Support for macOS feth devices

Charles Celerier chcl at google.com
Thu Jul 16 02:11:12 AEST 2020


Hi,

I am currently using the L2 tunnel feature of ssh between two Linux
machines, and it works beautifully! As a result, I have come to prefer a
workflow that uses an L2 tunnel, but I can't seem to find a long-term
solution for this workflow on macOS. At the moment, tap devices on macOS
can be generated using a kernel extension like tuntaposx
<http://tuntaposx.sourceforge.net/>; however, all kernel extensions were
deprecated recently and will likely be removed in a future macOS release
this fall.

An alternative to tap devices on macOS is something called a feth
interface. Luckily, the ZeroTierOne project released a program
<https://github.com/zerotier/ZeroTierOne/blob/master/osdep/MacEthernetTapAgent.c>
which
can interact with a feth interface through stdin and stdout. Since ssh uses
file descriptors for all of its tunnels, I think a similar program could be
used in the ssh sys_tun_open logic to interact with a feth interface on
macOS.

I have not yet gone far enough to try and integrate the ZeroTierOne code
with my own ssh build, but I'm curious what thoughts others may have on
this mailing list. One nice improvement of doing something like this in ssh
would be removing the requirement for macOS user's to install an additional
driver to enable L2 tunneling.

Charles


More information about the openssh-unix-dev mailing list