Re: [Openvpn-users] =?iso-8859-1?q?Cannot_allocate_TUN/TAP_dev_dynami?= =?iso-8859-1?q?cally?=

[Mike H. <mha...@fu...>]

I don't have any experience with the 2.4 kernel, but I imagine it 
includes TUN/TAP support. For the 2.6.17 kernel I'm running, the TUN/TAP 
support is located in xconfig under:

->Device Drivers
     ->Network Device Support
         -> Universal TUN/TAP device driver support

Once enabled, the ".config" file will contain:
	
     CONFIG_TUN=y

If compiled as a module (CONFIG_TUN=m) the module name will be named "tun"

The openvpn man page has more information concerning TUN/TAP setup. Just 
search for "TUN/TAP DRIVER SETUP". You can view the man page online at:

http://openvpn.net/man.html

-- Mike


Tim Wunder wrote:
> Hi Mike
> 
> The client machine is running an old linux kernel, 2.4.22, I don't see 
> anything tun or tap related after an 'lsmod'
> I don't seem to have any tun.o module, but there is an ethertap.o module that 
> I loaded this morning. I also created the tun character device as described 
> in your post. 
> 
> It has made no difference, I continue to get the same error. I looked at the 
> kernel's 'make xconfig' and don't see where I enable the tun module. 
> 
> I tried commenting out /dev/tun and uncommenting /dev/tap in both the 
> client.conf and server.conf files to see if loading ethertap.o and trying to 
> use tap would make it better. Still no change in results...
> 
> I'm starting to think I'm going to need to update this RHL7 box to something 
> more current, like CentOS 4.4, or Fedora Core 6 in order to get this to work 
> (probly somethign I should do anyway).
> 
> Regards, 
> Tim
> 
> On Tuesday 09 January 2007 5:24 pm, Mike Hambidge wrote:
>> Hey Tim, a couple of things to check on the client machine:
>>
>> 1. Is TUN/TAP support enabled in the kernel (either compiled in or as a
>> module)?
>> 2. If as a module, is it loaded prior to starting OpenVPN? e.g.
>> 	modprobe tun
>> 3. Did you create the tun character device? e.g.
>> 	mkdir /dev/net
>> 	mknod /dev/net/tun c 10 200
>>
>> -- Mike
>>
>> Tim Wunder wrote:
>>> Hi,
>>> I'm trying to make a VPN connection from openvpn 2.0.9 on RHL7 to openvpn
>>> 2.0.7 on CentOS 4.4. I've attempted to follow the instructions from
>>> http://openvpn.net/howto.html#quick
>>>
>>> The CentOS box is the server in my environment and the RHL7 box is the
>>> client. I created the server keys and the client keys on the CentOS box
>>> and scp'd the client keys to the RHL7 box.
>>>
>>> I can start the server on the CentOS box and sorta get a connection from
>>> the RHL7 client. This is the text of the output when running
>>> # openvpn  /etc/openvpn/server.conf
>>> Tue Jan  9 15:17:31 2007 OpenVPN 2.0.7 i386-redhat-linux-gnu [SSL] [LZO]
>>> [EPOLL] built on Apr 29 2006
>>> Tue Jan  9 15:17:31 2007 Diffie-Hellman initialized with 1024 bit key
>>> Tue Jan  9 15:17:31 2007 TLS-Auth MTU parms [ L:1544 D:140 EF:40 EB:0
>>> ET:0 EL:0 ]
>>> Tue Jan  9 15:17:31 2007 TUN/TAP device tun0 opened
>>> Tue Jan  9 15:17:31 2007 /sbin/ip link set dev tun0 up mtu 1500
>>> Tue Jan  9 15:17:31 2007 /sbin/ip addr add dev tun0 local 10.8.0.1 peer
>>> 10.8.0.2Tue Jan  9 15:17:31 2007 /sbin/ip route add 10.8.0.0/24 via
>>> 10.8.0.2 Tue Jan  9 15:17:31 2007 Data Channel MTU parms [ L:1544 D:1450
>>> EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
>>> Tue Jan  9 15:17:31 2007 GID set to nobody
>>> Tue Jan  9 15:17:31 2007 UID set to nobody
