Unfortunately, the Cisco AnyConnect client for Mac conflicts with Pow. And by 'conflicts', I mean it causes a grey-screen-of-death kernel panic anytime you connect to the VPN and Pow is installed.
Here I am documenting how to create TAP interfaces and using them in VirtualBox in OS X. I think in Linux the procedure is somewhat easier. My system is Mac OS X 10.5.6; that shouldn´t matter much. Download and install the TUN/TAP drivers. TAP devices on OS X - how to. By drosenstark » 27. Mar 2009, 01:33. TUN/TAP driver- On either Linux or OS X you will need the TUN/TAP driver. This driver creates two kinds of devices: those that deal with IP packets.
As an alternative, there is OpenConnect, a command-line client for Cisco's AnyConnect SSL VPN.
Here's how to get it set up on Mac OS X:
- OpenConnect can be installed via homebrew:
- Install the Mac OS X TUN/TAP driver
- (Optional) Running openconnect requires sudo, presumably because it affects resolution of DNS. So, I added password-less sudo ability for the openconnect command.
And added this line:
- (Optional) When connecting to your SSL VPN, openconnect may complain about a 'self-signed certificate' being in the chain and force you to explicitly accept it every time. The self-signed cert is actually the root certficate and (hopefully) is one with implicit trust (i.e. trusted by browsers), so we can safely trust it by specifying the CA file after exporting it from KeyChain:
- Determine the name your root certificate (i.e. visit your SSL VPN in Chrome, click the green lock, click 'Certificate Information')
- Open the Keychain Access App
- Search the 'System Roots' keychain to find your root certificate and select it
File
>Export Items...
the certificate as a.pem
file somewhere on your hard drive (I put it in~/.ssh/<certificate name>.pem
- Connect!The only thing you should be prompted for is your VPN password. I added the command to my aliases file.
- To disconnect, just Ctrl-c in the window where you started the VPN connection.
Note
I had an incident after an unclean VPN exit where later the VPN hostname could not be found. I guess the DNS resolver was messed up. I was forced to reboot to fix it so I could reconnect to the VPN.
In computer networking, TUN and TAP are virtual networkkernel interfaces. Being network devices supported entirely in software, they differ from ordinary network devices which are backed up by hardware network adapters.
The Universal TUN/TAP Driver originated in 2000 as a merger of the corresponding drivers in Solaris, Linux and BSD.[1] The driver continues to be maintained as part of the Linux[2] and FreeBSD[3][4] kernels.
Design[edit]
TUN and TAP in the network stack
Though for similar tunneling purposes, only one at a time can be used because TUN and TAP apply to different layers of the network stack. TUN, namely network TUNnel, simulates a network layer device and operates in layer 3 carrying IP packets. TAP, namely network tap, simulates a link layer device and operates in layer 2 carrying Ethernet frames. TUN is used with routing. TAP is used for creating a network bridge.[2]
Packets sent by an operating system via a TUN/TAP device are delivered to a user-space program which attaches itself to the device. A user-space program may also pass packets into a TUN/TAP device. In this case the TUN/TAP device delivers (or 'injects') these packets to the operating-system network stack thus emulating their reception from an external source.[2]
Applications[edit]
- Virtual private networks
- OpenVPN, Ethernet/IP over TCP/UDP; encrypted, compressed
- FreeLAN, open-source, free, multi-platform IPv4, IPv6 and peer-to-peer VPN software over UDP/IP.
- n2n, an open source Layer 2 over Layer 3 VPN application which uses a peer-to-peer architecture for network membership and routing
- Tinc, Ethernet/IPv4/IPv6 over TCP/UDP; encrypted, compressed
- VTun, Ethernet/IP/serial/Unix pipe over TCP; encrypted, compressed, traffic-shaping
- coLinux, Ethernet/IP over TCP/UDP
- Virtual-machine networking
- QEMU/KVM
- Connecting real machines with network simulation
- ns-3[5]
- NAT
- TAYGA, a stateless NAT64 implementation for Linux
Platforms[edit]
Platforms with TUN/TAP drivers include:
- Linux, starting around version 2.1.60 of the Linux kernel mainline
- iOS (tun driver only)
- OS X (native support only for TUN (utun))[6]
- Android[7]
- Windows 2000/XP/Vista/7/8
See also[edit]
References[edit]
- ^'Universal TUN/TAP driver'. VTun project on SourceForge. Retrieved 2019-07-12.
- ^ abc'Universal TUN/TAP device driver'. GitHub mirror of Linux kernel. Retrieved 2019-07-12.
- ^'TUN(4) manual page'. FreeBSD. Retrieved 2019-07-12.
- ^'TAP(4) manual page'. FreeBSD. Retrieved 2019-07-12.
- ^'ns3::TapBridge Class Reference'. nsnam.org. Retrieved 2019-03-28.
- ^Back to My Mac uses an IPv6 tunnel on device utun0.
- ^'de.schaeuffelhut.android.openvpn'. F-Droid. 2013-01-10. Retrieved 2019-03-28.
External links[edit]
Retrieved from 'https://en.wikipedia.org/w/index.php?title=TUN/TAP&oldid=924733211'