9 | |
| 10 | =head2 TUN vs. TAP interface |
10 | =head1 TUN vs. TAP interface |
| 11 | |
11 | |
| 12 | Most operating systems nowadays support something called a |
12 | Most operating systems nowadays support something called a |
| 13 | I<tunnel>-device, which makes it possible to divert IPv4 (and often other |
13 | I<tunnel>-device, which makes it possible to divert IPv4 (and often other |
| 14 | protocols, too) into a userspace daemon like C<gvpe>. This is being |
14 | protocols, too) into a user space daemon like C<gvpe>. This is being |
| 15 | referred to as a TUN-device. |
15 | referred to as a TUN-device. |
| 16 | |
16 | |
| 17 | This is fine for point-to-point tunnels, but for a virtual ethernet, an |
17 | This is fine for point-to-point tunnels, but for a virtual ethernet, an |
| 18 | additional ethernet header is needed. This functionality (called a TAP |
18 | additional ethernet header is needed. This functionality (called a TAP |
| 19 | device here) is only provided by a subset of the configurations. |
19 | device here) is only provided by a subset of the configurations. |
| … | |
… | |
| 28 | found on a specific host, you will either need to hardwire the MAC address |
28 | found on a specific host, you will either need to hardwire the MAC address |
| 29 | for TUN-style hosts on all networks (and avoid ARP altogether, which is |
29 | for TUN-style hosts on all networks (and avoid ARP altogether, which is |
| 30 | possible), or you need to send a packet from these hosts into the vpn |
30 | possible), or you need to send a packet from these hosts into the vpn |
| 31 | network to tell gvpe the local interface address. |
31 | network to tell gvpe the local interface address. |
| 32 | |
32 | |
|
|
33 | =head1 Interface Initialisation |
|
|
34 | |
|
|
35 | Unless otherwise notes, the network interface will be initialized with the |
|
|
36 | expected MAC address and correct MTU value. With most interface drivers, |
|
|
37 | this is done by running C</sbin/ifconfig>, so make sure that this command |
|
|
38 | exists. |
|
|
39 | |
|
|
40 | =head1 Interface Types |
|
|
41 | |
| 33 | =head2 native/linux |
42 | =head2 native/linux |
| 34 | |
43 | |
| 35 | TAP-device; already part of the kernel (only 2.4+ supported, but see |
44 | TAP-device; already part of the kernel (only 2.4+ supported, but see |
| 36 | tincd/linux). This is the configuration tested best, as gvpe is being |
45 | tincd/linux). This is the configuration tested best, as gvpe is being |
| 37 | developed on this platform. |
46 | developed on this platform. |
| 38 | |
47 | |
| 39 | To configure the interface, use either iproute2: |
48 | C<ifname> should be set to the name of the network device. |
| 40 | |
|
|
| 41 | ip set $IFNAME address $MAC mtu $MTU up |
|
|
| 42 | ip addr add $IFNAME 10.11.12.13 |
|
|
| 43 | ip route add $IFNAME 10.11.12.13/8 |
|
|
| 44 | |
|
|
| 45 | Or C<ifconfig>: |
|
|
| 46 | |
|
|
| 47 | ifconfig $IFNAME hw ether $MAC mtu $MTU |
|
|
| 48 | ifconfig $IFNAME 10.11.12.13 netmask 255.0.0.0 |
|
|
| 49 | |
49 | |
| 50 | To hardwire ARP addresses, use iproute2 (C<arp> can do it, too): |
50 | To hardwire ARP addresses, use iproute2 (C<arp> can do it, too): |
| 51 | |
51 | |
| 52 | MAC=fe:fd:80:00:00:$(printf "%02x" $NODEID) |
52 | MAC=fe:fd:80:00:00:$(printf "%02x" $NODEID) |
| 53 | ip neighbour add 10.11.12.13 lladdr $MAC nud permanent dev $IFNAME |
53 | ip neighbour add 10.11.12.13 lladdr $MAC nud permanent dev $IFNAME |
| 54 | |
54 | |
| 55 | =head2 tincd/linux |
55 | =head2 tincd/linux |
| 56 | |
56 | |
| 57 | TAP-device; already part of the kernel (2.2+ supported). See |
57 | TAP-device; already part of the kernel (2.2 only). See |
| 58 | C<native/linux> for more info. |
58 | C<native/linux> for more info. |
|
|
59 | |
|
|
60 | C<ifname> should be set to the path of a tap device, |
|
|
61 | e.g. C</dev/tap0>. The interface will be named accordingly. |
| 59 | |
62 | |
| 60 | =head2 native/cygwin |
63 | =head2 native/cygwin |
| 61 | |
64 | |
| 62 | TAP-device; The TAP device to be used must either be the CIPE driver |
65 | TAP-device; The TAP device to be used must either be the CIPE driver |
| 63 | (C<http://cipe-win32.sourceforge.net/>), or (highly recommended) the newer |
66 | (C<http://cipe-win32.sourceforge.net/>), or (highly recommended) the newer |
| 64 | TAP-Win32 driver bundled with openvpn (http://openvpn.sf.net/). Just |
