Openvpn Routed (tun) on KVM-based Linux VPS

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Locked
daveinlv
OpenVpn Newbie
Posts: 8
Joined: Sun Jan 10, 2016 1:16 am

Openvpn Routed (tun) on KVM-based Linux VPS

Post by daveinlv » Sun Jan 10, 2016 1:34 am

I recently moved my mailserver from an OpenVZ-based Linux vps to a KVM-based one. Other than the OpenVZ vps forgetting it had the tun interface periodically, OpenVPN worked fine there. After moving everything over to the KVM-based vps, I find I have no tun interface, and when I start/restart OpenVPN, I see absolutely no errors in /var/log/syslog, but I'm unable to ping anything on the backup server's network, and there is no tun0 showing in ifconfig. I changed nothing in the OpenVPN server configuration, just moved it and the cert/key from the old OpenVZ server to the new KVM one.. As I use an OpenVPN tunnel to my backup server, its kind of imperative I get this working. I contacted the vps vendor support and they tried to tell me that KVM-based virtualization doesn't support tun/tap interfaces, however Google seems to disagree with them.. I find a lot of links that kind of skirt around getting OpenVPN to work routed on a KVM-based vps, but nothing that points to the fact that I can tail /var/log/syslog, start or restart OpenVPN, see all of the usual stuff (below)

Code: Select all

Jan  9 17:33:25 mail ovpn-mailsrv[7514]: OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Jan  9 17:33:25 mail ovpn-mailsrv[7514]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan  9 17:33:25 mail ovpn-mailsrv[7515]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Jan  9 17:33:25 mail ovpn-mailsrv[7515]: UDPv4 link local (bound): [undef]
Jan  9 17:33:25 mail ovpn-mailsrv[7515]: UDPv4 link remote: [AF_INET]XX.XXX.XXX.XX:1194

Generally on OpenVZ-based vps, when the tun interface was unconfigured, I'd see an error that pretty much pointed to that issue and
a quick ticket to the vps support got them to do their magic on the host and all was good again... Apparently KVM is different...

Help, please!!

Thanks
Dave

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Openvpn Routed (tun) on KVM-based Linux VPS

Post by Traffic » Sun Jan 10, 2016 1:19 pm

daveinlv wrote:I contacted the vps vendor support and they tried to tell me that KVM-based virtualization doesn't support tun/tap interfaces
Perhaps they mean: "They do not support TUN/TAP in their KVM configuration" ..

As far as I know, KVM does support TUN/TAP. It is in fact required for certain bridge network configurations and is installed and configured using openvpn .. For example https://en.wikibooks.org/wiki/QEMU/Networking (See the up/down scripts). Notice however, these scripts are run in the HOST OS not the KVM client.

daveinlv
OpenVpn Newbie
Posts: 8
Joined: Sun Jan 10, 2016 1:16 am

Re: Openvpn Routed (tun) on KVM-based Linux VPS

Post by daveinlv » Mon Jan 11, 2016 4:49 pm

Thanks for the replies.. I've scouted google quite a bit on this, as I moved this guest to KVM (its a mailsever) from its previous OpenVZ host as I was getting frequent problems and it was suggested to move to a KVM-based vps. I found via google that if you "cat /dev/net/tun" and get "File descriptor in bad state", it means that tun/tap is active.. Seems that if it was simply a matter of the vps vendor not supporting tun/tap in their KVM implementation, I wouldn't be getting that.. Next question: WTH *would* they not support it? I can't imagine I'm the only one trying to get OVPN working on one of their vps... Color me puzzled..

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Openvpn Routed (tun) on KVM-based Linux VPS

Post by Traffic » Mon Jan 11, 2016 8:57 pm

daveinlv wrote:Next question: WTH *would* they not support it?
I guess they do not want their services used for that kind of thing ..

Locked