TAP driver for Solaris used for OpenVPN
and any other virtual network solution.

This is a TAP driver for Solaris that can be used for OpenVPN, OpenConnect, vpnc
The code is based on Universal TUN/TAP driver. I made changes somewhat and added some code to it for supporting Ethernet tunneling feature, since Universal TUN/TAP driver for Solaris only supports IP tunneling known as TUN.

Since there has not been TAP driver for Solaris, OpenVPN does not have code for handling a TAP device for Solaris. So I also modified OpenVPN code somewhat, and made it work with this TAP driver.
OpenVPN patch has been merged into OpenVPN 2.2.0.(2011.04.28).

Also, I wrote bridge moduel for Solaris, so that you can configure Solaris as bridge server.

• TAP Driver
  
• Patch for OpenVPN
  
• Bridge Module
  
• tunctl command for Solaris
  
  
• Tested Solaris Version
  
• Change Log
  

• tuntap.tar.gz (Last Update: 17th Jul 2012)
• Source

  After extracting tuntap.tar.gz file, run './configure', 'make', and 'make install' as usual.
  Both 'tun' and 'tap' driver will be built and installed on your system. You can access these devices through /dev/tun and /dev/tap.
  
  

• tun.c
  
  

  OpenVPN Version	Modified file	patch(diff -u ouputs)	Last Update
  2.0.7, 2.0.9	tun.c.2.0.9	patch.openvpn-2.0.9.tun.c	20th May 2009
  2.1.1	tun.c.2.1.1	patch.openvpn-2.1.1.tun.c	29th Apr 2010
  2.1.3	tun.c.2.1.3	patch.openvpn-2.1.3.tun.c	31th Aug 2010
  2.2.0 -	n/a	n/a

  
  
• How to apply
  
  
  • By replacing file
    Put tun.c on the directory where you extracted source code of OpenVPN, and swap existing tun.c file for it.
    Please note that you should rename tun.c.<version> to tun.c file.
    
  • By patch(1) command
    If you want to apply patch(1), put patch.openvpn-xxx.tun.c on the directory where you extracted source code of OpenVPN, and run patch(1) command like as below.
    

      $ patch -p1 < patch.openvpn-xxxx.tun.c
        

  NOTE: Please download appropriate file which correspond to the version of OpenVPN.
  Otherwise, you'll get an error while building a openvpn binary.

• bridge.tar.gz (Last Update: 14 Dec 2009)
• Source

  After extracting bridge.tar.gz file, run './configure', 'make', and 'make install'. 'brdg' and brdgadm will be built and installed on your system.
  Where 'brdg' is a STREAMS module which enables briging 2 interfaces. And where 'brdgadm' is a configuration command to add/delete bridge interfaces.

  Usage: brdgadm [ -a interface | -d interface]
  Options:
     -a interface   : Add interface as port
     -d interface   : Delete interface from port list
     -l             : List all interfaces in port list
  

  See following sample configuration.

  Network configuration

  
  HostB is a router which is connected to 2 networks. By installing TAP and OpenVPN on HostB and HostC, I try to join HostC to Network1 through OpenVPN.
  1. On HostB, install TAP driver and OpenVPN, and then configure it as bridging server using server-bridge option.

     -------------
     dev tap
     proto tcp-server
     server-bridge 10.0.0.90 255.0.0.0 10.0.0.10 10.0.0.30
     client-to-client
     ca /etc/openvpn/keys/ca.crt
     cert /etc/openvpn/keys/u1.crt
     key /etc/openvpn/keys/u1.key  # This file should be kept secret
     dh /etc/openvpn/keys/dh1024.pem
     --------------
     

     Then, run openvpn
  2. On HostB, make and install bridge module.
     1. Extrace bridge.tar.gz

           # gunzip -c bridge.tar.gz | tar xvf -
          

     2. Make bridge moduel(brdg) and control command(brdgadm)

           # ./configure
           # make
           # make install
          

  3. On HostB, setting up bridge.

        # /usr/local/bin/brdgadm -a tap0
        # /usr/local/bin/brdgadm -a hme1
       

     where hme1 is a network interface connected with Network1. As a result, tap0 and hme1 is bridged. At this time, ifconfig looks like as below.

       hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
            inet 172.29.73.90 netmask ffffff00 broadcast 172.29.73.255
            ether 8:0:20:91:a6:90
       hme1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
            inet 10.0.0.90 netmask ff000000 broadcast 10.255.255.255
             ether 8:0:20:91:a6:90
       tap0: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 5
            inet 0.0.0.0 netmask 0
            ether a:0:20:14:32:52
       

  4. On HostC, install TAP driver and openvpn, and configure it as a client.

     ------------
     remote HostB
     proto tcp-client
     dev tap
     client
     persist-tun
     ca /etc/openvpn/keys/ca.crt
     cert /etc/openvpn/keys/onnv01.crt
     key /etc/openvpn/keys/onnv01.key
     -----------
        

     Then, run openvpn. At this time, ifconfig on HostC looks like as below.

        hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
             inet 172.29.73.55 netmask ffffff00 broadcast 172.29.73.255
             ether 8:0:20:c6:69:c7
        tap0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
             inet 10.0.0.10 netmask ff000000 broadcast 10.255.255.255
             ether a:0:20:53:71:52
        

  Now, HostC joins Network1 via tap0 interface through openvpn.

  But, please note that there's some limitation.. HostC can't communicate with HostB using a bridged IP address on HostB. I mean, ping 10.0.0.90 on HostC won't work.

  

  1. Ethernet packet from OpenVPN headed to HostB is passed to TAP driver.
  2. TAP driver forwards packet to bridge module.
  3. Bridge module forwards packet to hme driver as RAW data.
  4. hme driver transfer the packet to the wire, but never forward it to IP module.

  Of course, HostC can communicate with all the other hosts on Network1, but.. it can't communicate with bridged IP address of bridge server.

  One more note. Once openvpn running on HostB is terminated, bridge setting will be invalidated. So, after executing 2nd openvpn on HostB, you need to re-setup the bridge again.

  First, you need to drop existing settings.

     # /usr/local/bin/brdgadm -d hme1
     # /usr/local/bin/brdgadm -d tap0
    

  Then, re-setup bridge.

     # /usr/local/bin/brdgadm -a hme1
     # /usr/local/bin/brdgadm -a tap0 
    

• tunctl.tar.gz (v0.1.0) (Last Update: 27th Nov 2011)
• Source

  This is a Solaris version of tunctl command which was originally written by Jeff Dike.
  The tunctl command enables administrator to preconfigure a TUN/TAP device. This command would be useful for testing, or for those who wants to use tun/tap interface just as a virtual interface.
  
  After extracting tuncntl.tar.gz file, run './configure', 'make', and 'make install'.
  By default, tunctl command is installed in /usr/local/bin
  
  NOTE:
  This Solaris version of tunctl command doesn't support the -u option, which enables administrator to specify an user who can use the interface.
  
  Example)
  Create tap0 interface

     # /usr/local/bin/tunctl -t tap0
     Set 'tap0' persistent
     #
  

  Delete tap0 interface

     # /usr/local/bin/tunctl -d tap0
     #
  

• 32 bit Solaris 9 on x86.
• 32 bit Solaris 9 on sparc.
• 64 bit Solaris 9 on sparc.
• 32 bit Solaris 10 on x86.
• 64 bit Solaris 10 on sparc.
• 64 bit Solaris 10 on x64.
• 32 bit OpenSolaris snv_101b on x86.
• 64 bit OpenSolaris snv_101b on sparc.
• 64 bit OpenSolaris snv_101b on x64.
• 32 bit Solaris 11 Express on x86.
• 32 bit OpenIndiana oi_148 on x86.
• 64 bit Solaris 11 Early Adoper svn_173 on x64.
• 64 bit Solaris 11 on x64.
• 64 bit Solaris 11 on sparc.

• 05/08/2006
  
  • Modified tun_unitdata_req() to work on x86 Solaris 9
• 05/12/2006
  
  • Added tun_generate_mac_addr() to generate MAC address for tap device.
• 10/09/2006
  
  • Confirmed that the driver was able to work with OpenVPN 2.0.9.
    And also confirmed that tun.c file included in OpenVPN 2.0.9 has not been changed.
    So the above tun.c file can be compiled with OpenVPN 2.0.9 as well.
• 11/05/2006
  
