The TunTap documentation on the vtun site points out that the driver is only supported till Linux kernel 2.4. Is there any way to get it to run on 2.6 and 3.2 versions of Linux?
A cat on the device shows:
# cat /dev/net/tun
cat: File descriptor in bad state
I tried installing directly from the rpm file to see how far I could go and got:
# rpm -i tun-1.1-6.rh71.i386.rpm
error: Failed dependencies:
/bin/sh is needed by tun-1.1-6.i386
Is there any way I can get this to work on linux 2.6+ or are there any good alternatives to tuntap that you are aware of?
The tuntap documentation is outdated. Also, in newer versions of linux, you might need to use
tunctl
instead of
ip tuntap add
To install tunctl on debian Squeeze, install the package 'uml-utilities' which provides the tunctl command. You can add a new tunnel using
tunctl -t tun1
Use the below script to create it automatically, just copy the contents in to a file.sh, change the "ETHOIPADDR" to your ip address, similarly also the change the gateway and broadcast address and run the script with sudo permission.
#!/bin/sh
#
# script to bring up the tun device in QEMU in bridged mode
# first parameter is name of tap device (e.g. tap0)
#
# some constants specific to the local host - change to suit your host
#
ETH0IPADDR=192.168.0.3
GATEWAY=192.168.0.1
BROADCAST=192.168.0.255
#
# First take eth0 down, then bring it up with IP address 0.0.0.0
#
/sbin/ifdown eth0
/sbin/ifconfig eth0 0.0.0.0 promisc up
#
# Bring up the tap device (name specified as first argument, by QEMU)
#
/usr/sbin/openvpn --mktun --dev $1 --user `id -un`
/sbin/ifconfig $1 0.0.0.0 promisc up
#
# create the bridge between eth0 and the tap device
#
/usr/sbin/brctl addbr br0
/usr/sbin/brctl addif br0 eth0
/usr/sbin/brctl addif br0 $1
#
# only a single bridge so loops are not possible, turn off spanning tree protocol
#
/usr/sbin/brctl stp br0 off
#
# Bring up the bridge with ETH0IPADDR and add the default route
#
/sbin/ifconfig br0 $ETH0IPADDR netmask 255.255.255.0 broadcast $BROADCAST
/sbin/route add default gw $GATEWAY
#
# stop firewall - comment this out if you don't use Firestarter
#
/sbin/service firestarter stop
Related
I need to create a hotspot setup using hostapd for EAP-SIM,EAP-AKA and EAP-AKA' and test it with wpa_supplicant.
Currently I am able to use hostapd for WPA-PSK authentication, hostapd2.4 is used for this setup.I have modified the hostapd.conf for supporting hotspot but when I try to connect , the network will be always in scanning state and won't connect. The necessary parameters for HS20 in wpa_supplicant is also enabled.
The following are the supplicant parameters,
build configuration:
CONFIG_INTERWORKING=y
CONFIG_HS20=y
wpa_supplicant configuration:
Enable Interworking
interworking=1
Enable Hotspot 2.0
hs20=1
auto_interworking=1
Also have specified a credentials block which takes necessary parameters for authentication with hostapd.
Using wpa_supplicantv2.5.I also have a dhcp server running for assigning IP address and also a milenage db running for EAP-SIM,EAP-AKA and EAP-AKA' authentication.
Can anyone suggest what are the necessary basic setup for enabling hotspot in hostapd?
Step 1 :
iw list Check AP is listed
Step 2 :
sudo vim hostapd.conf
-------------------------- interface=wlan0 driver=nl80211 ssid=ath9k_SSID #SSID hw_mode=g channel=1 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=3 wpa_passphrase=12345678
#password wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP CCMP rsn_pairwise=CCMP
#comment last 4 lines for Open
Step 3 :
sudo vim /etc/dhcp/dhcpd.conf
-------------------------- default-lease-time 600; max-lease-time 7200; subnet 192.168.1.0 netmask 255.255.255.0 { range
192.168.1.170 192.168.1.200; option routers 192.168.1.254; option domain-name-servers 192.168.1.1, 192.168.1.2; option domain-name "mydomain.example"; }
Step 4 :
sudo vim /etc/network/interfaces
-------------------------- auto wlan0 iface wlan0 inet static address 192.168.1.250 netmask 255.255.255.0
Step 5 :
sudo /etc/init.d/isc-dhcp-server stop sudo service network-manager stop sudo killall wpa_supplicant ps -N | grep -i hostapd # make sure there are no hostapd/wpa_supplicant processes are running
Step 6 :
Remove ethernet cable sudo ifconfig wlan0 192.168.1.169 netmask
255.255.255.0 sudo /etc/init.d/isc-dhcp-server restart => to set IP for STA sudo ./hostapd ./hostapd.conf -dddt Step 7: Connect from another device. Should be able to see the IP assigned.
I found most of the configuration is for giving static or private network. But I want it to act as a different machine so it will get a separate IP address from the DHCP and I want to do it through nmcli.
Thanks in advance.
