Sending Packets to tap0 interface

Question

I've been trying to send packets to a tap interface using python. I'm monitoring the tap interface using wireshark and no packets are being received. I'm doing this as an exercise mainly to help my understanding of vpns, ethernet bridging and socket programming in python.

My System Setup is as follows:

Ubuntu Desktop 11.10
Python 2.7
eth0 ip: 192.168.1.6
tap0 ip: 10.0.0.1

I first setup the tap as follows:

sudo openvpn --mktun --dev tap0
sudo ifconfig tap0 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255 promisc up

This starts the tap0 interface and creates a kernel routing rule to 10.0.0.1/24 via tap0.

Here is the route table:

$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0        *               255.255.255.0   U     0      0        0 tap0
192.168.1.6     *               255.255.255.0   U     1      0        0 eth0
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0

Next I start python interactive and create a simple UDP socket.

import socket
s = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
s.sendto('helloworld',('10.0.0.2',12345))

I run the sendto command with Wireshark monitoring on tap0. Now, there is no host at 10.0.0.2 on my network, but I should at least see some outgoing traffic on the tap0 interface. I have replicated this in windows and it seems to work ok.

I can only think that the problem lies somewhere in the setup of the tap0 interface under linux. That or my mediocre understanding of this stuff.

Thanks

Answer 1

The tap is meant for bridged tunneling under OpenVPN - you're supposed to junction it into a bridge such as br0 using brctl.

The idea is you can put tap0 and eth0, for example, into a bridge br0 - then broadcast traffic traverses across this bridge. (Broadcast traffic coming in from tap0 will be forwarded to eth0 and vice versa whereas in a routed, standard situation it would not.) Your OpenVPN tunnel via tap0 is then "switched" into eth0 instead of "routed" into it. The entire br0 gets an IP and you deal with br0 instead of eth0 or tap0.

Completely possible to have a bridge with only one interface and add/remove additional interfaces with brctl as needed.

So either put tap0 into a bridge and deal with the bridge interface instead, or use tun interfaces.

It's also possible iptables rules are interfering.

Update - look here: http://backreference.org/2010/03/26/tuntap-interface-tutorial/ - particularly this excerpt:

The difference between a tap interface and a tun interface is that a tap interface outputs (and must be given) full ethernet frames, while a tun interface outputs (and must be given) raw IP packets (and no ethernet headers are added by the kernel). Whether an interface functions like a tun interface or like a tap interface is specified with a flag when the interface is created.

So looks like if you don't send full ethernet frames to tap0 it won't work as your expect because of this above.