  • In tun_ioctl() of tap driver, reverted to original TUN/TAP driver's code which retrieves ppa from user program.
  • In open_tun() of openvpn, changed it to use I_STR ioctl command to pass ppa to tap driver.
    This will allow openvpn to specify instance number using 'dev' option, like "dev tap7".
• 01/03/2007
  
  • Added comments about bridge module.
• 02/21/2007
  
  • Modified brdgadm.c file to make it to be able to handle e1000g.
  • Modified brdgadm.c file to make it to be able to handle instance number
  • Modified configure script of both bridge module and tun/tap driver to be able to build modules on x64 Solaris.
• 03/22/2007
  
  • Removed unnecessary debug code from brdgadm.c.
• 06/25/2007
  
  • Added "-mno-red-zone" compile option for amd64.
• 09/24/2007
  
  • Modified Makefile.in for brdgadm command, so that it allows to specify installation directory by --prefix option of configure script.
• 12/07/2008
  
  • Modified tun.c file of OpenVPN file to make it be able to be compiled with openvpn 2.1.
• 04/30/2009
  
  • Modified Makefile.in and configure.in script to check whether ld is GNU ld or Solaris bundled ld command.
  • Modified configure.in script to be able to build 32bit module on 64bit environment using --disable-64bit.
  • Modified Makefile.in to be able to specify target directory using DESTDIR macro.
• 05/20/2009
  
  • Modified configure.in and changed the way of checking GNU ld because latest OpenSolaris ld has --version option.
  • Modified openvpn patch file(tun.c) and make openvpn commnad won't fail because of failure of I_POP ioctl command.
• 06/07/2009
  
  • Modified configure.in, Makefile.in and make it be able to build using Sun Studio Compiler.(Tested on Sun Studio 12)
• 09/14/2009
  
  • Added -xmodel=kernel option for Sun Studio compiler on amd64 platform.
    (Formerly loading the driver failed with relocation error)
• 11/16/2009
  
  • Added ipv6 support to tun driver as required by OpenConnect VPN Client
    
• 11/18/2009
  
  • Modified tun.c of OpenVPN 2.1_rc21 and set ipv6_explicitly_supported to true for Solaris.
    
• 12/14/2009
  
  • Added -xmodel=kernel option to configure script of bridge module for Sun Studio compiler on amd64 platform.
• 04/29/2010
  
  • Merged chages on tun.c of OpenVPN 2.1.1.
    
• 08/31/2010
  
  • Merged chages on tun.c of OpenVPN 2.1.3.
    
• 09/17/2010
  
  • Moved all download files to github repository.
• 04/29/2011
  
  • Tested on Oracle Solaris 11 Express and OpenIndiana 148.
• 06/11/2011
  
  • Set default prefix for tun/tap driver, so that files would be copied to right directory.
• 09/19/2011
  
  • brdgadm: replaced strncpy with strlcpy.
• 10/23/2011
  
  • tuntap: Changed tun.c configure.in to be able to build on Solaris 11 EA (snv_173).
    Because snv_173 doesn't have ddi_power kernel function and DDI_PM_SUSPEND macro.
• 11/16/2011
  
  • tuntap: Changed configure.in to use uname -r for version checking instead of uname -v.
• 11/27/2011
  
  • tunctl: Stopped using text file to store muxid, instead store muxid to ip module by SIOCSLIFMUXID ioctl command.
• 12/06/2011
  
  • tuntap: Modified configure scrip to use -mcmodel=large for gcc-45. This enable driver compiled by gcc-45 to be loaded to the system without err(e.g relocation error: R_AMD64_32)
• 07/17/2012
  
  • tuntap: Improved throughput perfomance by increasing q_hiwat of read side stream head queue.
    
• 07/07/2013
  
  • tuntap: Changed option for GNU ld, from elf_x86_64 to elf_x86_64_sol2
  • tuntap: Added test script
• 12/14/2014
  
  • tunctl: Fixed to make tunctl bring tap interface up.

  ---

  
  I wrote this just for fun. Since this has not been tested well, please DON'T install this on production system. Use this at your own risk.
  But your advice or comment would be appreciated.

  ---
  Kazuyoshi Aizawa <admin2@whiteboard.ne.jp>
  28th Apr 2006 ---
  This page and illustrations above were downloaded for packaging from http://www.whiteboard.ne.jp/~admin2/tuntap/ on 19th Nov 2016 and mildly modified (removed ad scripts and added this footer).

  ---