If you are using docker as tagged, rather than LXC, use pipework to map the wlan interface from the host to the container
pipework eth2 $CONTAINERID 10.10.9.9/24
or alternatively let the container do the dhcp negotiation for you
pipework eth1 $CONTAINERID dhclient
This setup is based on a macvlan interface so the same concept should work with LXC you just won't get the easy front end.
I'm confused if this is a docker question or an LXC question.
EDIT: as per the comments, wlan interface support in a bridge depends on the wlan vendor. It may work, or it may not work at all.
In any case, you should be able to create a bridge, add your wlan0 interface to the bridge, and then have your LXC container connect to this bridge directly. Then, when you run your DHCP client in the container, it will grab it from the wlan0 interface.
Configure bridge (manually for now)
# ifconfig wlan0 up
# brctl addbr br0
# brctl addif br0 wlan0
# ifconfig br0 up
# dhclient br0
Configure LXC configuration
If using traditional priviliged LXC, edit the container's config file at /var/lib/lxc/$NAME/config,
and update this value to point to your new bridge.
lxc.network.link = br0
Run DHCP in container
# lxc-attach -n $NAME
# dhclient eth0
# ip a
If the output to ip a shows the desired IP, you're all set!
If you want to make the configuration persistent, you'll have to add the bridge to your /etc/network/interfaces file.
IEEE 802.11 doesn’t like multiple MAC addresses on a single client, so bridge and macvlans are not the right solution here.
Use ipvlan in L2 mode.
When I create my container, I want to set a specific container's IP address in the same LAN.
Is that possible? If not, after the creation can I edit the DHCP IP address?
Considering the conclusion of the (now old October 2013) article "How to configure Docker to start containers on a specific IP address range", this doesn't seem to be possible (or at least "done automatically for you by Docker") yet.
Update Nov 2015: a similar problem is discussed in docker/machine issue 1709, which include the recent workaround (Nov 2015)proposed by Tobias Munk (schmunk42) for docker machine
(for container see the next section):
A workaround for some use-cases could be to create machines like so:
192.168.98.100
docker-machine create -d virtualbox --virtualbox-hostonly-cidr "192.168.98.1/24" m98
192.168.97.100
docker-machine create -d virtualbox --virtualbox-hostonly-cidr "192.168.97.1/24" m97
192.168.96.100
docker-machine create -d virtualbox --virtualbox-hostonly-cidr "192.168.96.1/24" m96
If there's no other machine with the same cidr (Classless Inter-Domain Routing), the machine should always get the .100 IP upon start.
Another workaround:
(see my script in "How do I create a docker machine with a specific URL using docker-machine and VirtualBox?")
My virtualbox has dhcp range 192.168.99.100 - 255 and I want to set an IP before 100.
I've found a simple trick to set a static IP: after create a machine I run this command and restart the machine:
echo "ifconfig eth1 192.168.99.50 netmask 255.255.255.0 broadcast 192.168.99.255 up" \
| docker-machine ssh prova-discovery sudo tee /var/lib/boot2docker/bootsync.sh > /dev/null
This command create a file bootsync.sh that is searched by boot2docker startup scripts and executed.
Now during machine boot the command is executed and set static IP.
docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM
test-1 - virtualbox Running tcp://192.168.99.50:2376 test-1 (mast
Michele Tedeschi (micheletedeschi) adds
I've updated the commands with:
echo "kill `more /var/run/udhcpc.eth1.pid`\nifconfig eth1 192.168.99.50 netmask 255.255.255.0 broadcast 192.168.99.255 up" | docker-machine ssh prova-discovery sudo tee /var/lib/boot2docker/bootsync.sh > /dev/null
then run command (only the first time)
docker-machine regenerate-certs prova-discovery
now the IP will not be changed by the DHCP
(replace prova-discovery by the name of your docker-machine)
April 2015:
The article mentions the possibility to create your own bridge (but that doesn't assign one of those IP addresses to a container though):
create your own bridge, configure it with a fixed address, tell Docker to use it. Done.
If you do it manually, it will look like this (on Ubuntu):
stop docker
ip link add br0 type bridge
ip addr add 172.30.1.1/20 dev br0
ip link set br0 up
docker -d -b br0
To assign a static IP within the range of an existing bridge IP range, you can try "How can I set a static IP address in a Docker container?", using a static script which creates the bridge and a pair of peer interfaces.
Update July 2015:
The idea mention above is also detailed in "How can I set a static IP address in a Docker container?" using:
Building your own bridge
The result should be that the Docker server starts successfully and is now prepared to bind containers to the new bridge.
After pausing to verify the bridge’s configuration, try creating a container — you will see that its IP address is in your new IP address range, which Docker will have auto-detected.
you can use the brctl show command to see Docker add and remove interfaces from the bridge as you start and stop containers, and can run ip addr and ip route inside a container to see that it has been given an address in the bridge’s IP address range and has been told to use the Docker host’s IP address on the bridge as its default gateway to the rest of the Internet.