67 | TAP-Win32 driver bundled with openvpn (http://openvpn.sf.net/). Just |
| 65 | download and run the openvpn installer. The only option you need to select |
68 | download and run the openvpn installer. The only option you need to select |
| 66 | is the TAP driver. |
69 | is the TAP driver. |
| 67 | |
70 | |
| 68 | The MAC need not be set (and in fact I<cannot> be set). The MAC address |
71 | C<ifname> should be set to the name of the device, found in the registry |
| 69 | is dynamically being patched into packets and ARP-requests, so only IPv4 |
72 | at (no kidding :): |
| 70 | works with ARP on this platform. |
73 | |
|
|
74 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\<adapterid>\Connection\Name |
|
|
75 | |
|
|
76 | The MAC address is dynamically being patched into packets and |
|
|
77 | ARP-requests, so only IPv4 works with ARP on this platform. |
|
|
78 | |
|
|
79 | =head2 tincd/bsd |
|
|
80 | |
|
|
81 | TAP-device, maybe; might work for many bsd variants. |
|
|
82 | |
|
|
83 | This driver is a newer version of the C<tincd/*bsd> drivers. It I<might> |
|
|
84 | provide a TAP device, or might not work at all. You might try this |
|
|
85 | interface type first, and, if it doesn't work, try one of the OS-specific |
|
|
86 | drivers. |
| 71 | |
87 | |
| 72 | =head2 tincd/freebsd |
88 | =head2 tincd/freebsd |
| 73 | |
89 | |
| 74 | TAP-device; part of the kernel (since 4.x, maybe earlier). To initialize |
90 | TAP-device; part of the kernel (since 4.x, maybe earlier). |
| 75 | the interface, use this command: |
|
|
| 76 | |
91 | |
| 77 | ifconfig $IFNAME ether $MAC mtu $MTU up |
92 | C<ifname> should be set to the path of a tap device, |
|
|
93 | e.g. C</dev/tap0>. The interface will be named accordingly. |
|
|
94 | |
|
|
95 | These commands might be helpful examples: |
|
|
96 | |
|
|
97 | ifconfig $IFNAME 10.0.0.$NODEID |
|
|
98 | route add -net 10.0.0.0 -netmask 255.255.255.0 -interface $IFNAME 10.0.0.$NODEID |
| 78 | |
99 | |
| 79 | =head2 tincd/netbsd |
100 | =head2 tincd/netbsd |
| 80 | |
101 | |
| 81 | TUN-device; The interface is a point to point-device. To initialize it, |
102 | TUN-device; The interface is a point-to-point device. To initialize it, |
| 82 | you currently need to configure it as such, giving it an address on your |
103 | you currently need to configure it as a point-to-point device, giving it |
| 83 | vpn (the exact address doesn't matter), like this: |
104 | an address on your vpn (the exact address doesn't matter), like this: |
| 84 | |
105 | |
| 85 | ifconfig $IFNAME mtu $MTU up |
106 | ifconfig $IFNAME mtu $MTU up |
| 86 | ifconfig $IFNAME 10.11.12.13 10.55.66.77 |
107 | ifconfig $IFNAME 10.11.12.13 10.55.66.77 |
| 87 | route add -net 10.0.0.0 10.55.66.77 255.0.0.0 |
108 | route add -net 10.0.0.0 10.55.66.77 255.0.0.0 |
| 88 | ping -c1 10.55.66.77 # ping once to tell gvpe your gw ip |
109 | ping -c1 10.55.66.77 # ping once to tell gvpe your gw ip |
| 89 | |
110 | |
|
|
111 | The ping is required to tell the ARP emulator inside GVPE the local IP |
|
|
112 | address. |
|
|
113 | |
|
|
114 | C<ifname> should be set to the path of a tun device, |
|
|
115 | e.g. C</dev/tun0>. The interface will be named accordingly. |
|
|
116 | |
| 90 | =head2 tincd/openbsd |
117 | =head2 tincd/openbsd |
| 91 | |
118 | |
| 92 | TUN-device; already part of the kernel. See C<tincd/netbsd> for more information. |
119 | TUN-device; already part of the kernel. See C<tincd/netbsd> for more information. |
| 93 | |
120 | |
| 94 | =head2 native/darwin |
121 | =head2 native/darwin |
| … | |
… | |
| 98 | The necessary kernel extension can be found here: |
125 | The necessary kernel extension can be found here: |
| 99 | |
126 | |
| 100 | http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ |
127 | http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ |
| 101 | |
128 | |
| 102 | There are two drivers, the one to use is the "tap" driver. It driver must |
129 | There are two drivers, the one to use is the "tap" driver. It driver must |
| 103 | be loaded before use, using C<kmodload>. |
130 | be loaded before use, read the docs on how to install it as a startup |
|
|
131 | item. |
|
|
132 | |
|
|
133 | C<ifname> should be set to the path of a tap device, |
|
|
134 | e.g. C</dev/tap0>. The interface will be named accordingly. |
|
|
135 | |
|
|
136 | These commands might be helpful examples: |
