Hi all. I'm trying to bring an Amazon VM into the LAN by following this guide [0]. However, it appears that OpenSSH on either RHEL7 or CentOS7 is broken as it is not creating tap interface but tun interface. I've tried this on both CentOS5 and CentOS6 and they both work as advertised! Downgrading the OS is not an option! CentOS5/6 gives me: ****************** tap1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500 link/ether 9e:9e:44:9e:49:4c brd ff:ff:ff:ff:ff:ff CentOS7 gives me: **************** tun1: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 500 link/none So, what's broken in 7 - or is it that it requires something different? Cheers, ak. [0]: http://la11111.wordpress.com/2012/09/24/layer-2-vpns-using-ssh/
On 29/09/14 15:47, Anthony K wrote:> > So, what's broken in 7 - or is it that it requires something different? >I've just finished installing a CentOS7 virtual machine and guess what - as long as both ends are CentOS7, the tap interface is created as expected! Looks like an incompatibility issue between OpenSSH versions! Cheers, ak.
SilverTip257
2014-Sep-29 16:00 UTC
[CentOS] Layer 2 VPN with OpenSSH on CentOS7 not working!
On Mon, Sep 29, 2014 at 1:47 AM, Anthony K <akcentos at anroet.com> wrote:> Hi all. > > I'm trying to bring an Amazon VM into the LAN by following this guide > [0]. However, it appears that OpenSSH on either RHEL7 or CentOS7 is broken > as it is not creating tap interface but tun interface. I've tried this on > both CentOS5 and CentOS6 and they both work as advertised! Downgrading the > OS is not an option! > > > CentOS5/6 gives me: > ****************** > tap1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500 > link/ether 9e:9e:44:9e:49:4c brd ff:ff:ff:ff:ff:ff > > CentOS7 gives me: > **************** > tun1: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN mode > DEFAULT qlen 500 > link/none >In your output, you have both TAP and TUN interfaces ... they are different. Briefly skimming content at the URL you are using as your reference, I see mention of using a TAP interface (which is no the case on your EL7 box).> > > So, what's broken in 7 - or is it that it requires something different? >Unless you can prove with further testing that something is actually broken, I expect this is nothing but a configuration error. Per the TUN/TAP comment of mine [0]. TUN is layer3 and TAP is layer2 of the OSI Model. [0] http://en.wikipedia.org/wiki/TUN/TAP -- ---~~.~~--- Mike // SilverTip257 //