[OpenIndiana-discuss] about tuntap

Jim Klimov jimklimov at cos.ru
Fri Feb 22 13:19:54 UTC 2013 

On 2013-02-22 13:58, Jonathan Adams wrote:
> I know it's not totally relevant, but do you know how significant the
> difference is between our iptun/vnic/bridges and tun/tap
>
> would it ever be possible to configure OpenVPN to work with a pure
> Illumos/Solaris 11 interface?

AFAIK, no or not soon.

* Similar request 2 years ago:
http://mail.opensolaris.org/pipermail/crossbow-discuss/2010-March/002379.html

 From that thread:

> That driver (tuntap) is IP-over-SSL, and is not a Generic Lan Driver (GLDv3)
> device.
> The iptun driver is merely IP-in-IP, but it does present as a GLDv3 device,
> so it can be flow-sliced, virtualized, or anything else you want.  You can
> then use ipsecconf(1M) to set up tunnel-mode IPsec on a particular IP-in-IP
> device.


My post on OpenVPN forum remains unanswered for a year, except that is
how Kazuyoshi informed me of his updated tuntap half a year ago ;-)
* https://forums.openvpn.net/topic9542.html


Overall, I don't think it is impossible to wrap tuntap into something
that looks like GLDv3 for management purposes, but it might be tricky.
In particular, on an OpenVPN server which processes dozens of VPN IP
addresses, there is just one tap device per protocol (one UDP and one
TCP server for us). Separation of incoming bytes into per-client streams
is AFAIK done by OpenVPN, if I haven't forgotten (I haven't refreshed
that knowledge for a couple of years now).

The driver is "Solarisey" enough for routing and IPFilter (firewall
and NAT rules) to work with the individual addresses at least as long
as they leave the box via some other interface. I don't think we tried
to filter or route between VPN clients themselves.

>
> We use static IP tun interfaces here between our known sites, and
> OpenVPN to connect laptops for users at their home addresses (and over
> wifi dongles that might change address) ... Windows (yuk!), Linux, and
> 1 Solaris/Illumos laptop (fool that I am) ... the easiest by far is
> the Linux (Ubuntu) Laptops which have OpenVPN in their
> network-manager.
>
> Jon
>
> On 22 February 2013 12:35, Jim Klimov <jimklimov at cos.ru> wrote:
>> On 2013-02-22 13:21, Jonathan Adams wrote:
>>>
>>> sorry to but in, but how does this differ from the tuntap made by
>>> "Maxim Krasnyansky" that's in the SFE?
>>
>>
>> (Moderately informed FUD follows)
>>
>> I believe, that the original "tuntap by Maxim Krasnyansky" was made
>> primarily for BSD/Linux, and needed some developer love to work under
>> Solaris.
>>
>> http://vtun.sourceforge.net/tun/faq.html
>> http://vtun.info
>>
>> One project of "Solarisizing" the tuntap was Kazuyoshi's work:
>> http://www.whiteboard.ne.jp/~admin2/tuntap/
>>
>> He also made (and ultimately RTI'd) some tweaks for OpenVPN.
>>
>> Last summer he also "Improved throughput perfomance by increasing
>> q_hiwat of read side stream head queue" which boosted my TCP IO's
>> (like CIFS over OpenVPN) by about 5-7 times, and this is the build
>> version supposedly present in the repository.
>>
>> Now, I don't really know now which code is in which repo, but they
>> both come from same roots; it may also be possible that the original
>> project borrowed some improvements from this branch. I haven't used
>> "Maxim's tuntap" with Solaris at all, so can't comment on it more.
>>
>> HTH,
>> //Jim
>>
>>
>>
>> _______________________________________________
>> OpenIndiana-discuss mailing list
>> OpenIndiana-discuss at openindiana.org
>> http://openindiana.org/mailman/listinfo/openindiana-discuss
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>


-- 


+============================================================+
|                                                            |
| Климов Евгений,                                 Jim Klimov |
| технический директор                                   CTO |
| ЗАО "ЦОС и ВТ"                                  JSC COS&HT |
|                                                            |
| +7-903-7705859 (cellular)          mailto:jimklimov at cos.ru |
|                        CC:admin at cos.ru,jimklimov at gmail.com |
+============================================================+
| ()  ascii ribbon campaign - against html mail              |
| /\                        - against microsoft attachments  |
+============================================================+

More information about the OpenIndiana-discuss mailing list