Geek Answers Handbook

How to set the IP address for the TUN interface on OSX (without destination address)?

How to set IP address for TUN interface in OSX? I cannot figure out how to configure the IP address for my interface without specifying the destination IP address. I do not want to do this - I want to more or less build a tunnel to an arbitrary address at a later point in time. Previous questions that are useless:

  • There is a question that has an obscure answer, so I tried to follow the link.
  • This question sets the IP address of a point to a point for the tun device, so it has a destination that is exactly what I don't want.

The osxtuntap page says:

ifconfig tap0 10.1.2.3 up

I cannot do this work on OSX 10.6 for the TUN interface:

 $ sudo ifconfig tun0 10.1.2.3 up ifconfig: ioctl (SIOCAIFADDR): Destination address required

Adding a netmask does not help - OSX seems to require a destination address:

 $ ifconfig tun0 10.0.0.1/24 netmask 255.255.255.0 ifconfig: ioctl (SIOCAIFADDR): Destination address required

For linux, I understand how this works. According to this page , you open the () interface and use the ip command, and do it, and I did it before, zero problems:

 $ ip link set tun0 up $ ip addr add 10.0.0.1/24 dev tun0

All I want to do is the same thing I can do on Linux.

EDIT:

I am writing a small UDP tunnel application. For example:

tun1 -> udp app # 1 -> udp tunnel -> udp app # 2 -> tun2

If udp applications are on different computers (say, local and remote), I would like to associate their corresponding tunnel devices with an IP address, so I can send a packet from local to remote through the tunnel by sending a packet to the tun device IP address on the machine removal.

To borrow more from the Linux tutorial, the author sets up the tunnel device on the local and remote devices, binds ips and launches a simple tunneling application, and then pings the other end of the tunnel:

 [remote]# ip link set tun3 up [remote]# ip addr add 192.168.0.2/24 dev tun3 [remote]$ ./simpletun -i tun3 -s # server blocks waiting for the client to connect [local]# ip link set tun11 up [local]# ip addr add 192.168.0.1/24 dev tun11 [local]$ ./simpletun -i tun11 -c 10.2.3.4 # nothing happens, but the peers are now connected [local]$ ping 192.168.0.2
+8
networking ip ifconfig macos tun
source share
1 answer

By default, tunnel devices operate in Layer 3 mode, and also from point to point. You are requesting a layer 2 mode that more closely resembles a universal Ethernet device. Linux calls these devices. In OpenBSD, you can switch the tunnel device to level 2 mode using "ifconfig tun0 link0". Macintosh tintaposx driver simulates a split Linux device; open the tap device.

You might want to look at https://community.openvpn.net/openvpn/wiki/BridgingAndRouting to determine if you really want to use the crane devices. They add a bit of overhead. If you just need two windows to transfer IP packets between each other, and not for a bridge or broadcast to a large subnet, then the point should be sufficient.

For example, if you have two machines, we put "local" with a LAN IP address, such as 192.168.0.12, and the other, which we designate "remote" with a LAN IP address, such as 192.168.1.14, you can assign an IP tunnel address This way:

 ifconfig tun0 inet 10.0.0.1 10.0.0.2 up

in the local system and:

 ifconfig tun0 inet 10.0.0.2 10.0.0.1 up

in a remote system. Note the reverse perspective on the remote machine. Do not set point addresses for points in any existing subnet; it will not be routed correctly.

I cannot stress this enough: read and re-read the manual pages ("man ifconfig" and "man tun", possibly others) until they become clear. My ifconfig examples above may be slightly different from your operating system.

And for another perspective, you can take a peek into GRE tunnels, as their functionality reflects what you describe for your program. However, GRE is probably not viable in today's TCP-centric networks, and this is not a good idea due to serious security issues.

If your goal is to bypass the security firewall, keep in mind that many of these firewalls block UDP packets (and especially GRE). In this case, try tunneling the SSH interface to configure the tunnel / forwarding interfaces and forwarded packets. You get encryption and possibly compression. :)

+9
source share

More articles:


All Articles