Basic course of using Tun / tap virtual network card under Linux system

Time:2020-11-20

In the computer network, Tun and tap are the virtual network devices in the operating system kernel. These virtual network devices are all implemented by software and provide the software running on the operating system with exactly the same functions as the hardware network devices.
Tap is equivalent to an Ethernet device, which operates layer 2 packets such as Ethernet data frames. Tun simulates network layer devices and operates layer 3 packets, such as IP packets.
The operating system sends data to the user space program bound to the device through the Tun / tap device. On the contrary, the user space program can send data through the Tun / tap device just like operating the hardware network device. In the latter case, the Tun / tap device posts (or “injects”) packets to the network stack of the operating system to simulate the process of receiving data from the outside.
If the server has Tun / tap module, the VPN proxy function can be enabled.
Design principle of virtual network card Tun / tap driver:
20151120120604752.jpg (553×396)

The Tun / tap driver realizes the function of virtual network card. Tun means virtual point-to-point device and tap means virtual Ethernet device. These two devices implement different encapsulation for network packets.
Using the Tun / tap driver, the network packets processed by the TCP / IP protocol stack can be transferred to any process using the Tun / tap driver, which will be reprocessed by the process and then sent to the physical link.
Open source project OpenVPN( http://openvpn.sourceforge.net )And VTun( http://vtun.sourceforge.net )All of them are tunnel encapsulation using Tun / tap driver.
When using the VirtualBox virtual machine to test the network startup service, because the network interface of the host obtains the IP address through DHCP, the configuration file of DHCP needs to be changed every time the machine is restarted
It’s very troublesome, so I want to use the virtual network card (Tun / tap) to generate a virtual network card, set the static IP, set the VirtualBox network to bridge mode, and can be relatively isolated from the host network (different network segments)
Let’s take fedora13 as an example to see how to create a virtual network card device

1. Confirm whether the kernel supports Tun / tap
Verify that the kernel has a tun module

Copy code

The code is as follows:

[[email protected]]# modinfo tun
filename: /lib/modules/2.6.34.7-56.fc13.i686.PAE/kernel/drivers/net/tun.ko
alias: char-major-10-200
license: GPL
author: (C) 1999-2004 Max Krasnyansky <[email protected]>
description: Universal TUN/TAP device driver
srcversion: 880DE258930FE60D765B735
depends:
vermagic: 2.6.34.7-56.fc13.i686.PAE SMP mod_unload 686

Loading kernel modules-

Copy code

The code is as follows:

[[email protected] ~]# modprobe tun
[[email protected] ~]# lsmod | grep tun
tun 10548 1

After executing the above command, the above output appears, indicating that the module is loaded successfully

2. Create and configure virtual network card
Confirm whether there is tunctl command. If it is not installed through yum

Copy code

The code is as follows:

[[email protected] ~]# yum install tunctl

Create virtual network card device

Copy code

The code is as follows:

[[email protected] ~]# tunctl -t tap0 -u root

Setting up virtual network card

Copy code

The code is as follows:

[[email protected] ~]# ifconfig tap0 192.168.0.1 netmask 255.255.255.0 promisc

After the above operation, the virtual network card has been established and configured.

3. As a system service, create virtual network card with the system automatically
Write configuration script (according to chkconfig)

Copy code

The code is as follows:

[[email protected] ~]# cat /etc/init.d/config_tap
#!/bin/bash
#
# config_tap Start up the tun/tap virtual nic
#
# chkconfig: 2345 55 25

USER=”root”
TAP_NETWORK=”192.168.0.1″
TAP_DEV_NUM=0
DESC=”TAP config”

do_start() {
if [ ! -x /usr/sbin/tunctl ]; then
echo “/usr/sbin/tunctl was NOT found!”
exit 1
fi
tunctl -t tap$TAP_DEV_NUM -u root
ifconfig tap$TAP_DEV_NUM ${TAP_NETWORK} netmask 255.255.255.0 promisc
ifconfig tap$TAP_DEV_NUM
}

do_stop() {
ifconfig tap$TAP_DEV_NUM down
}
do_restart() {
do_stop
do_start
}
check_status() {
ifconfig tap$TAP_DEV_NUM
}

case $1 in
start) do_start;;
stop) do_stop;;
restart) do_restart;;
status)
echo “Status of $DESC: “
check_status
exit “$?”
;;
*)
echo “Usage: $0 {start|stop|restart|status}”
exit 1
esac

You can modify this script according to your specific needs
Add to system services

Copy code

The code is as follows:

[[email protected] ~]# chkconfig –add config_tap
[[email protected] ~]# chkconfig –level 345 config_tap on

After the operation is completed, you can use service config like other standard services_ Tap start to create and start operations