|
|
137 | |
|
|
138 | ifconfig $IFNAME 10.0.0.$NODEID |
|
|
139 | route add -net 10.0.0.0 -interface $IFNAME 255.255.255.0 |
| 104 | |
140 | |
| 105 | =head2 tincd/darwin |
141 | =head2 tincd/darwin |
| 106 | |
142 | |
| 107 | TUN-device; See C<tincd/netbsd> for more information. C<native/darwin> is |
143 | TUN-device; See C<tincd/netbsd> for more information. C<native/darwin> is |
| 108 | preferable. |
144 | preferable. |
| 109 | |
145 | |
| 110 | The necessary kernel extension can be found here: |
146 | The necessary kernel extension can be found here: |
| 111 | |
147 | |
| 112 | http://chrisp.de/en/projects/tunnel.html |
148 | http://chrisp.de/en/projects/tunnel.html |
| 113 | |
149 | |
|
|
150 | C<ifname> should be set to the path of a tun device, |
|
|
151 | e.g. C</dev/tun0>. The interface will be named accordingly. |
|
|
152 | |
| 114 | The driver must be loaded before use: |
153 | The driver must be loaded before use: |
| 115 | |
154 | |
| 116 | kmodload tunnel |
155 | kmodload tunnel |
| 117 | |
156 | |
| 118 | =head2 tincd/solaris |
157 | =head2 tincd/solaris |
| 119 | |
158 | |
| 120 | TUN-device; already part of the kernel, or available here: |
159 | TUN-device; already part of the kernel(?), or available here: |
| 121 | |
160 | |
| 122 | http://vtun.sourceforge.net/tun/ |
161 | http://vtun.sourceforge.net/tun/ |
| 123 | |
162 | |
| 124 | Some precompiled tun drivers might be available here: |
163 | Some precompiled tun drivers might be available here: |
| 125 | |
164 | |
| 126 | http://www.monkey.org/~dugsong/fragroute/ |
165 | http://www.monkey.org/~dugsong/fragroute/ |
| 127 | |
166 | |
|
|
167 | The interface MAC and MTU are I<NOT> set up for you. Please try it out and |
|
|
168 | send me an C<ifconfig> command invocation that does that. |
|
|
169 | |
| 128 | See C<tincd/netbsd> for more information. |
170 | See C<tincd/netbsd> for more information. |
| 129 | |
171 | |
| 130 | Completely unstested so far. |
172 | Completely untested so far. |
| 131 | |
173 | |
| 132 | =head2 tincd/mingw |
174 | =head2 tincd/mingw |
| 133 | |
175 | |
| 134 | TAP-device; see C<native/cygwin> for more information. |
176 | TAP-device; see C<native/cygwin> for more information. |
| 135 | |
177 | |
|
|
178 | The setup is likely to be similar to C<native/cygwin>. |
|
|
179 | |
| 136 | Completely untested so far. |
180 | Completely untested so far. |
| 137 | |
181 | |
| 138 | =head2 tincd/raw_socket |
182 | =head2 tincd/raw_socket |
| 139 | |
183 | |
| 140 | TAP-device; purpose unknown and untested, probably binds itself on an |
184 | TAP-device; purpose unknown and untested, probably binds itself on an |
| 141 | existing ethernet device (given by C<ifname>), which should probably not |
185 | existing ethernet device (given by C<ifname>). It must be down prior to |
| 142 | be configured in any way, except for setting it I<up>. |
186 | running the command, and GVPE will try to set it's MAC address and MTU to |
|
|
187 | the "correct" values. |
|
|
188 | |
|
|
189 | Completely untested so far. |
| 143 | |
190 | |
| 144 | =head2 tincd/uml_socket |
191 | =head2 tincd/uml_socket |
| 145 | |
192 | |
| 146 | TAP-device; purpose unknown and untested, probably creates a unix datagram |
193 | TAP-device; purpose unknown and untested, probably creates a UNIX datagram |
| 147 | socket (path given by C<ifname>) and reads and writes raw packets, so |
194 | socket (path given by C<ifname>) and reads and writes raw packets, so |
| 148 | might be useful in other than UML contexts. |
195 | might be useful in other than UML contexts. |
| 149 | |
196 | |
|
|
197 | No network interface is created, and the MAC and MTU must be set as |
|
|
198 | appropriate on the other side of the socket. GVPE will exit if the MAC |
|
|
199 | address doesn't match what it expects. |
|
|
200 | |
|
|
201 | Completely untested so far. |
|
|
202 | |
| 150 | =head2 tincd/cygwin |
203 | =head2 tincd/cygwin |
| 151 | |
204 | |
| 152 | Known to be broken, use C<native/cygwin> instead. |
205 | Known to be broken, use C<native/cygwin> instead. |
| 153 | |
206 | |
| 154 | =head1 SEE ALSO |
207 | =head1 SEE ALSO |
| 155 | |
208 | |
| 156 | gvpe(5). |
209 | gvpe(5). |
| 157 | |
210 | |
| 158 | =head1 AUTHOR |
211 | =head1 AUTHOR |
| 159 | |
212 | |
| 160 | Marc Lehmann <gvpe@plan9.de> |
213 | Marc Lehmann <gvpe@schmorp.de> |
| 161 | |
214 | |
