I'm sure the tun pseudo interface "tun" can take multiple clients using it at the same time. I see that "tun" interface as an interface which can send and recive packets through an API which is convenient to e.g. openconnect, openvpn and so on.
Actual packages leave and enter the system through the regular interaces of the global zone. This is the same as if a shared or an exclusive interface would be used with a NGZ. Only exception I can see is, if you assign an exclusive interface to a NGZ; then this interface is out of reach for the tun interface. But this would need an investigation to be sure. And it would not change the game, as its the already crypted stuff going over the wire. Regards, Thomas On Thu, Nov 24, 2016 at 11:30:06PM +0100, [email protected] wrote: > Ok, I see. > If I follow the SFE way, could I have an issue running OpenVPN server over > TUN on GZ and wanting to run Openconnect client over TUN in NGZ ? Like the > device /dev/tun is both used in GZ and NGZ. > > Best regards. > Ben > > ----- Mail original ----- > De: "Thomas Wagner" <[email protected]> > Ã: "Discussion list for OpenIndiana" <[email protected]> > Envoyé: Vendredi 25 Novembre 2016 10:16:51 > Objet: Re: [OpenIndiana-discuss] Cisco IPSec VPN > > For SFE we've solved this by just adding the driver modules to the NGZ > as dead files. So there is no install contraint regarding zones-type. > That way the IPS dependency just matches in any case. > > I use a driver match rule in the NGZ to get tun passed through: > <device match="/dev/tun"/> > > Thomas > > On Thu, Nov 24, 2016 at 09:15:11PM +0100, [email protected] wrote: > > By the way, is there a way to install openconnect in a zone ? > > I can't seem to get it running because tap driver doesn't want to install : > > > > vpnzone# pkg install openconnect > > Creating Plan (Running solver): | > > pkg install: No matching version of network/openconnect can be installed: > > Reject: > > pkg://openindiana.org/network/[email protected]:20161119T064832Z > > Reason: No version matching 'require' dependency driver/network/tap can > > be installed > > ---------------------------------------- > > Reject: > > pkg://openindiana.org/driver/network/[email protected]:20160730T021914Z > > Reason: This version is excluded by installed incorporation > > consolidation/userland/[email protected] > > Reject: > > pkg://openindiana.org/driver/network/[email protected]:20161124T055026Z > > > > pkg://openindiana.org/driver/network/[email protected]:20161124T172113Z > > Reason: Package supports image variant > > variant.opensolaris.zone=[global] but doesn't support this image's > > variant.opensolaris.zone (nonglobal) > > ---------------------------------------- > > Reject: > > pkg://openindiana.org/network/[email protected]:20161119T114634Z > > Reason: No version matching 'require' dependency driver/network/tap can > > be installed > > > > > > Best regards. > > Ben > > > > ----- Mail original ----- > > De: "Jim Klimov" <[email protected]> > > Ãâ¬: "Discussion list for OpenIndiana" > > <[email protected]>, "Andrey Sokolov" > > <[email protected]> > > Envoyé: Vendredi 25 Novembre 2016 07:07:36 > > Objet: Re: [OpenIndiana-discuss] Cisco IPSec VPN > > > > 16 ýþÃ�ñÃâ¬Ã� 2016àó. 14:02:44 CET, Andrey Sokolov > > <[email protected]> ÿøÃËõÃâ: > > >Hi! > > >I use > > >http://pkg.openindiana.org/sfe/info/0/system%2Fnetwork%2Fvpnc%400.5.3%2C5.11-0.151.1.5%3A20120819T093748Z > > > > > >2016-11-14 15:35 GMT+03:00 Jim Klimov <[email protected]>: > > > > > >> Hi all, > > >> > > >> I am faced with a prospect of connecting to a remote network behind > > >Cisco > > >> IPSec VPN (the one with user, password, group and shared keys; will > > >be > > >> practically trying sometime soon this week). Should I expect it to > > >work in > > >> OI Hipster out of the box? Are there docs/blogs on it, or would > > >Oracle docs > > >> I found so far (some hints about conf files and then ipadm tun > > >commands) be > > >> relevant here? Or should I try some other OS right away? > > >> > > >> TIA, Jim > > >> -- > > >> Typos courtesy of K-9 Mail on my Samsung Android > > >> > > >> _______________________________________________ > > >> openindiana-discuss mailing list > > >> [email protected] > > >> https://openindiana.org/mailman/listinfo/openindiana-discuss > > >> > > >_______________________________________________ > > >openindiana-discuss mailing list > > >[email protected] > > >https://openindiana.org/mailman/listinfo/openindiana-discuss > > > > Thanks, > > > > In the end vpnc did work for me; also I saw that openconnect could connect > > to Juniper/Cisco SSL VPNs... so I couldn't resist and now both are packaged > > in OI/Hipster userland ;) > > > > Thanks, > > Jim > > -- > > Typos courtesy of K-9 Mail on my Samsung Android > > > > _______________________________________________ > > openindiana-discuss mailing list > > [email protected] > > https://openindiana.org/mailman/listinfo/openindiana-discuss > > > > _______________________________________________ > > openindiana-discuss mailing list > > [email protected] > > https://openindiana.org/mailman/listinfo/openindiana-discuss > > > > -- > -- > Thomas Wagner > > ------------------------------------------------------------------------ > Service rund um UNIX(TM), Wagner Network Services, Thomas Wagner > Solaris(TM), Linux(TM) Eschenweg 21, 89174 Altheim, Germany > Windows(TM) TEL: +49-731-9807799, FAX: +49-731-9807711 > Telekommunikation, LAN, MOBILE/CELL: +49-171-6135989 > Internet-Service, Elektronik EMAIL: [email protected] > > _______________________________________________ > openindiana-discuss mailing list > [email protected] > https://openindiana.org/mailman/listinfo/openindiana-discuss > > _______________________________________________ > openindiana-discuss mailing list > [email protected] > https://openindiana.org/mailman/listinfo/openindiana-discuss > -- -- Thomas Wagner ------------------------------------------------------------------------ Service rund um UNIX(TM), Wagner Network Services, Thomas Wagner Solaris(TM), Linux(TM) Eschenweg 21, 89174 Altheim, Germany Windows(TM) TEL: +49-731-9807799, FAX: +49-731-9807711 Telekommunikation, LAN, MOBILE/CELL: +49-171-6135989 Internet-Service, Elektronik EMAIL: [email protected] _______________________________________________ openindiana-discuss mailing list [email protected] https://openindiana.org/mailman/listinfo/openindiana-discuss
