日志
Building TUN based virtual networks with socat
Introduction
Some operating systems allow the generation of virtual network interfaces that do not connect to a wire but to a process that simulates the network. Often these devices are called TUN or TAP.
socat provides an address type that creates a TUN device on Linux; the other socat address can be any type; it transfers the "wire" data as desired.
This document shows how a simple virtual network can be created between two hosts that may be far (many network hops) apart. On both hosts a socat instance is started that connects to the other host using TCP and creates a TUN device. See socat-openssltunnel.html for a guide on securing the connection using SSL.
The following IP addresses are used in the example; replace them in the following commands with the requirements of your situation:
| host | address | mask |
|---|---|---|
| physical "server" address | 1.2.3.4 | n/a |
| physical "client" address | n/a | n/a |
| TUN on "server" | 192.168.255.1 | 255.255.255.0 |
| TUN on "client" | 192.168.255.2 | 255.255.255.0 |
The TCP connection uses port 11443.
On "default" Linux installations, creating TUN/TAP devices might require root privilege.
Generate TUN devices with socat
In this section two instances of socat are used to generate TUN devices on different hosts and connect the "wire" sides, providing a simple virtual network.
We distinguish server and client only with respect to the connection between the two socat instances; the TUN interfaces both have the same quality.
TUN Server
socat -d -d TCP-LISTEN:11443,reuseaddr TUN:192.168.255.1/24,upAfter starting this command, socat will wait for a connection and then create a TUN pseudo network device with address 192.168.255.1; the bit number specifies the mask of the network that is pretended to be connected on this interface.
TUN Client
socat TCP:1.2.3.4:11443 TUN:192.168.255.2/24,upThis command should establish a connection to the server and create the TUN device on the client.
Seeing it work
After successful connection both TUN interfaces should be active and transfer date between each other using the TCP connection. Try this by pinging 192.168.255.1 from the client and 192.168.255.2 from the server.
TCP/IP version 6
IPv6 as transport should work just like any TCP/IPv6 connection.
Creation of an IPv6 virtual interface is not directly possible, but you can generate an IPv4 interface as described above, and add IPv6 addresses using the ifconfig command.
渝公网安备 50011602500124号