OPNsense Forum

English Forums => General Discussion => Topic started by: siga75 on September 14, 2019, 06:46:28 pm

Title: tun interface ignored by OPNsense
Post by: siga75 on September 14, 2019, 06:46:28 pm

Hello all,

this is my first post, I just got my new appliance and playing a bit with it.

I added, via command line a tun interface

/sbin/ifconfig tun2 create

and inserting it in a startup script, then restarted the appliance, I correctly see the interface

root@OPNsense:~ # ifconfig tun2
tun2: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: tun

but in the WUI I can't use it.

What I would like to achieve, even if probably silly, is to have a virtual internal network, not binded to any real nic, and be able to create firewall rules for that subnet. The idea is that I would like to have firewall between applications that run in the server itself.

Thanks for any suggestion :)

EDIT: I am able to see it under VLAN, so I added that tun interface and tagged as ID 100, now I can use it, looks like, but I strongly feel what I am doing is ridicously wrong LOL

Title: Re: tun interface ignored by OPNsense
Post by: mimugmail on September 14, 2019, 07:21:11 pm

You have to rename it via ifconfig

Title: Re: tun interface ignored by OPNsense
Post by: siga75 on September 14, 2019, 08:16:27 pm

thx for your answer, and which name should I set?

Title: Re: tun interface ignored by OPNsense
Post by: mimugmail on September 14, 2019, 11:22:57 pm

How about butterfly12? :)

Title: Re: tun interface ignored by OPNsense
Post by: siga75 on September 15, 2019, 07:45:30 am

LMAO :)

So any name that is not tunX, OK

Let me give a try

Thanks

Title: Re: tun interface ignored by OPNsense
Post by: siga75 on September 15, 2019, 08:05:22 am

YAY XD

works like a charm :)

Thanks again

Title: Re: tun interface ignored by OPNsense
Post by: mimugmail on September 15, 2019, 08:11:27 am

But you need to check if it survives a reboot to make if safe :)

Title: Re: tun interface ignored by OPNsense
Post by: siga75 on September 15, 2019, 09:35:22 am

damn...

tun device is created at startup, but too late I guess. I am a unix admin (Solaris, AIX, RHEL) but never worked with BSD, so I didn't want to read how sysinit works, but I understood is really simple and solid, with no runlevels and inittab

I just edited /usr/local/etc/rc for a test, then I will find a more elegant and appropriate way to do it

root@OPNsense:~ # grep -C 10 inthaproxy0 /usr/local/etc/rc
# Let the PHP-based configuration subsystem set up the system now
echo -n "Launching the init system..."
touch /var/run/booting
/usr/local/etc/rc.bootup || exit 1
rm /var/run/booting

# Execute the normal syshook / plugin commands
/usr/local/etc/rc.syshook start

echo "inthaproxy0"
/sbin/ifconfig tun2 create name inthaproxy0 group internal

echo -n "Root file system: "
mount | grep ' on / ' | awk '{ print $1 }'
date

/usr/local/sbin/opnsense-shell banner
/usr/local/etc/rc.subr.d/livemode

exit 0


root@OPNsense:~ # /sbin/ifconfig inthaproxy0
inthaproxy0: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
        groups: tun internal

Title: Re: tun interface ignored by OPNsense
Post by: siga75 on September 15, 2019, 09:49:21 am

moved before the PHP section, looks OK now :) it survive a reboot, and all the conf are kept