The server currently runs on a home DSL line and need more bandwidth and thus would like to move the VPN server to a virtual private server I rented, which has enough bandwidth.
The vserver's host is running OpenVZ, which should allow tun/tap inside a vserver, but currently I cannot create a tap device using both tunctl and openvpn --mktun:
# openvpn --mktun --dev tap0
Tue Oct 26 17:47:43 2010 Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)
Tue Oct 26 17:47:43 2010 Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Tue Oct 26 17:47:43 2010 Cannot open TUN/TAP dev /dev/tap0: No such file or directory (errno=2)
Tue Oct 26 17:47:43 2010 Exiting
Before I approach the vserver hosting company, which are generally a bit stubborn to change their configs, I would like to ask you OpenVPN experts this:# tunctl -t tap0
Failed to open '/dev/net/tun' : Permission denied
There is no communication between the clients and the server or the server's network. Only the connected clients communicate with each other in this "VPN bubble".
Is it possible to run OpenVPN "with --server and yet set --dev null" so to speak, so that all traffic is only flowing inside OpenVPN, thereby eliminating the tun/tap device dependency/requirement?
The current server startup script, if needed:
openvpn \
--dev tap0 \
--server 192.168.2.0 255.255.255.0 \
--tls-server \
--dh dh-4096-g5.pem \
--ca /usr/lib/ssl/misc/demoCA/cacert.pem \
--cert /usr/lib/ssl/misc/demoCA/certs/home.pem \
--key /usr/lib/ssl/misc/demoCA/private/home.pem \
--ifconfig-pool-persist /var/local/openvpn-ifconfig-pool-persist \
--keepalive 30 120 \
--reneg-sec 0 \
--float \
--comp-lzo \
--cipher AES-256-CBC \
--verb 1 \
--client-to-client \
--client-cert-not-required \
--username-as-common-name \
--auth-user-pass-verify /usr/lib/ssl/misc/demoCA/auth-viafile.pl via-file \
--script-security 2
Thanks in advance,
Fireball