tun interface ignored by OPNsense

Started by siga75, September 14, 2019, 06:46:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 14, 2019, 06:46:28 PM Last Edit: September 14, 2019, 07:05:01 PM by siga75
Hello all,

this is my first post, I just got my new appliance and playing a bit with it.

I added, via command line a tun interface

/sbin/ifconfig tun2 create

and inserting it in a startup script, then restarted the appliance, I correctly see the interface

root@OPNsense:~ # ifconfig tun2
tun2: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: tun

but in the WUI I can't use it.

What I would like to achieve, even if probably silly, is to have a virtual internal network, not binded to any real nic, and be able to create firewall rules for that subnet. The idea is that I would like to have firewall between applications that run in the server itself.

Thanks for any suggestion :)

EDIT: I am able to see it under VLAN, so I added that tun interface and tagged as ID 100, now I can use it, looks like, but I strongly feel what I am doing is ridicously wrong LOL
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
September 14, 2019, 07:21:11 PM #1
You have to rename it via ifconfig
September 14, 2019, 08:16:27 PM #2
thx for your answer, and which name should I set?
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
September 14, 2019, 11:22:57 PM #3
How about butterfly12? :)
September 15, 2019, 07:45:30 AM #4
LMAO :)

So any name that is not tunX, OK

Let me give a try

Thanks
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
September 15, 2019, 08:05:22 AM #5
YAY XD

works like a charm :)

Thanks again
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
September 15, 2019, 08:11:27 AM #6
But you need to check if it survives a reboot to make if safe :)
September 15, 2019, 09:35:22 AM #7
damn...

tun device is created at startup, but too late I guess. I am a unix admin (Solaris, AIX, RHEL) but never worked with BSD, so I didn't want to read how sysinit works, but I understood is really simple and solid, with no runlevels and inittab

I just edited /usr/local/etc/rc for a test, then I will find a more elegant and appropriate way to do it

root@OPNsense:~ # grep -C 10 inthaproxy0 /usr/local/etc/rc
# Let the PHP-based configuration subsystem set up the system now
echo -n "Launching the init system..."
touch /var/run/booting
/usr/local/etc/rc.bootup || exit 1
rm /var/run/booting

# Execute the normal syshook / plugin commands
/usr/local/etc/rc.syshook start

echo "inthaproxy0"
/sbin/ifconfig tun2 create name inthaproxy0 group internal

echo -n "Root file system: "
mount | grep ' on / ' | awk '{ print $1 }'
date

/usr/local/sbin/opnsense-shell banner
/usr/local/etc/rc.subr.d/livemode

exit 0


root@OPNsense:~ # /sbin/ifconfig inthaproxy0
inthaproxy0: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
        groups: tun internal
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
September 15, 2019, 09:49:21 AM #8
moved before the PHP section, looks OK now :) it survive a reboot, and all the conf are kept
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
Print
Go Up Pages1
User actions