AWG Blogs

Wednesday, June 17, 2009

vtun Experimentation

So I get fresh stable (ubuntu LTS 8.04) Ubuntu, get all updates.
then apt-get install bridge-utils (per http://blog.kovyrin.net/2006/04/05/connecting-two-remote-local-networks-with-transparent-bridging/)
then:
apt-get install uml-utilities
tunctl -u root -t tap0
ifconfig tap0 0.0.0.0 promisc up

then apt-get install vtun

on both client and server:
modprobe tun

then put at end of /etc/network/interfaces (note: create bridge dynamically through vtun program commands instead?):
auto br0
iface br0 inet static
address 192.168.1.200 (199 for server)
netmask 255.255.255.0
bridge_ports eth0

then ifup br0

on client /etc/vtund.conf

options {
port 5000;
timeout 60;

# Path to various programs
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/iptables;
}

IP-Tunnel {
passwd abcd1234; # Password
type ether; # Ethernet tunnel
device tun0;
up {
# Connection is Up
ifconfig "%% up";
program "brctl addif br0 %%";
};
down {
# Connection is Down
ifconfig "%% down";
};
}




On server /etc/vtund.conf:
options {
# type stand;
# stand(default), inet (used only at server)
port 5000;
# Server will listen on this port for incoming requests.
syslog daemon;
# Syslog facility

# Path to various programs
ppp /usr/sbin/pppd; #Path to the pppd. Use "which pppd" to find this.
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/iptables;
ip /sbin/ip;
}
# Default session options
default {
type ether;
#tun, ether, tty(default), pipe (Used only at Server)
proto udp;
#udp, tcp(default) (Used only at server)
# device tun0;
compress no;
# no, yes, zlib:(1-9), lzo:(1-9); e.g. zlib:1 (default) (Used only at server)
encrypt no;
#yes, no (used only at server)
stat yes;
#yes, no: check /var/log/vtund/SessionName_X
speed 0;
#By default maximum speed, NO shaping (Used only at server)
keepalive yes;
#Used to keep alive the connection. (Used only at server)
}
# TUN example. Session 'cobra'.
IP-Tunnel {
passwd abcd1234; # Password
type ether; # IP tunnel
proto udp; # UDP protocol
device tap0;
compress no; # lzo:9; # LZO compression level 9
encrypt no; # Encryption
keepalive yes; # Keep connection alive
stat yes; #yes, no

up {
# Connection is Up
# 10.3.0.1 - local, 10.3.0.2 - remote
# ifconfig "%% 192.168.254.201 pointopoint 192.168.254.200 mtu 1450";
# route "add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.254.200";
ifconfig "%% up";
program "brctl addif br0 %%";
};
down {
# Connection is down
# 10.3.0.1 - local, 10.3.0.2 - remote
ifconfig "%% down";
# route "del -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.254.200";
};

}

then on server, vtund -s (change port to 5000?)

then on client: vtund IP-Tunnel 172.16.2.16 (real of IP of server).

other references:
recompile kernel http://www.howtogeek.com/howto/ubuntu/how-to-customize-your-ubuntu-kernel/

check Universal Tun/tap device driver support under Device Drivers > Network device support

try tunctl to create tap, e.g. http://www.mail-archive.com/vtun-users@lists.sourceforge.net/msg00001.html

try steps here: http://adamolson.com/articles/UnixReview.com%20%20Secure%20Tunneling%20between%20Intranets%20with%20VTun%202000.htm
or here: http://www.opennet.ru/soft/vpn_table/vtund1.html

read http://vtun.sourceforge.net/setup.html

tips for manual setup: http://www.blindhog.net/linux-bridging-for-gns3-lan-communications/

and http://www.linux.com/archive/articles/54894 vtun tutorial

bridging in Linux: http://www.linuxfoundation.org/en/Net:Bridge

http://dkprojects.wordpress.com/transparent-ethernet-bridge/ - transparent bridge (hub)

2 comments:

  1. I'm disappointed you have to MAKEDEV the tun device when you install the package. It should ship with a proper package or automated routine to condition the machine for use -- eg, create the tun device if necessary. I hate it when users "just need to know" to do something.

    The actual task of connecting two networks is easier than it sounds from reading all those old references. bridge the nic and tap0 on both sides, bridge the two taps in the middle, and that's it.

    If you were on a different linux, I could help you much more.

    ReplyDelete
  2. hello mate!
    I'm experimenting with vtund to connect two network transparently and I have the following problems that you've might encountered.
    1) I have to assign an IP addr using eg. "ip addr add 10.0.0.1" on the client-side of vtund in order for the packet to arrive correctly
    2) Although the packets arrive from the server-side to the client-side correctly the responses do not arrive to the server-side br0 interface. :/

    Have you encountered a similar problem and if so how did you solved it ?
    Thanks!

    ReplyDelete