Reply To: LAN-to-LAN (site-to-site) VPN with tun device

Forums Network Management ZeroShell LAN-to-LAN (site-to-site) VPN with tun device Reply To: LAN-to-LAN (site-to-site) VPN with tun device


Until the Zeroshell GUI supports TUN device, one workaround I just tried that seems to work is putting this in the Parameters field in the GUI:

--dev tun0 --dev-type tun

That creates this command line:

openvpn --dev VPN00 --remote foo --port 1194 --proto udp --tls-client --dh /etc/ssl/dh.pem --ca /etc/ssl/trusted_CAs.pem --cert /var/register/system/net/interfaces/VPN00/TLS/cert.pem --key /var/register/system/net/interfaces/VPN00/TLS/key.pem --dev-type tap --float --ping 1 --ping-restart 11 --management 34000 --daemon VPN00_L2L --comp-lzo --dev tun0 --dev-type tun --cipher AES-128-CBC --client --verb 3 --down /root/kerbynet.cgi/scripts/vpn_mii

Note that the hard coded TAP device directives are still there (–dev VPN00 –dev-type tap) but they seem to get overidden by the later TUN device directives (–dev tun0 –dev-type tun).

My initial tests seem to show this is working. That is, I can do all the pings shown in the previous post, without having to do extra routing commands.

Running ifconfig shows that tun0 was successfully created. Unfortunately, the tap device VPN00 is still there. I’m not sure if that lingering TAP device could cause problems or not with things like QoS. Need to do further testing.

So, this is a workaround but I’d still prefer TUN support in gui.