>>> Tue Jan  9 15:17:31 2007 Listening for incoming TCP connection on
>>> [undef]:1194 Tue Jan  9 15:17:31 2007 TCPv4_SERVER link local (bound):
>>> [undef]:1194 Tue Jan  9 15:17:31 2007 TCPv4_SERVER link remote: [undef]
>>> Tue Jan  9 15:17:31 2007 MULTI: multi_init called, r=256 v=256
>>> Tue Jan  9 15:17:31 2007 IFCONFIG POOL: base=10.8.0.4 size=62
>>> Tue Jan  9 15:17:31 2007 IFCONFIG POOL LIST
>>> Tue Jan  9 15:17:31 2007 ServerName,10.8.0.4
>>> Tue Jan  9 15:17:31 2007 MULTI: TCP INIT maxclients=1024 maxevents=1028
>>> Tue Jan  9 15:17:31 2007 Initialization Sequence Completed
>>>
>>>
>>> # egrep -v "^(#|*$|;)" server.conf
>>> port 1194
>>> proto tcp
>>> dev tun
>>> ca /etc/openvpn/easy-rsa/keys/ca.crt
>>> cert /etc/openvpn/easy-rsa/keys/server.crt
>>> key /etc/openvpn/server.key  # This file should be kept secret
>>> dh /etc/openvpn/easy-rsa/keys/dh1024.pem
>>> server 10.8.0.0 255.255.255.0
>>> ifconfig-pool-persist ipp.txt
>>> client-to-client
>>> keepalive 10 120
>>> comp-lzo
>>> user nobody
>>> group nobody
>>> persist-key
>>> persist-tun
>>> status openvpn-status.log
>>> verb 3
>>>
>>>
>>>
>>> and when running
>>> # openvpn ./client.conf
>>> Tue Jan  9 14:54:14 2007 VERIFY OK:
>>> depth=0, /C=US/ST=NA/O=OrgName/CN=CommonName/Ema...@e-...
>>> Tue Jan  9 14:54:14 2007 Data Channel Encrypt: Cipher 'BF-CBC'
>>> initialized with 128 bit key
>>> Tue Jan  9 14:54:14 2007 Data Channel Encrypt: Using 160 bit message
>>> hash 'SHA1' for HMAC authentication
>>> Tue Jan  9 14:54:14 2007 Data Channel Decrypt: Cipher 'BF-CBC'
>>> initialized with 128 bit key
>>> Tue Jan  9 14:54:14 2007 Data Channel Decrypt: Using 160 bit message
>>> hash 'SHA1' for HMAC authentication
>>> Tue Jan  9 14:54:14 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
>>> EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
>>> Tue Jan  9 14:54:14 2007 [ServerName] Peer Connection Initiated with
>>> 192.168.1.252:1194
>>> Tue Jan  9 14:54:15 2007 SENT CONTROL [ServerName]: 'PUSH_REQUEST'
>>> (status=1)Tue Jan  9 14:54:15 2007 PUSH: Received control
>>> message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,ping 10,ping-restart
>>> 120,ifconfig 10.8.0.6 10.8.0.5'
>>> Tue Jan  9 14:54:15 2007 OPTIONS IMPORT: timers and/or timeouts modified
>>> Tue Jan  9 14:54:15 2007 OPTIONS IMPORT: --ifconfig/up options modified
>>> Tue Jan  9 14:54:15 2007 OPTIONS IMPORT: route options modified
>>> Tue Jan  9 14:54:15 2007 Cannot allocate TUN/TAP dev dynamically
>>> Tue Jan  9 14:54:15 2007 Exiting
>>>
>>> # egrep -v "^(#|*$|;)" client.conf
>>> client
>>> dev tun
>>> proto tcp
>>> remote serverDomain 1194
>>> resolv-retry infinite
>>> nobind
>>> user nobody
>>> group nobody
>>> persist-key
>>> persist-tun
>>> ca /etc/openvpn/clientkeys/ca.crt
>>> cert /etc/openvpn/clientkeys/client.crt
>>> key /etc/openvpn/clientkeys/client.key
>>> comp-lzo
>>> verb 3
>>>
>>> What am I missing?
>>>
>>> Thanks,
>>> Tim
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> -------------------------------------------------------------------------
>>> Take Surveys. Earn Cash. Influence the Future of IT
>>> Join SourceForge.net's Techsay panel and you'll get the chance to share
>>> your opinions on IT & business topics through brief surveys - and earn
>>> cash
>>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Openvpn-users mailing list
>>> Ope...@li...
>>> https://lists.sourceforge.net/lists/listinfo/openvpn-users

-