Menu
▾
▴
Re: [Openvpn-users] RE: Regarding "tap" device
|
From: Kaifu Wu <ka...@ka...> - 2004-05-26 15:35:36
|
Hi mark, thanks for the help, but it's not quite true what you said. yes i do realize the nature of 'tap' (ethernet is 'multi-access') and it is working properly. the fact that it's there for binding doesn't imply that the operating state is known (or consistent) dhcpd dies when tunnel closes (while remote connection terminates). according to the log message that the interface tap0 went down. the routes issues are actually separated from dhcpd. basically, openvpn cannot be forced to flush the routes upon session termination (the problem with SIODELRT). it'd be nice such possibility exists. regards, kaifu On Wed, May 26, 2004 at 03:23:43PM +0100, Mark Dootson wrote: > Kaifu, > > I'm new to OpenVPN also, but I think I can help you as I'm running dhcpd etc > with no problems. > > A 'tap' adapter is a virtual ethernet adapter. Once you think of it this > way, you realise that the tap adapter has to exist for the lifetime of > anything that is going to bind to it. > > Setting up the tap adapter should not be part of your individual Openvpn > tunnel setup, but should be part of your network init scripts. > > I have: > > modprobe tun > openvpn --mktun --dev tap0 > > As part of my network init in a separate script so this only happens once > per boot normally. > > Therefore, tap0 is always there for dhcpd to bind to. > This should also solve your up/down routing issues connected to individual > tunnels. > > With regard to the problem of routes being created before the dhcpd > handshake has taken place, see the man page at > http://openvpn.sourceforge.net/man.html and look for --route-delay where > this issue is discussed. > > Hope this helps. > > Mark > > > Spam detection software, running on the system "persephone.dootson.com", has > identified this incoming email as possible spam. The original message > has been attached to this so you can view it (if it isn't spam) or block > similar future email. If you have any questions, see > the administrator of that system for details. > > Content preview: Kaifu, I'm new to OpenVPN also, but I think I can help > you as I'm running dhcpd etc with no problems. A 'tap' adapter is a > virtual ethernet adapter. Once you think of it this way, you realise > that the tap adapter has to exist for the lifetime of anything that is > going to bind to it. [...] > > Content analysis details: (-2.3 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------------- > -1.4 BAYES_20 BODY: Bayesian spam probability is 20 to 30% > [score: 0.2232] > -0.9 AWL AWL: Auto-whitelist adjustment > > |
