In order to successfully allow my virtual routers to connect to my local network for management/ssh/telnet/config access. We need to build a loopback or tap interface and merge it with the Ethernet port under a bridge interface. This sounds more complicated that it actually is. Lets take a quick look at what we are actually doing through the use of a Linux bridge interface.
Traffic will flow bi-directionaly from the IOS device inside of the GNS3 application. If traffic needs to egress the application it would do so through the interface connected to the cloud mapped to interface tap0. From tap0 the traffic is bridged to eth0 and in/out the interface as needed. The key is the bridge interface. This will act as a SVI between tap0 and eth0. A SVI is a switched virtual interface, or a layer 3 interface in a switched environment. Think of it as a SVI on a virtual switch. So knowing it is a SVI we can then understand what happens between the 2 ports. The br0 interface is a virtual switch that can direct traffic based on destination mac addresses to the ports needed. It can also hold an ip address for the eth0 interface as well to allow management connectivity to your server.
First we need to take care of our prerequisites in order to use the functionality of the bridging capabilities in Linux.
sudo apt-get install uml-utilities
sudo apt-get install bridge-utils Load the module for tunneling.
modprobe tun Bring up your loopback tap0. You want to make it persistent and assign it to an existing user.
tunctl -u <username> In order to assign the interfaces correctly we need to strip off any current config on the interfaces and set them up as promiscuous ports.
sudo ifconfig eth0 0.0.0.0 promisc up
sudo ifconfig tap0 0.0.0.0 promisc up Create your bridge interface
sudo brctl addbr br0 In order to use the br0 interface you must add the required ports to be bridged together.
sudo brctl addif br0 tap0
sudo brctl addif br0 eth0 Verify you have the interfaces applied to the br0 interface.
brctl show
bridge name bridge id STP enabled interfaces
br0 8000.1c6f653460a7 no eth0
tap0 Now bring up the port and give it the ip address in your subnet.
sudo ifconfig br0 up
sudo ifconfig br0 192.168.19.205/24 Finally to allow the device to route out to the internet configure a default gateway.
sudo route add default gw 192.168.19.1 Verify you have the gateway configured correctly with this command. Your output should have a default gateway entry and a local network subnet entry.
# /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.19.1 0.0.0.0 UG 100 0 0 br0
192.168.19.0 * 255.255.255.0 U 0 0 0 br0
Now you should have connectivity from your GNS3 devices through bridging a tap0 to an eth0 interface.
If you would like to make it stick even after reload adjust your /etc/networks/interfaces file.
sudo nano /etc/network/interfaces GNU nano 2.2.6 File: /etc/network/interfaces auto lo iface lo inet loopback auto br0 iface br0 inet static bridge-ports eth0 tap0 bridge-stp 0 address 192.168.19.205 netmask 255.255.255.0 network 192.168.19.0 broadcast 192.168.19.255 gateway 192.168.19.1 auto eth0 iface eth0 inet manual up ip link set $IFACE up up brctl addif br0 $IFACE down brctl delif br0 $IFACE || true down ip link set $IFACE down auto tap0 iface tap0 inet manual up ip link set $IFACE up up brctl addif br0 $IFACE down brctl delif br0 $IFACE || true down ip link set $IFACE down pre-up /usr/sbin/tunctl -t tap0 -u <username> [ Read 27 lines ] ^G Get Help ^O WriteOut ^R Read File ^Y Prev Page ^K Cut Text ^C Cur Pos ^X Exit ^J Justify ^W Where Is ^V Next Page ^U UnCut Text ^T To Spell
This will force you tap0 interface to automatically load on boot then tie it and your eth0 interface to br0. The IP addresses should be adjusted accordingly to your local private subnet.
References:
http://manpages.ubuntu.com/manpages/precise/man8/tunctl.8.html
Tags: eth0, networking, openvpn, tap0, vpns
Del.icio.us
|
Facebook
|
TweetThis |
Digg
|
StumbleUpon
|
Copyright © Security, Server Tweaking, IT Management Blog By SolidShellSecurity [Linux Unix Bridging Interfaces, Adding tap0 and merging it with eth0 for networking openvpn and vpn's], All Right Reserved. 2014.
The post Linux Unix Bridging Interfaces, Adding tap0 and merging it with eth0 for networking openvpn and vpn’s appeared first on Security, Server Tweaking, IT Management Blog By SolidShellSecurity.