1

Is there any software to wrap a IPv6 VPN (or to be precise anything using tun/tap), so it would be possible to use it without tun/tap interface with SOCKS5 without using tun/tap interface?

Rationale:

What I'm trying to do is to use cjdns without root and tun/tap interface. So far I've only found tunsocks but it only supports IPv4 (even though author noted that implementing IPv6 support should be straightforward, I lack the required skills). I think that I implemented tunsocks into cjdns correctly but since it's IPv4 only, I can't really test it (PR - https://github.com/cjdelisle/cjdns/pull/1104). Any hints are appreciated.

Update: I need to do it without using root permissions at all (not even once). Basically I need something that will provide what tunsocks provides but for IPv6.

sssemil
  • 111
  • 7

1 Answers1

1

The problem is that the IP packets transferred to and from your local host must go through some kind of network interface. If you want to reroute them somewhere, no matter if that is a VPN, a SOCKS proxy, or something else, they also must go through a network interface. And since the rerouting is done in software, that network interface is a tun/tap interface. You can't access a VPN without it.

As for "wrapping the VPN software with a SOCKS wrapper", that applies to the wrong end: The VPN software has no trouble communicating to the other end of the VPN tunnel without root rights, this is just normal network communication. And it would be that part that is wrapped by SOCKS.

However, you can create tun/tap interfaces without root rights by setting permissions on /dev/net/tun (see here), which needs root right once.

AFAIK you can also pre-create a named tun/tap interface (which again needs root rights once), and then use it by an application without root rights.

Maybe one of these two options solves your problem?

dirkt
  • 31,679
  • 3
  • 40
  • 73
  • 1
    If I take care of the TCP/IP stack in my wrapper, then I can handle it without tun/tap altogether. Fix example tunsocks uses lwIP. – sssemil May 04 '18 at 05:05
  • I really would like to see a wrapper that can forward kernel packets without a network interface. Any links to an example of such a wrapper? tunsocks doesn't provide such a wrapper; all applications that want to use tunsocks instead of the normal kernel networking must explicitely use tunsocks. That's not how you use a VPN on a local machine, unless you only want a few specific applications to use the VPN (and if you want that, you didnt' mention it in your question). Maybe clarify the question? – dirkt May 04 '18 at 06:14