[Openvpn-devel] understanding of tun and vpn

Tue, 04 Jun 2013 10:15:38 +0000 

 let me explain my understanding on tun/tap

tun device is related to a file descriptor fd :
fd=open("/dev/net/tun",O_RDWR)
when I write to this fd,  write(fd, packet,..)
tun device deliver this packet to kernel TCP/IP stack
when kernel TCP/IP stack send a packet to tun device
I can read from the fd, read(fd, packet_buffer,...)


for example, when using vpn, my tun device ip is 10.0.0.1, my host public
ip is 4.3.2.1, the remote host tun device ip is 10.0.0.15(eth0), the remote
host ip public IP is 1.2.3.4(eth0)

if I have a tcp server listening on port 2000, and I have a program which
has a UDP server listening on port 4000. The remote host  sends a UDP
tunneled TCP SYN to me,  it is like below:

----------------------------------------------------------------------------------------------------------------------------------------------
TCP SYN port: 2000 |src: 10.0.0.15| dst: 10.0.0.1| UDP header port: 4000 |
src: 1.2.3.4|dst:4.3.2.1|
----------------------------------------------------------------------------------------------------------------------------------------------

then my UDP server receives this packet, the program get a packet as below:

------------------------------------------------------------------------
TCP SYN port: 2000 |src: 10.0.0.15| dst: 10.0.0.1|
------------------------------------------------------------------------

the program then write this packet to fd, and then the tun device send the
packet via TCP/IP stack to the TCP server.
the TCP server will respond a TCP SYN/ACK as below:

--------------------------------------------------------------------------------

TCP SYN/ACK port: 2000 |src: 10.0.0.1| dst: 10.0.0.15|
---------------------------------------------------------------------------------

according to the routing table, the TCP/IP stack deliver this SYN/ACK to
tun device
and then I read via fd to get the SYN/ACK packet, and use UDP to send it
out to remote host via eth0,
the packet becomes:

----------------------------------------------------------------------------------------------------------------------------------------------
TCP SYN port: 2000 |src: 10.0.0.15| dst: 10.0.0.1| UDP header port: 4000 |
src: 4.3.2.1|dst:1.2.3.4|
----------------------------------------------------------------------------------------------------------------------------------------------

is my understanding correct or not?



I did a test,

I crafted a ICMP packet, source ip is 10.0.0.3, destination ip is 10.0.0.1,
my tun device ip is 10.0.0.1, it is related to a file descriptor fd
then I write the ICMP packet to the fd,
through tshark -i tun or tcpdump -i tun
I can capture this packet,
but I don't get a ICMP echo reply, why?

thanks!

Reply via email to