Re: [Openvpn-users] Cannot allocate TUN/TAP dev dynamically

[Tim W. <ti...@th...>]

Hi Mike

The client machine is running an old linux kernel, 2.4.22, I don't see=20
anything tun or tap related after an 'lsmod'
I don't seem to have any tun.o module, but there is an ethertap.o module th=
at=20
I loaded this morning. I also created the tun character device as described=
=20
in your post.=20

It has made no difference, I continue to get the same error. I looked at th=
e=20
kernel's 'make xconfig' and don't see where I enable the tun module.=20

I tried commenting out /dev/tun and uncommenting /dev/tap in both the=20
client.conf and server.conf files to see if loading ethertap.o and trying t=
o=20
use tap would make it better. Still no change in results...

I'm starting to think I'm going to need to update this RHL7 box to somethin=
g=20
more current, like CentOS 4.4, or Fedora Core 6 in order to get this to wor=
k=20
(probly somethign I should do anyway).

Regards,=20
Tim

On Tuesday 09 January 2007 5:24 pm, Mike Hambidge wrote:
> Hey Tim, a couple of things to check on the client machine:
>
> 1. Is TUN/TAP support enabled in the kernel (either compiled in or as a
> module)?
> 2. If as a module, is it loaded prior to starting OpenVPN? e.g.
> 	modprobe tun
> 3. Did you create the tun character device? e.g.
> 	mkdir /dev/net
> 	mknod /dev/net/tun c 10 200
>
> -- Mike
>
> Tim Wunder wrote:
> > Hi,
> > I'm trying to make a VPN connection from openvpn 2.0.9 on RHL7 to openv=
pn
> > 2.0.7 on CentOS 4.4. I've attempted to follow the instructions from
> > http://openvpn.net/howto.html#quick
> >
> > The CentOS box is the server in my environment and the RHL7 box is the
> > client. I created the server keys and the client keys on the CentOS box
> > and scp'd the client keys to the RHL7 box.
> >
> > I can start the server on the CentOS box and sorta get a connection from
> > the RHL7 client. This is the text of the output when running
> > # openvpn  /etc/openvpn/server.conf
> > Tue Jan  9 15:17:31 2007 OpenVPN 2.0.7 i386-redhat-linux-gnu [SSL] [LZO]
> > [EPOLL] built on Apr 29 2006
> > Tue Jan  9 15:17:31 2007 Diffie-Hellman initialized with 1024 bit key
> > Tue Jan  9 15:17:31 2007 TLS-Auth MTU parms [ L:1544 D:140 EF:40 EB:0
> > ET:0 EL:0 ]
> > Tue Jan  9 15:17:31 2007 TUN/TAP device tun0 opened
> > Tue Jan  9 15:17:31 2007 /sbin/ip link set dev tun0 up mtu 1500
> > Tue Jan  9 15:17:31 2007 /sbin/ip addr add dev tun0 local 10.8.0.1 peer
> > 10.8.0.2Tue Jan  9 15:17:31 2007 /sbin/ip route add 10.8.0.0/24 via
> > 10.8.0.2 Tue Jan  9 15:17:31 2007 Data Channel MTU parms [ L:1544 D:1450
> > EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
> > Tue Jan  9 15:17:31 2007 GID set to nobody
> > Tue Jan  9 15:17:31 2007 UID set to nobody
> > Tue Jan  9 15:17:31 2007 Listening for incoming TCP connection on
> > [undef]:1194 Tue Jan  9 15:17:31 2007 TCPv4_SERVER link local (bound):
> > [undef]:1194 Tue Jan  9 15:17:31 2007 TCPv4_SERVER link remote: [undef]
> > Tue Jan  9 15:17:31 2007 MULTI: multi_init called, r=3D256 v=3D256
> > Tue Jan  9 15:17:31 2007 IFCONFIG POOL: base=3D10.8.0.4 size=3D62
