Some operating systems allow the generation of virtual network interfaces that
do not connect to a wire but to a process that simulates the network. Often
these devices are called TUN or TAP.
一些操作系统允许生成虚拟网络接口,这些接口不连接到物理网络,而是连接到模拟网络的进程。通常这些设备被称为 TUN 或 TAP。
socat provides an address type that creates a TUN device on Linux; the other
socat address can be any type; it transfers the "wire" data as desired.
socat 在 Linux 上提供了一种地址类型,可以创建一个 TUN 设备;另一个 socat 地址可以是任何类型;它按需传输“网络”数据。
This document shows how a simple virtual network can be created between
two hosts that may be far (many network hops) apart. On both hosts a socat
instance is started that connects to the other host using UDP and creates a TUN
device.
本文展示了如何在两个可能相距很远(经过许多网络跳数)的主机之间创建一个简单的虚拟网络。在两台主机上启动一个 socat 实例,使用 UDP 连接到另一台主机并创建一个 TUN 设备。
Note:UDP is preferred because TCP might not keep packet boundaries, or
try TCP with option nodelay.
注意:UDP 更可取,因为 TCP 可能无法保持数据包边界,或尝试使用带有 nodelay 选项的 TCP。
Note:You may replace UDP by DTLS to add transfer security
注意:您可以将 UDP 替换为 DTLS 以增加传输安全性。
The following IP addresses are used in the example; replace them in the
following commands with the requirements of your situation:
以下 IP 地址仅用于示例;请根据您的实际情况在以下命令中替换它们。
| host | address | mask |
|---|---|---|
| physical "server" address 物理“服务器”地址 | 1.2.3.4 | n/a |
| physical "client" address 物理“客户端”地址 | n/a | n/a |
| TUN on "server" 服务器上的 TUN | 192.168.255.1 | 255.255.255.0 |
| TUN on "client" 在"客户端"上打开 TUN | 192.168.255.2 | 255.255.255.0 |
The UDP connection uses port 11443.
UDP 连接使用端口 11443。
On "default" Linux installations, creating TUN/TAP devices might require
root privilege.
在"默认"的 Linux 安装中,创建 TUN/TAP 设备可能需要 root 权限。
In this section two instances of socat are used to generate TUN devices on
different hosts and connect the "wire" sides, providing a simple virtual
network.
在本节中,使用两个 socat 实例在不同主机上生成 TUN 设备,并连接“wire”端,提供一个简单的虚拟网络。
We distinguish server and client only with respect to the connection between
the two socat instances; the TUN interfaces both have the same quality.
我们只区分服务器和客户端在两个 socat 实例之间的连接方面;TUN 接口都具有相同的质量。
After starting this command, socat will wait for a connection and then
create a TUN pseudo network device with address 192.168.255.1; the bit number
specifies the mask of the network that is pretended to be connected on this
interface.
启动此命令后,socat 将等待连接,然后创建一个带有地址 192.168.255.1 的 TUN 伪网络设备;位数指定了在此接口上假装连接的网络的掩码。
This command should establish a connection to the server and create the TUN
device on the client.
这个命令应该在客户端与服务器建立连接并创建 TUN 设备。
After successful connection both TUN interfaces should be active and transfer
date between each other using the UDP connection. Try this by pinging
192.168.255.1 from the client and 192.168.255.2 from the server.
成功连接后,两个 TUN 接口应处于活动状态,并使用 UDP 连接彼此之间传输数据。通过从客户端 ping 192.168.255.1 和从服务器 ping 192.168.255.2 来尝试这一点。
IPv6 as transport should work just like any UDP/IPv6 connection.
作为传输的 IPv6 应该像任何 UDP/IPv6 连接一样工作。
Creation of an IPv6 virtual interface is not directly possible, but you can
generate an IPv4 interface as described above, and add IPv6 addresses using
the ifconfig command.
创建 IPv6 虚拟接口不是直接可能的,但您可以像上面描述的那样生成一个 IPv4 接口,并使用 ifconfig 命令添加 IPv6 地址。
If you get error messages like this:
如果您收到类似以下错误消息:
| ... E unknown device/address "tun" |
your socat executable probably does not provide TUN/TAP support. Potential
reasons: you are not on Linux or are using an older version of socat.
您的 socat 可执行文件可能不提供 TUN/TAP 支持。可能的原因是:您不在 Linux 上或者正在使用较旧版本的 socat。
An error message like:
像这样的错误消息:
| ... E open("/dev/net/tun", 02, 0666): No such file or directory |
indicates that your kernel does not have TUN/TAP support compiled
in. Rebuild your kernel with the appropriate configuration (probably under
Device driver / Network device support / Network device / Universal TUN/TAP).
表明您的内核没有编译 TUN/TAP 支持。请使用适当的配置重新构建您的内核(可能在设备驱动程序 / 网络设备支持 / 网络设备 / 通用 TUN/TAP 下)。
An error message like:
类似以下错误消息:
| ... E open("/dev/net/tun", 02, 0666): Permission denied |
indicates that you do not have permission to read or write the TUN cloning
device. Check its permission and ownership.
表明您没有权限读取或写入 TUN 克隆设备。请检查其权限和所有权。
If no error occurs but the pings do not work check if the network devices
have been created:
如果没有错误发生,但 ping 不起作用,请检查网络设备是否已创建:
The output should look like:
输出应该如下所示:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.255.1 P-t-P:192.168.255.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Check the "UP" keyword; you forget the "up" option in the socat command if
it is missing.
检查“UP”关键字;如果缺少“up”选项,请检查 socat 命令。
Check if the correct IP address and network mask are displayed.
检查是否显示了正确的 IP 地址和网络掩码。
The output should look like:
输出应该看起来像:
192.168.255.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
Another reason for failure might be iptables.
失败的另一个原因可能是 iptables。
Run socat with options -d -d -d, this will show every data transfer
between the two processes. Each ping probe should cause a forth and a back
transfer.
使用选项 -d -d -d 运行 socat,这将显示两个进程之间的每次数据传输。每个 ping 探测应该引起前向和后向传输。
Linux TUN/TAP support was added to socat in version 1.6.0.
Linux TUN/TAP 支持在 socat 的 1.6.0 版本中添加。
This document was last modified in April 2009.
该文档最后修改于 2009 年 4 月。
Copyright: Gerhard Rieger 2007-2009
版权所有:Gerhard Rieger 2007-2009
License: GNU Free Documentation License (FDL)
许可证:GNU 自由文档许可证(FDL)