# OpenVPN trouble (tap0 does not exist) [SOLVED]

## daemonflower

Hey,

I don't know much about VPNs in the first place, and setting up an OpenVPN client is beating me.

I tried to follow the HOWTO at gentoo-wiki-com, but I'm stuck at the point where I actually have to start the bridged interface:

```
# /etc/init.d/net.br0 start

 * Service net.br0 starting

 network interface tap0 does not exist

 Please verify hardware or kernel module (driver)                         [ !! ]

 * ERROR:  net.br0 failed to start
```

Now I don't understand much about tunnels, taps or bridge devices, but I followed the tutorial as good as I could (setting up only a client and not the server too, as in the HOWTO). That is, I have Ethernet bridging (CONFIG_BRIDGE) and TUN/TAP support (CONFIG_TUN) compiled into the kernel, emerged openvpn, created the necessary certificates and got them signed by the server, then created the configuration (really just copied them from what the server side's admin gave me). As far as I understood it, I should be able to start the bridge interface then, as above.

Here is my /etc/openvpn/openvpn.conf:

```
persist-tun

dev tun0

verb 2

comp-lzo

client

tls-client

proto udp

persist-key

ca /etc/openvpn/ca.crt

key /etc/openvpn/triton.key

cert /etc/openvpn/triton.crt

key-method 2

ns-cert-type server

writepid /var/run/openvpn.pid

remote *************

route 10.0.0.0 255.0.0.0

route 192.168.0.0 255.255.0.0

route 172.16.0.0 255.240.0.0

route 212.91.251.180

route 212.91.251.181
```

Any help appreciated.

Thanks!Last edited by daemonflower on Fri Sep 01, 2006 9:02 am; edited 1 time in total

----------

## magic919

Device failure is tap0 but device in config is tun0.

----------

## daemonflower

That's true. It does not work any way.

In fact I noticed that before and tried to change tun0 in the config file to tap0. That gave me the exact same error.

I thought OpenVPN is supposed to create the device by itself...

Just a wild guess: Would it help to do a ln -s /etc/init.d/net.lo /etc/init.d/net.tun0?

And finally, here is my /etc/conf.d/net, adapted from the HOWTO:

```
config_eth0=( "dhcp" )

config_eth1=( "192.168.32.30 netmask 255.255.255.0 broadcast 192.168.32.255" )

# I had to comment out the following, because starting the service gave the error

# The module "openvpn" does not exist

#modules=( "openvpn" )

# config_tap0=( "0.0.0.0" )

bridge_br0=( "eth0 tap0" )

config_br0=( "192.168.0.254/24" )

brctl_br0=( "stp on" )

depend_br0() {

        need net.eth0 openvpn

}
```

----------

## drescherjm

Are you sure that the tun driver is loaded?

```
lsmod | grep tun
```

If not 

```
modprobe tun
```

And then place it in your /etc/modules.autoload.d/kernel-2.6 

```
echo "tun" >> /etc/modules.autoload.d/kernel-2.6
```

----------

## daemonflower

Thank you for your reply. You've hit on something. As I discovered, the HOWTO I mentioned above forgot to note that I need this. I have in the meantime compiled it into the kernel and it did not change the error message.

I have changed the /etc/conf.d/net somewhat. It became clear that I had no idea about how VPNs, tunnels and taps work. I think the place to solve the problem is now /etc/conf.d/net. The example I took from gentoo-wiki.com is unusable, this is how far I got until now. If anybody could debug it, that would be nice.

```
# commented out because /etc/init.d/net.br0 start gives the error:

# The module "openvpn" does not exist

#modules=( "openvpn" )

# taken from net.example

tuntap_tap0="tap"

# net.example says I need to set them to null for bridging

config_eth0=( "null" )

config_tap0=( "null")

bridge_br0=( "eth0 tap0" )

config_br0=( "dhcp" )

# routes_br0=( "default via 192.168.2.44" )

# do I need the following?

brctl_br0=( "stp on" )

depend_br0() {

        need net.eth0 openvpn net.tap0

}
```

With this configuration I get the following messages in the syslog on starting net.br0:

```
Aug 30 20:32:44 ganymede udevd-event[23876]: rename_netif: error changing netif name: Invalid argument

Aug 30 20:32:44 ganymede device tap0 entered promiscuous mode

Aug 30 20:32:44 ganymede br0: port 2(tap0) entering listening state

Aug 30 20:32:44 ganymede br0: port 1(eth0) entering listening state

Aug 30 20:32:54 ganymede tap0: no IPv6 routers present

Aug 30 20:32:54 ganymede br0: no IPv6 routers present

Aug 30 20:32:59 ganymede br0: port 2(tap0) entering learning state

Aug 30 20:32:59 ganymede br0: port 1(eth0) entering learning state

Aug 30 20:33:14 ganymede br0: topology change detected, propagating

Aug 30 20:33:14 ganymede br0: port 2(tap0) entering forwarding state

Aug 30 20:33:14 ganymede br0: topology change detected, propagating

Aug 30 20:33:14 ganymede br0: port 1(eth0) entering forwarding state

Aug 30 20:33:44 ganymede dhcpcd[24360]: timed out waiting for a valid DHCP server response

Aug 30 20:33:44 ganymede br0: port 2(tap0) entering disabled state

Aug 30 20:33:44 ganymede br0: port 1(eth0) entering disabled state

Aug 30 20:33:44 ganymede rc-scripts: ERROR:  net.br0 failed to start
```

