Updated: 4/4-2017
The Future of Tun and Tap VPNs on macOS - Tunnelblick Free open source OpenVPN VPN client server software GUI for Mac OS X. Includes OpenVPN, OpenSSL, easy-rsa, and drivers. Virtual Point-to-Point(TUN) and Ethernet(TAP) devices News Universal TUN/TAP driver 1.1 released Universal TUN/TAP driver 1.0 released Linux, Solaris and FreeBSD drivers merged. The OSX tun/tap driver seems to work a bit different. The Linux example dynamically allocates a tun interface, which does not work in OSX, at least not in the same way. I stripped the code to create a basic example of how tun can be used on OSX using a self-selected tun device, printing each packet to the console.
There have been a lot of issues, where people cannot connect correctly, with the SSL VPN client.
When you look into the logfiles, you typically see this:
Tuntap mac Tuntap mac.
Tue Jul 07 07:49:09 2015 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Tue Jul 07 07:49:09 2015 Route: Waiting for TUN/TAP interface to come up…
Tue Jul 07 07:49:13 2015 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Tue Jul 07 07:49:13 2015 Route: Waiting for TUN/TAP interface to come up…
Tue Jul 07 07:49:14 2015 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Tue Jul 07 07:49:14 2015 Route: Waiting for TUN/TAP interface to come up…
There have been reported several workarounds/fixes for this, but this issue actually lies behind the NDIS driver provided by OpenVPN, which is the same client the Sophos UTM uses.
While waiting for Sophos to come up with a new version of their client (Presently they are at version 2.1), you can get things running by downloading the openvpn TAP Windows driver here:
Summarize:
1) Close all active VPN tunnels
2) Download and install the TAP driver above or from OpenVPN.
3) Right-click on this file: C:Program Files (x86)SophosSophos SSL VPN Clientbinopenvpn-gui.exe and choose properties -> compatibility – > run as administrator -> Press OK
4) Reboot PC and try again
Source: https://community.openvpn.net/openvpn/ticket/316
If this does not solve the problems, try to reset WinSock in Windows, with theese steps:
- Command prompt with administrative rights!
- Type “netsh winsock reset catalog” – Enter
- Type “netsh int ipv4 reset reset.log” – Enter
- Reboot the machine
Let me hear the results 🙂
Related Posts
If you use linux (optionally FreeBSD and Solaris, not tested),you may want to access the network through a tuntap interface. The mainadvantage of this interface, is that the guest has access to the host. The guest can evenhave access to the whole network if the host routes or masquerades the guest requests.No extra IP address is needed, all can be done using private IP addresses.
You'll find here instructions to set up Linux/Bochs to provide network access to the guest OSthrough a tuntap interface and private IP network. We're going to see howto :
enable the tuntap interface in the Linux Kernel
configure Bochs to use the tuntap interface
set up the private network between the host and the guest
set up the host to masquerade the guest network accesses
From the tuntap.txt file in the Linux kernel tree :
8.11.2. Set up the linux Kernel [1]First make sure the tuntap module is included in the kernel :
if you use a recent distribution, chances are that the needed modules are already build
Make sure that 'Kernel module loader' - module auto-loading support is enabled in your kernel.
Add following line to the /etc/modules.conf:
Run: The driver will be automatically loaded when application access /dev/net/tun.
Otherwise, recompile the kernel, including the configuration option
Note: Make sure there is a /dev/net/tun device.(Can be created with '
In the same way, to use masquerading, you need a kernel with the following options :
Note: Some of the other options in this group is probably also needed,(but the default setting should be OK).
8.11.3. Configure Bochs to use the tuntap interfaceMake sure Bochs has one of the network adapters enabled. If you have to recompile Bochs, use
Tun Tap Device
edit your
Since the tuntap interface cannot be configured until a process opens it, Bochs may run a script file for you. In this case
Tun Tap Driver For Mac Download
8.11.4. Set up the private network between the host and the guestWe'll set up a private network between the host and the guest with the following parameters: If your parameters are different, adapt the rest of the section to suit your needs.
Create the
Make it executable :
Run Bochs, install the guest OS, and set the following network parameters in the guest OS:
Tap Driver Download
Note: Bochs must be started by root (at least for now - the script won't have root privileges otherwise).
You may also have to edit /etc/hosts.allow in the host OS and add : Don't forget to set up the route on the guest.At this point, you should be able to ping/telnet/ftp/ssh the guest from the host and vice-versa.
8.11.5. Set up the host to masquerade the guest network accesses We are going to set up standard masquerading configuration. Edit the
Note: The configuration assumes the default policy is ACCEPT (can be examined by doing '
Note: The iptables package must be installed.
And voila... The host should forward the packets of the guest to the rest of your network. You could even have access to the internet...Note: You may need to load other modules if you want to use other fancy protocols (ftp,etc...)
Notes[1]much of the information of the following section is taken from this email from Samuel Rydh of the Mac-On-Linux list