> > Tue Jan  9 15:17:31 2007 IFCONFIG POOL LIST
> > Tue Jan  9 15:17:31 2007 ServerName,10.8.0.4
> > Tue Jan  9 15:17:31 2007 MULTI: TCP INIT maxclients=3D1024 maxevents=3D=
1028
> > Tue Jan  9 15:17:31 2007 Initialization Sequence Completed
> >
> >
> > # egrep -v "^(#|*$|;)" server.conf
> > port 1194
> > proto tcp
> > dev tun
> > ca /etc/openvpn/easy-rsa/keys/ca.crt
> > cert /etc/openvpn/easy-rsa/keys/server.crt
> > key /etc/openvpn/server.key  # This file should be kept secret
> > dh /etc/openvpn/easy-rsa/keys/dh1024.pem
> > server 10.8.0.0 255.255.255.0
> > ifconfig-pool-persist ipp.txt
> > client-to-client
> > keepalive 10 120
> > comp-lzo
> > user nobody
> > group nobody
> > persist-key
> > persist-tun
> > status openvpn-status.log
> > verb 3
> >
> >
> >
> > and when running
> > # openvpn ./client.conf
> > Tue Jan  9 14:54:14 2007 VERIFY OK:
> > depth=3D0, /C=3DUS/ST=3DNA/O=3DOrgName/CN=3DCommonName/Email=3Dmy@e-mai=
l.com
> > Tue Jan  9 14:54:14 2007 Data Channel Encrypt: Cipher 'BF-CBC'
> > initialized with 128 bit key
> > Tue Jan  9 14:54:14 2007 Data Channel Encrypt: Using 160 bit message
> > hash 'SHA1' for HMAC authentication
> > Tue Jan  9 14:54:14 2007 Data Channel Decrypt: Cipher 'BF-CBC'
> > initialized with 128 bit key
> > Tue Jan  9 14:54:14 2007 Data Channel Decrypt: Using 160 bit message
> > hash 'SHA1' for HMAC authentication
> > Tue Jan  9 14:54:14 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
> > EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
> > Tue Jan  9 14:54:14 2007 [ServerName] Peer Connection Initiated with
> > 192.168.1.252:1194
> > Tue Jan  9 14:54:15 2007 SENT CONTROL [ServerName]: 'PUSH_REQUEST'
> > (status=3D1)Tue Jan  9 14:54:15 2007 PUSH: Received control
> > message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,ping 10,ping-restart
> > 120,ifconfig 10.8.0.6 10.8.0.5'
> > Tue Jan  9 14:54:15 2007 OPTIONS IMPORT: timers and/or timeouts modified
> > Tue Jan  9 14:54:15 2007 OPTIONS IMPORT: --ifconfig/up options modified
> > Tue Jan  9 14:54:15 2007 OPTIONS IMPORT: route options modified
> > Tue Jan  9 14:54:15 2007 Cannot allocate TUN/TAP dev dynamically
> > Tue Jan  9 14:54:15 2007 Exiting
> >
> > # egrep -v "^(#|*$|;)" client.conf
> > client
> > dev tun
> > proto tcp
> > remote serverDomain 1194
> > resolv-retry infinite
> > nobind
> > user nobody
> > group nobody
> > persist-key
> > persist-tun
> > ca /etc/openvpn/clientkeys/ca.crt
> > cert /etc/openvpn/clientkeys/client.crt
> > key /etc/openvpn/clientkeys/client.key
> > comp-lzo
> > verb 3
> >
> > What am I missing?
> >
> > Thanks,
> > Tim
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > -----------------------------------------------------------------------=
=2D-
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to share
> > your opinions on IT & business topics through brief surveys - and earn
> > cash
> > http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourceforge&CID=
=3DDEVDEV
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Openvpn-users mailing list
> > Ope...@li...
> > https://lists.sourceforge.net/lists/listinfo/openvpn-users