-
#1
I can successfully build a custom kernel (12.1 for a complete OPNsense build) and run it.
However, I’d like to create a monolithic kernel with the desired modules statically linked in. If I comment out the module names out of the loader.conf file, for instance:
and put them in the KERNCONF file:
then the kernel configuration stage errors out with messages like
config: Error: device «if_tun» is unknown
With some modules, like carp, pf, and pflog, it doesn’t have a problem. With others, like if_tun, if_lagg and if_tap, it throws errors.
So what files does the build for dynamic modules find that the build for static modules can’t find? What do I need to do so that the kernel configuration succeeds?
-
#2
On mine, I tried kldload if_tun, and got the message that it was already loaded in the kernel. I didn’t mess with that option for compiling my kernel, nor preload it.
It might be tuntap in
KERNCONF
.
man if_tun gets me tun(4), which shows device tuntap. Then again,
if_tun.ko
and
if_tuntap.ko
are under
/boot/kernel/
.
Otherwise, when you kldload a module, it has to be seen which other modules show up as well for configuring in the kernel.
-
Thread Starter
-
#3
Thanks sidetone. That was it. For some modules the static and dynamic names are not the same! The man pages do indeed show the proper names for the two types. In my case there were 7 that didn’t configure into the kernel because their static names differed from the dynamic names.
-
#4
:
Code:
20190507:
The tap(4) driver has been folded into tun(4), and the module has been
renamed to tuntap. You should update any kld_list="if_tap" or
kld_list="if_tun" entries in /etc/rc.conf, if_tap_load="YES" or
if_tun_load="YES" entries in /boot/loader.conf to load the if_tuntap
module instead, and "device tap" or "device tun" entries in kernel
config files to select the tuntap device instead.
-
Thread Starter
-
#5
In my kernel configuration file I replaced the «device tun» and «device tap» lines with «device tuntap». After doing that, the kernel configuration fails with
config: Error: device :tuntap» is unknown
I’m guessing that’s because I’m running 12.1, which doesn’t incorporate the change indicated in SirDice’s post. The /usr/src/UPDATING file on my machine has no entry for 20190507.
Модератор: SLEDopit
-
enki
- Сообщения: 5
Решено: Не поднимается tun устройство при openvpn соединении
Требуется подключиться к спутниковому провайдеру.
Запускаю openvpn —config <config_file>
Последние строки вывода:
Mon Jan 16 17:36:50 2006 TUN/TAP device tun0 opened
Mon Jan 16 17:36:50 2006 /sbin/ifconfig tun0 192.168.114.159 pointopoint 255.255.255.0 mtu 1500
SIOCSIFDSTADDR: Invalid argument
Mon Jan 16 17:36:50 2006 Linux ifconfig failed: shell command exited with error status: 1
Mon Jan 16 17:36:50 2006 Exiting
У меня вообще не поднимается tun устройство(поднимается tap)
Модуль tun загружен.
Устройство /dev/net/tun создано, а также созданы /dev/tap0 и /dev/tap1
Не понимаю в чем причина?
-
gbnet
- Сообщения: 37
Re: Решено: Не поднимается tun устройство при openvpn соединении
Сообщение
gbnet » 28.01.2011 13:58
У меня такая же проблема tun не поднимается
cat /etc/openvpn/server.conf
local 192.168.x.x
management localhost 7505
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh1024.pem
crl-verify /etc/openvpn/keys/crl.pem
server 192.168.x.0 255.255.255.0
ifconfig-pool-persist ipp.txt
route 192.168.x.0 255.255.255.0
push «route 192.168.x.0. 255.255.255.0»
push «route 192.168.x.0 255.255.255.0»
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
verb 3
client-config-dir /etc/openvpn/ccd
client-to-client
при попытки подключится клиенту пишет
/sbin/ifconfig tun0 192.168.x.0 pointopoint 255.255.255.0 mtu 1500
SIOCSIFDSTADDR: Invalid argument
Linux ifconfig failed: shell command exited with error status: 1
Exiting
-
gbnet
- Сообщения: 37
Re: Решено: Не поднимается tun устройство при openvpn соединении
Сообщение
gbnet » 30.01.2011 18:35
sash-kan писал(а): ↑
30.01.2011 17:35
gbnet
1. что это у вас за иксы в ip-адресах стоят?
