0

I am mounting the /dev/tun device of an IllumOS installation (actually OmniOS, but I don't think it makes a difference) inside a lx-brand zone (using add device, set match=\dev\tun, end). Problem is, the CentOS inside the zone expects the tun device to be in /dev/net/tun, not /dev/tun, so OpenVPN is not working. It complains that /dev/net/tun does not exist, which I guess makes sense.

What is the difference between having the tun device in /dev or in /dev/net? More importantly, how can I make this work? I have tried symlinking /dev/tun in /dev/net/tun both in IllumOS and in CentOS, but it's not letting me.

Any help is appreciated.

EDIT: Thanks to the comments I am now able to trick the system into believing that /dev/net/tun exists, however even when trying tunctl -t tun0 -f /dev/tun I get TUNSETIFF: Inappropriate ioctl for device. The full strace is below:

execve("/sbin/tunctl", ["tunctl", "-t", "tun0", "-f", "/dev/tun"], [/* 20 vars */]) = 0
brk(NULL)                               = 0x6020e0
uname({sysname="Linux", nodename="centos-zerotier", ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fffef240000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=26396, ...}) = 0
mmap(NULL, 26396, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fffef040000
close(3)                                = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\35\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2127336, ...}) = 0
mmap(NULL, 3940800, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fffeec00000
mprotect(0x7fffeedb8000, 2097152, PROT_NONE) = 0
mmap(0x7fffeefb8000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b8000) = 0x7fffeefb8000
mmap(0x7fffeefbe000, 16832, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fffeefbe000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fffef030000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fffef020000
arch_prctl(ARCH_SET_FS, 0x7fffef020740) = 0
mprotect(0x7fffeefb8000, 16384, PROT_READ) = 0
mprotect(0x601000, 4096, PROT_READ)     = 0
mprotect(0x7fffef421000, 4096, PROT_READ) = 0
munmap(0x7fffef040000, 26396)           = 0
open("/dev/tun", O_RDWR)                = 3
stat("/etc/sysconfig/64bit_strstr_via_64bit_strstr_sse2_unaligned", 0x7fffffefefb0) = -1 ENOENT (No such file or directory)
ioctl(3, TUNSETIFF, 0x7fffffeff460)     = -1 ENOTTY (Inappropriate ioctl for device)
dup(2)                                  = 4
fcntl(4, F_GETFL)                       = 0x8002 (flags O_RDWR|O_LARGEFILE)
brk(NULL)                               = 0x6020e0
brk(0x6230e0)                           = 0x6230e0
brk(NULL)                               = 0x6230e0
brk(0x624000)                           = 0x624000
fstat(4, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 2), ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fffef010000
write(4, "TUNSETIFF: Inappropriate ioctl f"..., 42TUNSETIFF: Inappropriate ioctl for device
) = 42
close(4)                                = 0
munmap(0x7fffef010000, 8192)            = 0
brk(NULL)                               = 0x624000
brk(NULL)                               = 0x624000
brk(0x623000)                           = 0x623000
brk(NULL)                               = 0x623000
exit_group(1)                           = ?
+++ exited with 1 +++
Francesco Carzaniga
  • 101
  • 2
  • According to [this page](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-0/) you can pass the `–dev-node node` option to openvp to tell it what path to use instead of `/dev/net/tun` or `/dev/tun`. –  Mar 20 '20 at 20:17
  • You are definitely right! Sadly I was using OpenVPN as an example while I am actually using ZeroTier, and I couldn't find any similar option. – Francesco Carzaniga Mar 20 '20 at 20:33
  • Does the `/dev/net` directory exist? –  Mar 20 '20 at 20:35
  • It does. It contains the virtual nic I passed through from the host. – Francesco Carzaniga Mar 20 '20 at 20:37
  • Try something like `mkdir some_dir; ln -s /dev/tun some_dir; mount -B some_dir /dev/net` inside the Centos guest (untested, and assuming you don't need the other files from `/dev/net`, `mount -B` creates a bind mount). –  Mar 20 '20 at 20:46
  • Nice trick! It works, but now I get TUNSETIFF: Inappropriate ioctl for device. – Francesco Carzaniga Mar 20 '20 at 20:53
  • There are limits to emulation of non-generic kernel features. While both kernels (IllumOS/Solaris and Linux) support tun/tap devices, they might be implemented slightly differently. – A.B Mar 20 '20 at 22:57
  • @A.B Yes, the `/dev/tun` interface in Solaris is completely different from `/dev/net/tun` in Linux; and not only in its setup part -- it seems that you can't just read from it on solaris, but you should use `getmsg()`. Eg in the source code of qemu, which implements both: [tap-linux.c](https://git.qemu.org/?p=qemu.git;a=blob;f=net/tap-linux.c;h=e0dd442ee34fe51e7c3c072f8bfc4a5d5286c862;hb=HEAD) and [tap-solaris.c](https://git.qemu.org/?p=qemu.git;a=blob;f=net/tap-solaris.c;h=4725d2314eef709f2156300a7bb7973144524301;hb=HEAD). –  Mar 20 '20 at 23:47
  • So is there no way of having ZeroTier run on a Solaris installation, short of using a full-fledged KVM? – Francesco Carzaniga Mar 21 '20 at 09:06

0 Answers0