search for: tun0

...d like to be sure not to make any mistake. Thanks a lot in advance. Antoine Here is my ruleset: #!/bin/sh # Firewall Command fwcmd="/sbin/ipfw" # Flush out the list before we begin. ${fwcmd} -f flush # Stop spoofing ${fwcmd} add deny all from 192.168.0.0:255.255.255.0 to any in via tun0 ### ${fwcmd} add deny all from ${outside_net}:${outside_mask} to any in via vr0 ### Disabled --> dynamic @ip # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from any to 10.0.0.0/8 via tun0 ${fwcmd} add deny all from any to 172.16.0.0/12 via tun0 ${fwcmd} add deny all from an...

Hi all, I try to receive an ipv6 address for my PPP link via autoconf (against Cisco machine), but there is a problem I'm unable to solve so far. I can see cisco's Router-Advertisement containing prefix etc., but no IP adress is assigned to tun0 interface. Anyone succesful in IPv6 over dial-up PPP connection? When I manually assign IPv6 address, connection works. My system is 4.8-RELEASE, PPP Version 3.1 - Apr 3 2003. axxem.hide:~# rtsol -d -D tun0 link-layer address option has null length on tun0. Treat as not included. checking if tun0...

i have a box with 2 real interfaces and one more virtual eth0 - to the internet (193.... eth1 - to the local net (192.168..) tun0 - to another ISP the routing is: all the free/local classes i send them directly on eth0, the rest of the internet i send throw tun0 the admin from tun0 wants me to snat all the packets with my end of the ip-tun0-interface and i snat all the trafic that go to local/free nets the problem is that...

I''m getting my zones confused. Help. I need to have a bunch of systems using OpenVPN to gain an IP in the virtual subnet 10.100.1.0/24, on interface tun0. I will then route whole subnets to those IPs, like 10.100.2.0/24 via 10.100.1.12, etc. I want to have a policy for: - all hosts behind tun0 - all hosts in 10.100.1.0/24 - individual subnets being routed through IPs in 10.100.1.0/24 So, I think I need: interfaces: - tun0 hosts: remote1 tu...

...lo all, We have a few aliased Ethernet addresses on our server and if I do not use the Bind statement in the "Global" section then the NMBD seems to try to bind to all of the addresses. We are actually using OpenVPN which make the connections just fine on a 172.16.x.x subnet to "tun0" device. The problem is that Samba does not seem to find the tun0 device and reports that there are no network cards available if I use the: Bind Interfaces Only = True Interfaces tun0 172.16.0.1 How can I just bind Samba to the tun0 device? Also, with my home machine on the 192.168.x.x s...

...established from src/etc/rc.firewall case - simple. Which solved it. But I was scared, not undertstand what the established bit did, & how easily an attacker might fake something, etc. I found adding these tighter rules instead worked for me ${fwcmd} tcp from any http to me established in via tun0 ${fwcmd} tcp from me to any http established out via tun0 Should I still be worrying about established ? Julian -- Julian Stacey. BSD Unix C Net Consultancy, Munich/Muenchen http://berklix.com Mail Ascii, not HTML. Ihr Rauch = mein allergischer Kopfschmerz. http://berklix.org/free-softwar...

Hello, i have a little question. My system: ip route: 0.0.0.0/1 via 10.8.0.5 dev tun0 default via 192.168.2.1 dev br0 proto static metric 425 10.8.0.1 via 10.8.0.5 dev tun0 10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6 88.198.140.127 via 192.168.2.1 dev br0 192.168.2.0/24 dev br0 proto kernel scope link src 192.168.2.101 metric 425 192.168.122.0/24 dev virbr0 pr...

...his is what I have after the tunnel is brought up: SERVER (A.A.A.A) Arx:~# ip addr ... 3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:04:e2:09:6c:ea brd ff:ff:ff:ff:ff:ff inet 192.168.13.1/24 brd 192.168.13.255 scope global eth1 ... 5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc pfifo_fast qlen 100 link/[65534] inet 10.0.13.1 peer 10.0.13.2/32 scope global tun0 Arx:~# ip route A.A.A.B dev ppp0 proto kernel scope link src A.A.A.A 10.0.13.2 dev tun0 proto kernel scope link src 10.0.13.1 10.0.13.0...

.... Here are some numbers: eth1 on Box A is 192.168.1.1/24, eth1 on Box B is 192.168.1.31/24. On Box B there are 4 NICs, 3 of them (including eth1) are bridged, with the bridge interface being br0 (192.168.1.31 is actually assigned to br0, not eth1). I''ve read the lartc howto, so I created a tun0 interface on both boxes: ip tunnel add tun0 mode gre remote remote_ip_here local local_ip_here ttl 255; ip link set tun0 up. The problem is what do I do from here? Do I bridge tun0 and eth1 on Box A and add tun0 to br0 on Box B? Or do I just enable proxy_arp for eth1 and tun0 on Box A and for br0 a...