2. *.*.*.0/24 — это неиспользуемый ip-адрес. т.н. «адрес сети». пакетами с этим адресом ни одна следующая требованиям rfc операционка обмениваться не будет.
local 192.168.9.2
management localhost 7505
port 1194
proto udp
dev tap
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh1024.pem
crl-verify /etc/openvpn/keys/crl.pem
server 192.168.17.0 255.255.255.0
ifconfig-pool-persist ipp.txt
route 192.168.0.0 255.255.255.0
push «route 192.168.17.0. 255.255.255.0»
push «route 192.168.15.0 255.255.255.0»
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
verb 3
client-config-dir /etc/openvpn/ccd
client-to-client
С tap все работает когда меняю на tun, сервер запускается без проблем, а вот на linux клиенте проблемы(windows клиент , проблем нет )
I have been having some problems with openconnect in my Arch Linux (Antergos to be precise) and I have no idea what’s causing it. (Although I’m used to linux and all, I’m very new to VPNs and openconnect.)
I’m trying to connect to my University’s VPN via 2 methods. I start by following the instructions, which simply say to create a Cisco AnyConnect Compatible VPN and input the name and gateway.
When I do it this way and try to connect via the network-manager applet it doesn’t work. When I flip the VPN switch it simply flips right back immediately and that’s it. No error messages or anything.
The second approach I’m trying is via command line. So I try this
$ sudo openconnect -u myusername my.gateway.edu
(I’m replacing the actual gateway with my.gateway.edu and also the username and blurring relevant IPs from now on)
This is the log I get from that input:
POST https://my.gateway.edu/
Connected to 164.**.**.**:443
SSL negotiation with my.gateway.edu
Server certificate verify failed: signer not found
Certificate from VPN server "my.gateway.edu" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
--servercert sha256:bb2476a96b88357fe74f28a347ba549a2af4bea8668e30a77e1a8295f466bfdc
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on my.gateway.edu
Got HTTP response: HTTP/1.1 401 Unauthorized
Error generating GSSAPI response:
gss_init_sec_context(): Unspecified GSS failure. Minor code may provide more information
gss_init_sec_context(): SPNEGO cannot find mechanisms to negotiate
Server 'my.gateway.edu' requested Basic authentication which is disabled by default
GET https://my.gateway.edu/
Connected to 164.**.**.**:443
SSL negotiation with my.gateway.edu
Server certificate verify failed: signer not found
Connected to HTTPS on my.gateway.edu
Got HTTP response: HTTP/1.1 401 Unauthorized
No more authentication methods to try
GET https://my.gateway.edu/
Please enter your username.
POST https://my.gateway.edu/auth
Please enter your password.
Password:
POST https://my.gateway.edu/auth
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 90, Keepalive 32400
Connected as 169.**.***.**, using SSL
DTLS handshake failed: Resource temporarily unavailable, try again.
Failed to open tun device: No such device
Set up tun device failed
Unknown error; exiting.
I have asked the University’s IT support but they also don’t know what’s happening (I think they’re not very familiar with Arch Linux). I have tried some other things such as using the flag --script /etc/vpnc/vpnc-script but the result is the same.
EDIT
I have recently come across this website via the IT people that says that I have to create a tunnel device before connecting. Even after doing that the results of sudo openconnect -u myusername my.gateway.edu --interface tun1 are still the same.
#1 2013-01-14 15:20:54
- kopiersperre
- Member
- Registered: 2011-03-22
- Posts: 48
No tun device
Dear arch users,
after the last updates I don’t have a tun0 device anymore. The module «tun» also does not exist.
does nothing.
Can you help me?
I use kernel 3.7.2-1 with systemd 197-4 and initscripts 2012.10.1-1.
Thank you in advance
#2 2013-01-14 16:25:58
- chris_l
- Member
- Registered: 2010-12-01
- Posts: 390
Re: No tun device
kopiersperre wrote:
Dear arch users,
after the last updates I don’t have a tun0 device anymore. The module «tun» also does not exist.does nothing.
Can you help me?
I use kernel 3.7.2-1 with systemd 197-4 and initscripts 2012.10.1-1.Thank you in advance
Did you rebooted?
«open source is about choice»
No.
Open source is about opening the source code complying with this conditions, period. The ability to choose among several packages is just a nice side effect.
#3 2013-01-14 20:53:04
- kopiersperre
- Member
- Registered: 2011-03-22
- Posts: 48
#4 2013-01-14 21:17:06
- hunterthomson
- Member
- Registered: 2008-06-22
- Posts: 794
- Website
Re: No tun device
Do you have this set in your kernel config
$ grep CONFIG_TUN /usr/src/linux-3.7.2-1-ARCH/.config
CONFIG_TUN=mhttp://www.gentoo.org/doc/en/vpnc-howto.xml
Gentoo vpnc HOWTO wrote:
Code Listing 2.1: CONFIG_TUN
TUN/TAP provides packet reception and transmission for user space
programs. It can be viewed as a simple Point-to-Point or Ethernet
device, which instead of receiving packets from a physical media,
receives them from user space program and instead of sending packets
via physical media writes them to the user space program.When a program opens /dev/net/tun, driver creates and registers
corresponding net device tunX or tapX. After a program closed above
devices, driver will automatically delete tunXX or tapXX device and
all routes corresponding to it.