Strangely, retrying it to reproduce the messages gives me yet another error:

```
Aug 30 20:51:43 ganymede skge eth0: enabling interface

Aug 30 20:51:45 ganymede skge eth0: Link is up at 100 Mbps, full duplex, flow control tx and rx

Aug 30 20:51:48 ganymede openvpn[28863]: OpenVPN 2.0.7 x86_64-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Aug 28 2006

Aug 30 20:51:48 ganymede openvpn[28863]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.

Aug 30 20:51:48 ganymede openvpn[28863]: WARNING: file '/etc/openvpn/triton.key' is group or others accessible

Aug 30 20:51:48 ganymede openvpn[28863]: LZO compression initialized

Aug 30 20:51:48 ganymede openvpn[28863]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]

Aug 30 20:51:48 ganymede openvpn[28863]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]

Aug 30 20:51:48 ganymede openvpn[28863]: Local Options hash (VER=V4): '41690919'

Aug 30 20:51:48 ganymede openvpn[28863]: Expected Remote Options hash (VER=V4): '530fdded'

Aug 30 20:51:48 ganymede openvpn[28865]: UDPv4 link local (bound): [undef]:1194

Aug 30 20:51:48 ganymede openvpn[28865]: UDPv4 link remote: 212.91.251.174:1194

Aug 30 20:51:48 ganymede openvpn[28865]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=DE/ST=Berlin/L=Berlin/O=taz_OpenVPN/OU=EDV/CN=openvpn.taz.de/emailAddress=openvpn@taz.de

Aug 30 20:51:48 ganymede openvpn[28865]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Aug 30 20:51:48 ganymede openvpn[28865]: TLS Error: TLS object -> incoming plaintext read error

Aug 30 20:51:48 ganymede openvpn[28865]: TLS Error: TLS handshake failed

Aug 30 20:51:48 ganymede openvpn[28865]: TCP/UDP: Closing socket

Aug 30 20:51:48 ganymede openvpn[28865]: SIGUSR1[soft,tls-error] received, process restarting

Aug 30 20:51:48 ganymede device tap0 left promiscuous mode

Aug 30 20:51:48 ganymede br0: port 2(tap0) entering disabled state

Aug 30 20:51:48 ganymede device tap0 entered promiscuous mode

Aug 30 20:51:48 ganymede br0: port 2(tap0) entering listening state

Aug 30 20:51:48 ganymede br0: port 1(eth0) entering listening state

Aug 30 20:51:49 ganymede br0: port 2(tap0) entering disabled state

Aug 30 20:51:49 ganymede br0: port 1(eth0) entering disabled state

Aug 30 20:51:49 ganymede br0: port 1(eth0) entering disabled state

Aug 30 20:51:49 ganymede device tap0 left promiscuous mode

Aug 30 20:51:49 ganymede br0: port 2(tap0) entering disabled state

Aug 30 20:51:49 ganymede rc-scripts: network interface br0 does not exist

Aug 30 20:51:49 ganymede rc-scripts: Please verify hardware or kernel module (driver)

Aug 30 20:51:49 ganymede rc-scripts: ERROR:  net.br0 failed to start
```

----------

## daemonflower

After a long time of experimenting and emailing with the server's admin I found a solution. Sorry that the way to it was too convoluted so I can't really reproduce what the solution really was. I'll just post my openvpn.conf and conf.d/net which work, in case it helps someone.

openvpn.conf:

```
persist-tun

dev tun0

verb 2

comp-lzo

client

tls-client

proto udp

persist-key

ca /etc/openvpn/ca.crt

key /etc/openvpn/triton.key

cert /etc/openvpn/triton.crt

key-method 2

ns-cert-type server

writepid /var/run/openvpn.pid

remote ******.***.**

route 10.0.0.0 255.0.0.0

route 192.168.0.0 255.255.0.0

route 172.16.0.0 255.240.0.0

route ***.**.***.***

route ***.**.***.***
```

/etc/conf.d/net:

```
config_eth0=( "dhcp" )

bridge_br0=( "eth0 tap0" )

config_br0=(

        "dhcp"

)

brctl_br0=( "stp on" )

depend_br0() {

        need net.eth0 openvpn

}
```

----------

## mhl_cz

Hi, I followed this HOWTO. I've enabled TUN/TAP in kernel, successfully loaded "tun" module, set up /etc/conf.d/net regarding to my current setup of net interfaces(see below) however I've got this error:

```
/etc/init.d/net.br0 start

 * Starting tap0

 *   Bringing up tap0

 *     0.0.0.0

 *     tap0 does not exist

 * ERROR:  Problem starting needed services.

 *         "net.br0" was not started.

```

/etc/conf.d/net

```
#eth0 - internet

#eth1 - private network

config_eth0=( "dhcp" )

depend_br0()

{

   need net.tap0 net.eth1

}

tuntap_tap0="tap"

config_eth0=( "null" )

config_tap0=( "0.0.0.0 promisc" )

bridge_br0="eth1 tap0"

config_br0=( "192.168.2.1" )

```

dmesg seems all right

```
dmesg | tail

eth1: RealTek RTL8139 at 0xe000, 4c:00:10:70:3d:34, IRQ 11

eth1:  Identified 8139 chip type 'RTL-8100B/8139D'

IPv4 over IPv4 tunneling driver

Bridge firewalling registered

tun: Universal TUN/TAP device driver, 1.6

tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>

eth0: link up, 100Mbps, full-duplex, lpa 0x45E1

eth1: link up, 100Mbps, full-duplex, lpa 0x45E1

tun: Universal TUN/TAP device driver, 1.6

tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>

```

thanks, mhl_cz

----------

## magic919

People don't generally reply to posts marked as solved.  You should start a thread.

----------

## UberLord

Have you emerged openvpn or usermode-utilities?

----------

