Re: [Openvpn-users] Why the tun device hasn't mac address?

Thu, 24 Aug 2017 04:51:38 -0700 

On 24/08/17 11:26, Hongyi Zhao wrote:
> Hi here,
> 
> I use openvpn client to connect to the vpngate.net's free vpn server.
> When succeed, I can find something like the following info on my local
> client machine:
> 
> $ ip addr show
> 
>  362: tun1007: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast state UNKNOWN group default qlen 100
>     link/none
>     inet 10.211.1.9 peer 10.211.1.10/32 scope global tun1007
>        valid_lft forever preferred_lft forever
>     inet6 fe80::b1d2:b3f2:e747:75b3/64 scope link flags 800
>        valid_lft forever preferred_lft forever
> 
> As you can see, there is no mac address.
> 
> Any hints for this?
This is just as expected.

TUN devices are often called Layer 3 interfaces.  At this layer only IP
packets are transported.  IP packets carries IP addresses and cannot not
transport anything else than this kind of packets.

In TAP mode, the device is a Layer 2 interface.  This layer works on
Ethernet frames.  Network packets are encapsulated into a frame which
carries MAC addresses.  Those network packets can be IP packets from
layer three, but can also be non-IP packets (like for example IPX).

So TUN devices don't have MAC addresses because they don't exists on
that layer at all.  It is not even needed to achieve the proper routing
of packets, as the receiving end of an IP packet from a TUN device will
inject that packet into the appropriate place in its local network stack
and it will be processed by the operating system from there.

The advantage of TUN over TAP is that there is a noticeable smaller
overhead.  Very seldom the information carried in the Ethernet frame
from TAP devices is truly needed, as most VPNs transport quite
exclusively IP packets (IPv4 and IPv6).  So you save approximately 40
bytes [1] per packet when using TUN instead.

I hope this clarifies a bit more.


[1] The number is not exact but roughly around 40 bytes.  I don't recall
    the exact number, and it also depends on if VLAN tags are included
    in the packet or not.


--
kind regards,

David Sommerseth

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to