Hi folks, I have the two firewalls (Slackware current) in differnt cities connected via OpenVPN. I can ping the network behind server firewall from client firewall server. But how to route/iptable network traffic from the network behind client firewall to see the netwrok behind server firewall? Thank you Remus

...tinc configurazion of 2 subnets, now my goal is to add 2 more subnets and comunicate. I might seem dumb at this point but honestly I don't work in IT or Networking stuff, and so I dont have that deep knowledge. A little explanation of my configuration is HOST A (VPN server) Public IP: 1.2.3.4 tun0 Subnet = 192.168.10.0/24 tun0 IP = 192.168.10.1 HOST B (VPN Client configured in a Raspberry Pi) eth0 NET = 192.168.2.10 255.255.255.0 gw 192.168.2.1 tun0 Subnet = 192.168.10.0/24 tun0 Subnet = 192.168.2.0/24 HOST C (VPN Client configured in a Raspberry Pi) eth0 NET = 192.168.1.101 255.255.255...

Hi, I'm trying to run tinc 1.0.9 on freebsd 7.1-RELEASE-p4. I tried: Device=/dev/net/tun0 DeviceType=tun I tried it without the device-line, i tried the other devicetype-options, none of them work. With all of them I get the following error: 30311: open("/dev/net/tun0",O_RDWR|O_NONBLOCK,05024360414) = 3 (0x3) 30311: ioctl(3,TUNSIFHEAD,0xbfbfec58) ERR#45 'Operation not s...

...hen modify firewall-cmd rule and add your port/proto > > e.g. > firewall-cmd --zone=<INSERT YOUR ZONE> --add-port=11193/tcp That opens the physical Ethernet interface to allow the raw SSL connection from the client into the server. It doesn't open a connection for the tunnel (tun0 interface) that's been created by the OpenVPN service to forward packets to the internal LAN zone. I tried adding the tun0 interface to the internal zone and firewall-cmd told me tun0 was managed by NetworkManager. After that it didn't show tun0 as a member of any zone. #? firewall-cmd...

I have 2 nodes nodeA and nodeB I'm using tinc 1.1pre11 -- nodeA(fd80:2015:2105:abcd::1) : $ ip -6 route fd80:2015:2105:abcd::1 dev tun0 proto kernel metric 256 fd80:2015:2105:adcd::/64 dev tun0 metric 1024 fe80::/64 dev eth0 proto kernel metric 256 $ ping6 fd80:2015:2105:abcd::1 PING fd80:2015:2105:abcd::1(fd80:2015:2105:abcd::1) 56 data bytes 64 bytes from fd80:2015:2105:abcd::1: icmp_seq=1 ttl=64 time=0.020 ms $ ping6 fd80...

....0.0 178.62.128.1 0.0.0.0 UG 0 0 0 eth0 10.129.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 178.62.128.0 0.0.0.0 255.255.192.0 U 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 a route from HOST B shows: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0...

? ? ? Hi, all:? ? ? ? ? I'm playing with Gre Tunnel programming in centos 6. ? ? ? ?? ? ? ? ? I wrote my program in these steps:? ? ? ? ? a, open /dev/net/tun ?device and ioctl with?TUNSETIFF, get fd to tun device, say "tun0"; ? ? ? ? b, create one socket and use it to set tun0's ?ip address, namyly?SIOCSIFADDR and?SIOCSIFDSTADDR; and then turn it up; ? ? ? ? c, create one raw socket to send things which got from the tun0 device to other machine, and to receive packages which should be?feeded into the tun0 dev...

...bytes=32 time=335ms TTL=127 So as you can see the link is up and shorewall does let through the connections to the local server subnet. On checking /var/log/messages i can see shorewall has dropped packets destined for 192.168.10.1: Mar 26 04:33:10 router-hq kernel: Shorewall:FORWARD:REJECT:IN=tun0 OUT=tun0 SRC=172.16.1.6 DST=192.168.10.1 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=31895 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=25270 Mar 26 04:33:11 router-hq kernel: Shorewall:FORWARD:REJECT:IN=tun0 OUT=tun0 SRC=172.16.1.6 DST=192.168.10.1 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=31898 PROTO=ICMP TYPE=8 CODE=0...

Hi everybody and merry Chrissy! I have smb listening to two interfaces and with tun0 this failed. Package was from Debian 7 - 2:3.6.6-6+deb7u4 # smbclient //10.9.8.1/public -Unot_a_user Enter not_a_user's password: Connection to 10.9.8.1 failed (Error NT_STATUS_CONNECTION_REFUSED) # smbclient //127.0.0.1/public -Unot_a_user Enter not_a_user's password: Domain=[WORKGROUP...

...- eth0 (adsl 1) eth1 (adsl 2) | | | | | | | | ----------------- | | | Gateway | | | ----------------- | | | tun0 Below is my iptables scripting to mark certain ports: - # eMule $IPTABLES -t mangle -A PREROUTING -i tun0 -p tcp -m multiport --destination-ports 4242,4661,4662,4663,4711 -j MARK –-set-mark 11 $IPTABLES -t mangle -A PREROUTING -i tun0 -p udp -m multiport --destination-ports 4672 -j MARK –-set-mar...