OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Openvpn Routed (tun) on KVM-based Linux VPS

https://forums.openvpn.net/viewtopic.php?t=20709

Page 1 of 1

Openvpn Routed (tun) on KVM-based Linux VPS

Posted: Sun Jan 10, 2016 1:34 am
by daveinlv
I recently moved my mailserver from an OpenVZ-based Linux vps to a KVM-based one. Other than the OpenVZ vps forgetting it had the tun interface periodically, OpenVPN worked fine there. After moving everything over to the KVM-based vps, I find I have no tun interface, and when I start/restart OpenVPN, I see absolutely no errors in /var/log/syslog, but I'm unable to ping anything on the backup server's network, and there is no tun0 showing in ifconfig. I changed nothing in the OpenVPN server configuration, just moved it and the cert/key from the old OpenVZ server to the new KVM one.. As I use an OpenVPN tunnel to my backup server, its kind of imperative I get this working. I contacted the vps vendor support and they tried to tell me that KVM-based virtualization doesn't support tun/tap interfaces, however Google seems to disagree with them.. I find a lot of links that kind of skirt around getting OpenVPN to work routed on a KVM-based vps, but nothing that points to the fact that I can tail /var/log/syslog, start or restart OpenVPN, see all of the usual stuff (below)

Code: Select all

Jan  9 17:33:25 mail ovpn-mailsrv[7514]: OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Jan  9 17:33:25 mail ovpn-mailsrv[7514]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan  9 17:33:25 mail ovpn-mailsrv[7515]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Jan  9 17:33:25 mail ovpn-mailsrv[7515]: UDPv4 link local (bound): [undef]
Jan  9 17:33:25 mail ovpn-mailsrv[7515]: UDPv4 link remote: [AF_INET]XX.XXX.XXX.XX:1194
Generally on OpenVZ-based vps, when the tun interface was unconfigured, I'd see an error that pretty much pointed to that issue and
a quick ticket to the vps support got them to do their magic on the host and all was good again... Apparently KVM is different...

Help, please!!

Thanks
Dave

Re: Openvpn Routed (tun) on KVM-based Linux VPS

Posted: Sun Jan 10, 2016 1:19 pm
by Traffic
daveinlv wrote:I contacted the vps vendor support and they tried to tell me that KVM-based virtualization doesn't support tun/tap interfaces
Perhaps they mean: "They do not support TUN/TAP in their KVM configuration" ..

As far as I know, KVM does support TUN/TAP. It is in fact required for certain bridge network configurations and is installed and configured using openvpn .. For example https://en.wikibooks.org/wiki/QEMU/Networking (See the up/down scripts). Notice however, these scripts are run in the HOST OS not the KVM client.

Re: Openvpn Routed (tun) on KVM-based Linux VPS

Posted: Mon Jan 11, 2016 4:49 pm
by daveinlv
Thanks for the replies.. I've scouted google quite a bit on this, as I moved this guest to KVM (its a mailsever) from its previous OpenVZ host as I was getting frequent problems and it was suggested to move to a KVM-based vps. I found via google that if you "cat /dev/net/tun" and get "File descriptor in bad state", it means that tun/tap is active.. Seems that if it was simply a matter of the vps vendor not supporting tun/tap in their KVM implementation, I wouldn't be getting that.. Next question: WTH *would* they not support it? I can't imagine I'm the only one trying to get OVPN working on one of their vps... Color me puzzled..

Re: Openvpn Routed (tun) on KVM-based Linux VPS

Posted: Mon Jan 11, 2016 8:57 pm
by Traffic
daveinlv wrote:Next question: WTH *would* they not support it?
I guess they do not want their services used for that kind of thing ..
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/