tun/tap interfaces in cli ?



I try to handle tunnel interfaces in vyos.

For example a tinc tunnel ( -> http://tinc-vpn.org/ ) can easily be fetched from squeeze repo and works fine in vyos.

vyos@vyos:~$ sudo tincd start
vyos@vyos:~$ ip r
default via dev eth0 proto zebra dev tinc_netz proto kernel scope link src dev lo proto kernel scope link src
vyos@vyos:~$ ip tuntap
tinc_netz: tap

In stock quagga with the C-like CLI tunnel interfaces from tinc/aiccu/… appears in the interface section and can be configured there further.
But how to do the same in vyos? I found no trick.

What I have done:

included repo squeeze in vyos config



there is no cli for tun/tap interfaces.
you might want to create it yourself with these templates:

I am not familar with tinc tunnel, but if you can make the tun/tap tunnel interface to be a part of a bridge interface (brX), you can then configure other things via the bridge interface (brX), like ip, routing protocols, etc.

There are other similar full mesh vpn solutions which is based on VyOS and it works on layer 2, please PM me if you are interested.

thanks and regards,



thanks for your link to the templates, to extend the cli seems not to be too difficult.

I search for an alternative tunnel to dmvpn. We run dmvpn for years and see now limitations. In some cases tinc is more flexible, e.g. we can use ipv4/ipv6 for encapsulation and transport in any combination. But if you have another suggestion for L2 tunnel you are welcome, I personally like vyos as distribution.



There is a full mesh vpn with tun/tap device (might be an alternative to dmvpn), since it is a layer2, we can make the tun/tap device as a bridge-group of a bridge interface, and we can then include other interfaces like eth, vlan to be part of this bridge on layer 2, we can also use the Bridge interface on layer 3 for IP, routing protocols, etc.
Bridge interface in VyOS supports both IPV4 and IPV6 addresses.

As I am not sure what is the policy of the forum, and I do not want this appears as a spam.I will send a private message for more information.



I’d love to know how this works too, so I could unify VPN and routing/load-balanced WAN, etc. in to vyos, instead of having different systems to different things…

If the SPAM aspect has not been clarified yet, a PM will work too as far as I am concerned, but if it is possible to post here, more users will be able to benefit…



Can you send me too?