# 2.4.25 tun device for openVPN [solved - bad config]

## flickerfly

I have installed and configured openVPN. I have also compiled the tun module and issued the command modprobe tun. I have /dev/net/tun in place.   When I run openvpn with verbose messaging I get the following

```
86: tun/tap device tun0 opened

87: /sbin/ifconfig tun0 10.3.0.1 pointopoint 255.255.255.0 mtu 1256

SIOCSIFDSTADDR: Invalid argument

88: Linux ifconfig failed: shell command exited with error status: 1

89: Exiting
```

I tried the command by hand at get the following: 

```
# ifconfig tun0 10.3.0.1 pointopoint 255.255.255.0

SIOCSIFADDR: No such device

tun0: unknown interface: No such device

SIOCSIFDSTADDR: No such device

tun0: unknown interface: No such device

```

I've been looking all over for information on how to better troubleshoot this, but have been shooting blanks so far. Any help would be appreciated. I'm thinking that in order to do this by hand, I'll have to learn a bit more about setting up a tunnel.

I assume that openvpn is having issues because the destination address is being set to a netmask. The config file is below:

```
dev tun

remote 10.3.0.2

ifconfig 10.3.0.1 255.255.255.0

secret /etc/openvpn/test/openvpn.key

```

----------

## Chris W

You really need to understand the Simple Examples from the man page--particularly Example 2.

The two arguments to the ifconfig configuration file option are the addresses of the near and far endpoints of the tunnel--typically two private addresses like 10.0.0.1 and 10.0.0.2 that are not address from either private network.  You have the far address and a netmask.  The argument to remote should be the public address of the far end--the real Internet address if that's what is in between.   I assume you've tried using a netmask in order to establish routing between the two tunnelled networks.  This must be done by adding routing information after the tunnel is established.  The openvpn executable can automatically run a script to do this for you.

Your config should look like:

```
dev tun

remote far.end.real.ip

ifconfig 10.3.0.1 10.3.0.2

secret /etc/openvpn/test/openvpn.key

up tunnel.up

down tunnel.down
```

 At the far end the ifconfig line will have the addresses reversed and your public ip address in the remote argument.  Tunnel.up and tunnel.down are scripts to add/remove routes when the tunnel is established/torn down.  You need to write these yourself using knowledge of the remote network.  Something like:

```
#!/bin/bash

route add -net 192.168.1.0 netmask 255.255.255.0 gw $5
```

 and 

```
#!/bin/bash

route del -net 192.168.1.0 netmask 255.255.255.0 gw $5
```

----------

## flickerfly

Thanks, you are right. I entirely missed on the examples. I pulled and patched that together from various examples on the web. I obviously didn't do a good job of patching, eh. Anyway, what you described helped me to get it up and running. Now I just need to get the TLS/SSL working instead and I'll be all set. I'll have to see if I can put together a Gentoo doc on this as I'm sure many would enjoy it. VPN is a cool technology that I wish I'd explored awhile ago.

----------

