2012-10-11 13:13, Gabriele Bulfon wrote:
Hi,
installing Kazuyoshi tun0 on illumos based distros looks to load fine
(meant for openvpn).
Can't say at the moment if it works once openvpn is started on it (I
will test it later).
Well, I have it working on an SXCE server (in global zone) with
no hiccups, now that the faster 1.3.0 version of tun/tap driver
got out ;)
I did not yet try it on an illumos-based OS though, but I don't
expect any problems.
My real doubt is how I can give the tun0 to a zone, where I want openvpn
to run.
I doubt dladm can see and use tun0 to create vnic.
Well, you can delegate a networking device to a zone "as is"...
Possible problem is that OpenVPN AFAIK does its "plumb"/"unplumb"
of the tunnel interface, which might fail in a zone (or work
only once - to unplumb).
I don't think you can use the tun/tap interfaces with dladm
and vnics, and note that the subnet processing (the /30 nets
for point-to-point links per VPN connection) is done by the
OpenVPN software in charge of the interface. As far as the
OS is concerned, the assigned larger nets (i.e. /24) that
are dedicated to the VPN have a route through the tunnel
interface and a service IP address on it. The rest is the
tunnel's problem - it brings up IP addresses per connection
(invisible to the OS) and forwards the packets encrypted
by OpenVPN (calls to OpenSSL).
It would be interesting to know if your experiment succeeds
though ;)
HTH,
//Jim
-------------------------------------------
illumos-discuss
Archives: https://www.listbox.com/member/archive/182180/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be
Modify Your Subscription:
https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4
Powered by Listbox: http://www.listbox.com
