- Having/Creating a TUN/TAP device
Virtual machine software may use an available TAP-compatible tunneling device. This section is about ensuring that such a device exists, by verifying such a device is available and creating such a device if the system doesn't yet have one.
Some specific inforamtion is below, some of which came from Qemu User Documentation: section on using TAP which has sections about using TAP with operating systems that are officially supported by Qemu.
- In OpenBSD
This information is rather OpenBSD specific: There is some documentation that is maintained by the maintainers of the OpenBSD port of Qemu. This documentation may be specific to the OpenBSD operating system, and may be worthwhile to review. With OpenBSD 4.9's qemu-0.13.0p1, this document was in a file at“/usr/local/share/doc/pkg-readmes/qemu-
*”. In order versions, this content was in the /usr/local/share/doc/qemu/README.OpenBSD file. Both of those paths might not exist before Qemu is installed. The file is available online at online copy of README.OpenBSD.
The OpenBSD-specific documentation about networking does refer to “/dev/tun”, and indeed OpenBSD implements TAP devices by using the TUN devices. (Whether this is fully compliant to the TAP standard or not is not noted here, but following these instructions does create a device which is compliant enough with TAP that Qemu for OpenBSD works with it.)
- Identifying/making an unused TUN device
First, one needs an unused TUN device. To see what TUN devices currently exist, use:
To see which of those devices are being used, run:
If an additional TUN device needs to be created, use
. (Older versions of OpenBSD had limits and might require making a kernel modification as noted by this old guide, or another old guide: also OpenBSD 3.9 involved a fix related to creating tun devices.) (If more than 4 tun devices total are desired, Claudio's forum post about the limit states that modifying the kernel is no longer needed. Using
to make a tun device on OpenBSD may be useful.) To make a tun device, run the
command but first make sure that it is being run from the
/dev/directory. For example, to add
tun4, perform the following:
- Switching to layer 2 tunneling mode
Once an available TUN device has been identified, TAP compatibility (compatible enough for at least Qemu to work) is accomplished by switching the TUN device to “layer 2 mode”/“layer 2 tunneling mode”, which the OpenBSD man page for the “tun” driver says can be entered by using the
link0flag (which is one of the parameters supported by OpenBSD ifconfig). For example, if
tunis being used, placing the following as line in
file would work:
That will set the device to layer two tunnel forwarding mode, and will have the device be brought up if/when it has an IP (IPv6 and/or IPv4) address. Setting the IP address and prefix length (subnet netmask) can be done on other command lines.
It is not sufficient to just put that information into a script file: the script file also needs to be run. That will happen when
is run, which will happen as part of the process that occurs whenever the operating system is (re-)started. Running
with no parameters will (re-)initialize all of the devices that have a corresponding /etc/hostname.
*file. For now, after the text file was just made for this “tun” device, go ahead and re-initialize just that one specific network device. If the newly created file is /etc/hostname.tun0 then run:
- Misc Qemu-specific info
Such devices are used with a syntax such as “
,ifname=”. However, Qemu User Documentation (which is available for the installed version of qemu in a file called qemu-doc which may be under /usr/local/share/doc/qemu/ depending on where the operating system stores local versions of such files) uses an example of “
,ifname=”. This is simply because the qemu documentation file qemu-doc.html isn't customized for OpenBSD, and so the example documents use the Linux syntax.
- Using operating systems that use the Linux kernel
Qemu TAP documentation: subsection about TAP in Linux notes that the
“must be present”. If this filename is not present, that likely indicates that the host kernel does not support TAP network interfaces, and so such support needs to be added.
(This guide does not currently have details about how to add such support, if needed. So, currently that may end up being a research project, if required. (Possible update: making/having TUN/TAP))
Ubuntu: KVN Networking has stated, “Since the release of kernel 2.6.18 in Sep 2006, the CAP_NET_ADMIN capability is required to use TUN/TAP networking”. Instructions are provided, using a package called “libcap2-bin”.
- In Windows
Qemu User Documentation about TAP: section for Windows Windows (which is within the Qemu User Documentation: section on using TAP) recommends using TAP-Win32 which is part of OpenVPN.Net's OpenVPN package.
Kazu's documentation on using TAP in Qemu for Windows seems to agree, and notes that “Windows 98/Me are not supported.” (Perhaps this means that even though Qemu exists for Win9x (or did with the older versions of Kazu's site), networking was never supported by that Qemu software in that environment.)
- Other operating systems
- Some of the documentation about using TAP devices came from Qemu documentation: section on “Using TAP network interfaces”. It seems plausible that documentation may end up getting information added about additional environments.