# Getting a MAC address on the tun0 interface[SOLVED]

## tutaepaki

Hi,

I've been using the vpnc client to connect to a Cisco 3000 VPN concentrator. It works fine, but while trying to debug a problem with access to a particular website via the VPN, I found none of the tools like traceroute,

tcptraceroute, hping etc work over the VPN. The tools all work fine over the normal physical interface.

I suspect that it's because the tun0 interface has no mac address, and/or the link encap is unknown? ie

```
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

          inet addr:x.y.z.253  P-t-P:x.y.z.253  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1412  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:500

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

```

So, how do I add a mac address to this interface? I tried

```
ifconfig tun0 hw ether <real-interface MAC>
```

and also a made up MAC, but I get a not supported error.

thanks

tut.Last edited by tutaepaki on Tue Oct 11, 2005 2:35 am; edited 1 time in total

----------

## magic919

Barking up the wrong tree.  You'll break the VPN just to try to get the tools working.  Try checking from othe side of the VPN if the VPN is passing all other traffic with no problems.

----------

## tutaepaki

how barking up the wrong tree?

My config is....

My home network is a cable connection, with a gentoo based FW, and a couple of PCs. 2 running winXP, a work laptop using xp pro, and my home machine running xp home. These two run the Cisco VPN client, and I can access every thing without problems.

The only machine I have a problem with is the other gentoo machine, (not the FW) where I use the vpnc client. I have another collegue with the same issues. WinXP VPN with the cisco client works for everything, VPNC client works for most things, but this one site fails. 

Hence, I need to do some debugging...WTF should this one site not work? I need to use tools, such as hping etc to try to debug what is happening, but for some reason, they won't work over the VPN. I'd really hate to have to say, 'sorry guys, VPN only half works from gentoo+vpnc, go use XP!'

Hope this better explains why I need the tools to work over the VPN. I agree that I might be barking up the wrong tree, but the lack of a MAC address on the tun interface, is the only thing which looks out of place to me.

tut.

----------

## magic919

I understand you have a problem to solve.  However, the TUN interface is correctly configured and works.  You seem to want to give it a MAC address it does not want and even switch it to Ethernet (which is more what a TAP interface does I think).  As far as I know TUN interface will not take part in any ARP anyway.

I have no idea why this one site does not work.  I do know that giving the TUN a MAC address of your choosing will not forward your cause.

----------

## tutaepaki

 *Quote:*   

> I have no idea why this one site does not work. I do know that giving the TUN a MAC address of your choosing will not forward your cause.

 

This is my problem...I've no idea either, and in order to debug the problem, I need the tools to work. But the only thing which seems even slightly out of the ordinary in the VPNC setup, is the fact that the tun0 interface has no hardware address. My thinking is that maybe the tools like hping and tracetoute are borking because they cannot correctly build a packet without a valid MAC address.

----------

## magic919

https://forums.gentoo.org/viewtopic-t-389162.html

----------

## tutaepaki

Setting ECN off didn't fix this....but dropping the MTU size on tun0 down to 576 did   :Smile: 

Never did work out if it's possible to do anything with the mac address. I found a few items with the help of Mr. Google that seemed to indicate that people have had some success with setting the MAC address on the tun interface.

I eventually managed to get a trace using ethereal of a working session over a windows vpn client, and found that I was getting borked fragments from the site. The windows VPN client recovered, VPNC didn't.

----------

## magic919

Glad you got that sorted.  Can't see the MAC bit being helpful as TUNs are excluded from ARP.

----------