Last edited by hunterthomson (2013-01-14 21:17:27)
OpenBSD-current Thinkpad X230, i7-3520M, 16GB CL9 Kingston, Samsung 830 256GB
Contributor: linux-grsec
#5 2013-03-01 12:50:31
- Syntaxeus
- Member
- Registered: 2008-10-04
- Posts: 24
Re: No tun device
@hunterthomson
This solved my issues with openvpn when I got
Cannot open TUN/TAP dev /dev/net/tunThanks a lot!
Проблема оказалась в systemd-resolved.service — Network Name Resolution
Я удалил resolvconf:
sudo apt-get --purge remove resolvconf
Установил openresolv:
apt install openresolv
Выполнил команду результатом которой Active: inactive (dead):
systemctl status systemd-resolved.service
Выполнил вторую команду результатом которой стало Active: active (running):
systemctl enable systemd-resolved.service
systemctl start systemd-resolved.service
Запуск wireguard. После чего wg-client завелся:
sudo wg-quick up wg0-client
———
Но теперь другая проблема. При загрузке системы wg0-client.service выдает ошибку. Он и раньше ее выдавал. Думаю, что wireguard запускается раньше, чем resolved.service. Приходится после загрузки системы делать:
systemctl restart wg-quick@wg0-client.service
Как это исправить?
systemd-analyze blame
213ms wg-quick@wg0-client.service
1.072s systemd-resolved.service
Вот вывод из журнала загрузки:
grep -i wg /var/log/boot.log
[FAILED] Failed to start WireGuard via wg-quick(8) for wg/client.
See 'systemctl status wg-quick@wg-client.service' for details.
systemctl status wg-quick@wg-client.service:
systemctl status wg-quick@wg-client.service
● wg-quick@wg-client.service - WireGuard via wg-quick(8) for wg/client
Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
Active: **failed** (Result: exit-code) since Tue 2020-06-30 17:10:56 MSK; 2 weeks 1 days ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Main PID: 564 (code=exited, status=1/FAILURE)
июн 30 17:10:56 PC systemd[1]: Starting WireGuard via wg-quick(8) for wg/client...
июн 30 17:10:56 PC wg-quick[564]: wg-quick: `/etc/wireguard/wg-client.conf' does not exist
июн 30 17:10:56 PC systemd[1]: wg-quick@wg-client.service: Main process exited, code=exited, status=1/FAILURE
июн 30 17:10:56 PC systemd[1]: wg-quick@wg-client.service: Failed with result 'exit-code'.
июн 30 17:10:56 PC systemd[1]: **Failed to start WireGuard via wg-quick(8) for wg/client**.
Но у меня нет файла конфигурации с таким именем: wg-quick: `/etc/wireguard/wg-client.conf’ does not exist
ls /etc/wireguard
client_private.key client_public.key wg0-client.conf
———-
———-
В итоге последнюю проблему удалось решить. По ошибке был создан сервис несуществующего интерфейса :
systemctl stop wg-quick@wg-client.service
systemctl disable wg-quick@wg-client.service
systemctl enable wg-quick@wg0-client.service
systemctl start wg-quick@wg0-client.service
systemctl status wg-quick@wg0-client.service
● wg-quick@wg0-client.service - WireGuard via wg-quick(8) for wg0/client
Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2020-07-15 18:33:52 MSK; 5s ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 1544 ExecStart=/usr/bin/wg-quick up wg0-client (code=exited, status=0/SUCCESS)
Main PID: 1544 (code=exited, status=0/SUCCESS)
июл 15 18:33:52 PC wg-quick[1544]: [#] ip -4 address add 10.8.1.1/32 dev wg0-client
июл 15 18:33:52 PC wg-quick[1544]: [#] ip link set mtu 1420 up dev wg0-client
июл 15 18:33:52 PC wg-quick[1544]: [#] resolvconf -a wg0-client -m 0 -x
июл 15 18:33:52 PC wg-quick[1544]: [#] wg set wg0-client fwmark 51820
июл 15 18:33:52 PC wg-quick[1544]: [#] ip -4 route add 0.0.0.0/0 dev wg0-client table 51820
июл 15 18:33:52 PC wg-quick[1544]: [#] ip -4 rule add not fwmark 51825 table 51825
июл 15 18:33:52 PC wg-quick[1544]: [#] ip -4 rule add table main suppress_prefixlength 0
июл 15 18:33:52 PC wg-quick[1544]: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
июл 15 18:33:52 PC wg-quick[1544]: [#] iptables-restore -n
июл 15 18:33:52 PC systemd[1]: Started WireGuard via wg-quick(8) for wg0/client.