Start docker with: -b=br0 (that is also what the echo 'DOCKER_OPTS="-b=bridge0"' >> /etc/default/docker can set for you by default)
Use pipework (192.168.1.1 below being the default gateway ip address):
pipework br0 container-name 192.168.1.10/24#192.168.1.1
Is it possible to connect multiple Dockers (in my case, multiple instances of the same docker) each to different bridge in a single host machine?
3rd party solutions like pipework recommends first looking for "native" ways.
Something like that:
When I start 2 instance, the 1st use by default docker0 bridge, while the 2nd is instructed to use br1 (different IP range) :
sudo docker run -t -i me/tester:latest /bin/bash
sudo docker --bridge=br1 run -t -i me/tester:latest /bin/bash
results in both having the same IP range from Doker0:
root#2a259a88d9c8:/# ip a
...
73: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 86:d7:cc:c8:b7:e8 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.32/16 scope global eth0
--
root#0b849a5398af:/# ip a
...
79: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 26:84:ad:6c:70:6b brd ff:ff:ff:ff:ff:ff
inet 172.17.0.34/16 scope global eth0
valid_lft forever preferred_lft forever
This is how it is done using the new native docker networking:
Create docker networks (linux bridges) with a predefined subnets
docker network create --subnet=192.168.10.0/24 net1
docker network create --subnet=192.168.20.0/24 net2
docker network create --subnet=192.168.30.0/24 net3
The created networks correspond to linux bridges
brctl show
Create tap interfaces
sudo ip tuntap add dev tap1 mode tap
sudo ip tuntap add dev tap2 mode tap
sudo ip tuntap add dev tap3 mode tap
and join them to the bridges
sudo brctl addif br-a24f2eb2e054 tap1
sudo brctl addif br-d28c0759c37a tap2
sudo brctl addif br-d9512f62e471 tap3
starting your containers
sudo docker run -itd --name=c1 phusion/baseimage
sudo docker run -itd --name=c2 phusion/baseimage
sudo docker run -itd --name=c3 phusion/baseimage
Connecting containers to network
docker network connect net1 c1
docker network connect net2 c2
docker network connect net3 c3
Verify that each container is connected to its network
docker network inspect net1
docker network inspect net2
docker network inspect net3
Connected containers get their ip from their corresponding network subnets
docker exec c1 ip a s eth1
docker exec c2 ip a s eth1
docker exec c3 ip a s eth1
Disconnecting containers from networks
docker network disconnect net1 c1
docker network disconnect net2 c2
docker network disconnect net3 c3
Remove the networks
docker network rm net1
docker network rm net2
docker network rm net3
You can create custom bridges and then run each container with the option -b <BRIDGE> or --bridge=<BRIDGE>, but I have not try this and I wouldn't be absolutely sure that this approach works without any issue. If you read this Docker issue, I think the suggest it is not possible this way.
But as commented in that issue, you can disable any docker network management (running the container with the option --net=none, and then organize the network as you wish using pipework.
Finally you can take a look of zettio/weave. Using it you can run easily each container in the network you wish, and also it gives you a lot of possibilities if you want to expand your docker environment from one to various machines (as docker swarm does).
I'm creating a simple p2p application. To test this I'd like to be able to simulate a simple network of about 2-3 computers, such that each instance of the application thinks its on a different computer and talking with others over the network. I considered qemu, but haven't managed to get networking working using VDE or TUN/TAP. is their any other solution?
You might have better luck using VMs running on something like Virtual PC (Sun's Virtual Box is another good alternative).
Here are example using vde and qemu. Not require to configure firewall/routing. Much more simple to setup. Do not need root privilege to run qemu. Easy to use. Tested and working.
# brctl addbr br0
# brctl addif br0 eth0
# dhclient br0
# vde_tunctl -u testuser -t tap0
# ifconfig tap0 up
# brctl addif br0 tap0
# brctl setfd br0 0
$ vde_switch -d -s /tmp/vde0 -M /tmp/vde0mgmt
$ vde_plug2tap -d -s /tmp/vde0 tap0
$ vdeqemu -hda testdisk1.qcow2 ... -net nic,macaddr=... -net vde,sock=/tmp/vde0
$ vdeqemu -hda testdisk2.qcow2 ... -net nic,macaddr=... -net vde,sock=/tmp/vde0
You might refer to simple diagram at
http://selamatpagicikgu.wordpress.com/2011/06/08/quickhowto-qemu-networking-using-vde-tuntap-and-bridge/
I recently set up a small network using VirtualBox and VDE on my laptop that cannot reach the internet. VirtualBox 4.0.6 natively integrates with VDE. Setting up VDE should be as simple as starting your switch:
vde_switch -s /tmp/switch1
Then, selecting "VDE Adapter" as your network adapter for each of your VMs and specifying the name of your adapter as the following will connect all of your VMs to the same switch so they can communicate:
/tmp/switch1
Alternatively (and more simply), you could just choose "Internal Network" as your network adapter and specify the same name for the network in each of your VMs to connect them all together in VBox.