Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 15 Mar 2007 13:50:35 -0700
From:      Jeremy Chadwick <koitsu@FreeBSD.org>
To:        George Hartzell <hartzell@alerce.com>
Cc:        Willy@Offermans.Rompen.nl, freebsd-stable@FreeBSD.ORG, Vince <jhary@unsane.co.uk>, openvpn-users@lists.sourceforge.net
Subject:   Re: tap device at boot time
Message-ID:  <20070315205035.GA14074@icarus.home.lan>
In-Reply-To: <17913.29510.964120.616304@satchel.alerce.com>
References:  <20070314104732.GA5794@wiz> <45F7D727.2080301@unsane.co.uk> <20070315133346.GA5645@wiz> <17913.29510.964120.616304@satchel.alerce.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Mar 15, 2007 at 09:24:38AM -0700, George Hartzell wrote:
> Are you sure that you need to initialize the tap0 device like this?
> 
> I use tun's instead of tap's, but in my openvpn server config I have a
> line that says
> 
>   dev tun
> 
> and a bit further down I have a line that says
> 
>   server 10.8.0.0 255.255.255.0
> 
> and openvpn takes care of setting up the device itself.  Everything
> I've read suggests that it should work the same way for a tap device.

I can confirm this methodology (as we use it :) ).

There was also a caveat to doing it this way, at least in regards to
bridging.  I've documented it in our openvpn.conf file, because it took
me a while to figure out a way to get this to work properly.  So here it
is:

# This may appear silly, but it resolves a major problem: tap0 will
# be created and brought online (but not "ifconfig up"'d!) when openvpn
# starts.  Bringing the tap0 interface up manually allows us to talk
# directly to the machine on the other end of the bridge; otherwise,
# it never gets ARP for the other end.
#
# The reason the --up command has "|| true" at the end is because
# openvpn appends a bunch of arguments to the command (as it's
# intended to be used in a script).  This allows us to ignore those
# arguments.
#
# The interface isn't actually brought online until some traffic
# flows across it, thus we use --keepalive.
#
keepalive 2 10
up "ifconfig bridge0 addm tap0 && ifconfig tap0 up || true"
down "ifconfig bridge0 deletem tap0 && ifconfig tap0 down || true"


-- 
| Jeremy Chadwick                                    jdc at parodius.com |
| Parodius Networking                           http://www.parodius.com/ |
| UNIX Systems Administrator                      Mountain View, CA, USA |
| Making life hard for others since 1977.                  PGP: 4BD6C0CB |

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070315205035.GA14074>