!C99Shell v. 2.0 [PHP 7 Update] [25.02.2019]!

Software: Apache/2.2.22 (Debian). PHP/5.6.36 

uname -a: Linux h05.hvosting.ua 4.9.110-amd64 #3 SMP Sun Nov 4 16:27:09 UTC 2018 x86_64 

uid=1389(h33678) gid=1099(h33678) groups=1099(h33678),502(mgrsecure) 

Safe-mode: OFF (not secure)

/usr/share/doc/socat/   drwxr-xr-x
Free 1.48 GB of 7.22 GB (20.52%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     socat-tun.html (6.34 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
Building TUN based virtual networks with socat

Building TUN based virtual networks with socat

Introduction

Some operating systems allow the generation of virtual network interfaces that do not connect to a wire but to a process that simulates the network. Often these devices are called TUN or TAP.

socat provides an address type that creates a TUN device on Linux; the other socat address can be any type; it transfers the "wire" data as desired.

This document shows how a simple virtual network can be created between two hosts that may be far (many network hops) apart. On both hosts a socat instance is started that connects to the other host using TCP and creates a TUN device. See socat-openssltunnel.html for a guide on securing the connection using SSL.

The following IP addresses are used in the example; replace them in the following commands with the requirements of your situation:

hostaddressmask
physical "server" address1.2.3.4n/a
physical "client" addressn/an/a
TUN on "server"192.168.255.1255.255.255.0
TUN on "client"192.168.255.2255.255.255.0

The TCP connection uses port 11443.

On "default" Linux installations, creating TUN/TAP devices might require root privilege.

Generate TUN devices with socat

In this section two instances of socat are used to generate TUN devices on different hosts and connect the "wire" sides, providing a simple virtual network.

We distinguish server and client only with respect to the connection between the two socat instances; the TUN interfaces both have the same quality.

TUN Server

socat -d -d TCP-LISTEN:11443,reuseaddr TUN:192.168.255.1/24,up

After starting this command, socat will wait for a connection and then create a TUN pseudo network device with address 192.168.255.1; the bit number specifies the mask of the network that is pretended to be connected on this interface.

TUN Client

socat TCP:1.2.3.4:11443 TUN:192.168.255.2/24,up

This command should establish a connection to the server and create the TUN device on the client.

Seeing it work

After successful connection both TUN interfaces should be active and transfer date between each other using the TCP connection. Try this by pinging 192.168.255.1 from the client and 192.168.255.2 from the server.

TCP/IP version 6

IPv6 as transport should work just like any TCP/IPv6 connection.

Creation of an IPv6 virtual interface is not directly possible, but you can generate an IPv4 interface as described above, and add IPv6 addresses using the ifconfig command.

Troubleshooting

Test TUN integration

If you get error messages like this:

... E unknown device/address "tun"

your socat executable probably does not provide TUN/TAP support. Potential reasons: you are not on Linux or are using an older version of socat.

Missing kernel support

An error message like:

... E open("/dev/net/tun", 02, 0666): No such file or directory

indicates that your kernel does not have TUN/TAP support compiled in. Rebuild your kernel with the appropriate configuration (probably under Device driver / Network device support / Network device / Universal TUN/TAP).

TUN cloning device permissions

An error message like:

... E open("/dev/net/tun", 02, 0666): Permission denied

indicates that you do not have permission to read or write the TUN cloning device. Check its permission and ownership.

Interface down

If no error occurs but the pings do not work check if the network devices have been created:

ifconfig tun0

The output should look like:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:192.168.255.1  P-t-P:192.168.255.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

Check the "UP" keyword; you forget the "up" option in the socat command if it is missing.

Check if the correct IP address and network mask are displayed.

Routing

netstat -an |fgrep 192.168.255

The output should look like:

192.168.255.0   0.0.0.0         255.255.255.0   U         0 0          0 tun0

Other problems

Another reason for failure might be iptables.

Run socat with options -d -d -d, this will show every data transfer between the two processes. Each ping probe should cause a forth and a back transfer.

History

Linux TUN/TAP support was added to socat in version 1.6.0.

This document was last modified in April 2009.

More info about socat TUN/TAP support

Links regarding this tutorial

socat address tun

socat options for TUN/TAP addresses

TUN/TAP options

References

socat home page
socat man page
OpenVPN home page
TUN/TAP on Wikipedia

Copyright: Gerhard Rieger 2007-2009
License: GNU Free Documentation License (FDL)


:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 2.0 [PHP 7 Update] [25.02.2019] maintained by PinoyWH1Z | C99Shell Github | Generation time: 0.0109 ]--