tunnel interface names

dev at cyphermonks.org dev at cyphermonks.org
Wed May 30 19:13:37 AEST 2018

>> the fact that ssh insists on tap* and tun* tun/tap-device-names is a
>> real nag and prevents from nice and easy solutions in some cases.
> Could you offer some examples?

some client:
ssh -o "Tunnel Ethernet" -w any office

next client:
ssh -o "Tunnel Ethernet" -w any office
...and so forth.

interface configuration on the hub for all clients:
allow-hotplug /tap*=tap
iface tap inet manual
	bridge hub

now some other client needs a specific config on the server or there happens to be something else wanting to use a tap-interface for something else => every single client's interface has to be configured specifically, all interfaces have to be statically assigned to clients, clients have to reserve every single interface they might want to use in advance.

similar can be true for the client side:
ssh -b -w any office
ssh -b -w any office

allow-hotplug /tun*=tun
iface tun inet manual
	up route add default dev "$IFACE"

will also soon have to end up with specific single-interfaces nondynamic config.

imagine mixing this: the office knows several bridges and possibly even other uses of tun/tap. might be the same for clients.
now tun/tap interfaces do not have to be named tun* or tap*. namespaces can be used. so:

ssh -o "Tunnel Ethernet" -w officebridge1:officebridge1-alice office-hub

on the hub:
allow-hotplug /officebridge1-*=officebridge1-port
iface officebridge1-port inet manual
	 bridge officebridge1


ssh -b -w office1:office-alice1 office
ssh -b -w office2:office-alice2 office

allow-hotplug /office*=office
iface office inet manual
	up route add default dev "$IFACE"

and server:
allow-hotplug /office-alice*=office-alice
iface office-alice inet manual
	up route add dev "$IFACE"

what is the point of artificially restricting names to just tun\d+ and tap\d+ ?

More information about the openssh-unix-dev mailing list