Serial TUN/TAP Encapsulation (Stuntapen) is a simplistic program, implementing a SLIP (RFC 1055)-like algorithm, extended to allow either IPv6 packets (when using a TUN device) or [Ethernet][] frames (when using TAP) to be transferred over some kind of a serial line, such as computer's serial port, TCP stream, or SSH session. When used together with Netcat or SSH, it could be used to create a crude but working IP tunnel or VPN, or to forward IP traffic to a low-feature embedded system via a serial line or USB, or for educational purposes.
Usage
# stuntapen [--tun|--tap] [DEVICE] < INPUT-FILE > OUTPUT-FILE
By default, stuntapen
currently assumes --tun
.
With persistent TUN/TAP devices, the program could also be started by an unprivileged user after such a device is created by, say, tunctl, like (for a TAP device):
root # tunctl -u jrh -t IFNAME
jrh $ stuntapen --tap IFNAME
To use a TUN device, IFNAME
has to begin with tun
, like:
root # tunctl -u jrh -t tuntest
jrh $ stuntapen --tun tuntest
Please note that apparently not all versions of tunctl
currently in existence have support for TUN devices.
Examples
Serial line
To forward IPv6 traffic to a serial device, one may use the following (untested) sequence of commands.
root # tunctl -u jrh -t tungadget
root # ip link set tungadget up
root # ip address add dev tungadget \
local 2001:db8:1337::1 \
peer 2001:db8:1337::2/64
jrh $ stuntapen --tun tungadget <> /dev/ttyS5
Virtual Private Network
To create a VPN over an SSH session, the following
(untested) script may be used. It's assumed that the interface
IFNAME
specified is persistent and is configured separately.
#!/bin/bash
### tuntapvpn.sh --- Crude VPN over SSH -*- Sh -*-
## FIXME: allow for --tun or --tap to be specified
if [ "$#" != 1 ] ; then
printf 'Usage: %s IFNAME REMOTE stuntapen REMOTE-IFNAME\n' \
"$(basename "$0")" >&2
exit 1
fi
ifname="$1"
shift
set -e -x
## FIXME: remove the temporary directory on exit
d=$(mktemp -t -d tuntapvpn.XXXXXXXX)
a="$d"/remote-to-local
b="$d"/local-to-remote
mkfifo -- "$a" "$b"
## FIXME: not sure why the following was necessary
printf '' > "$a" &
printf '' > "$b" &
stuntapen "$ifname" < "$a" > "$b" &
ssh "$@" < "$b" > "$a" &
wait
### tuntapvpn.sh ends here
Note that the REMOTE stuntapen REMOTE-IFNAME
arguments are
actually passed to ssh
directly, thus allowing different
command line arguments if necessary, like:
$ tuntapvpn tunother \
-v otherhost /where/is/stuntapen --tun tunx
TODO
Argp-based command line interface, with support for
conventional GNU options (--help
, --version
, etc.)
Test for SLIP (RFC 1055) compatibility when passing
IPv4 traffic in TUN (--tun
) mode.
Implement conventional Make targets, like install
.
Consider switching to the GNU build system.