Basic tutorial on using TUN/TAP virtual network card in CentOS

Source: Internet
Author: User

Basic tutorial on using TUN/TAP virtual network card in CentOS

In computer networks, TUN and TAP are virtual network devices in the operating system kernel. Different from devices implemented by hardware network boards, all these virtual network devices are implemented by software, it also provides the software running on the operating system with the same functions as the hardware network device.
A tap is equivalent to an Ethernet device that operates Layer 2 data packets, such as Ethernet data frames. TUN simulates network-layer devices and operates layer-3 data packets, such as IP data packets.
The operating system sends data to the user space program bound to the device through the TUN/TAP device. On the contrary, the user space program can also be like operating the hardware network device, send data through the TUN/TAP device. In the latter case, the TUN/TAP device delivers (or "injects") data packets to the network stack of the operating system to simulate the process of receiving data from the outside.
If the server has the TUN/TAP module, you can enable the VPN proxy function.
Virtual Network Card TUN/TAP driver design principle:

The tun/tap driver implements the virtual Nic function. tun indicates virtual devices are point-to-point devices, and tap indicates virtual devices are Ethernet devices. These two devices implement different encapsulation for network packets.
By using the tun/tap driver, the network packet processed by the TCP/IP protocol stack can be transferred to any process that uses the tun/tap driver, and then processed by the process and sent to the physical link.
Open source projects openvpn ( and Vtun ( are both tunnel packages implemented using the tun/tap driver.

1. Check whether the kernel supports tun/tap.
Check whether the kernel has a tun Module

[Root @ VM_196_26_centos ~] # Modinfo tun

Filename:/lib/modules/3.10.0-327. el7.x86 _ 64/kernel/drivers/net/tun. ko

Alias: devname: net/tun

Alias: char-major-10-200

License: GPL

Author: (C) 1999-2004 Max kranyansky <>

Description: Universal TUN/TAP device driver

Rhelversion: 7.2.

Srcversion: B59BCB1255A36FBC7557FC3


Intree: Y

Vermagic: 3.10.0-327. el7.x86 _ 64 SMP mod_unload modversions

Signer: CentOS Linux kernel signing key

Sig_key: 79: AD: 88: 6A: 11: 3C: A0: 22: 35: 26: 33: 6C: 0F: 82: 5B: 8A: 94: 29: 6A: b3

Sig_hashalgo: sha256

Load the kernel module

[Root @ VM_196_26_centos ~] # Modprobe tun

[Root @ VM_196_26_centos ~] # Lsmod | grep tun

Tun 27141 0

After the preceding command is executed, the above output is displayed, indicating that the module has been loaded successfully.

2. Create and configure a virtual Nic
Check whether the tunctl command is available. If it is not installed through yum

Centos6 is directly installed through yum install tunctl-y

(Http:// referenced above)

Yum source needs to be added before centos7 installation (refer to the

Install Howto

  1. Create the repository config file/etc/yum. repos. d/nux-misc.repo:

  2. Install tunctl rpm package:


Create a virtual Nic Device

[Root @ VM_196_26_centos ~] # Tunctl-t tap0-u root

Set 'tap0' persistent and owned by uid 0

[Root @ VM_196_26_centos ~] # Ifconfig tap0 netmask promisc

[Root @ VM_196_26_centos ~] # Ifconfig tap0

Tap0: flags = 4355 <UP, BROADCAST, PROMISC, MULTICAST> mtu 1500

Inet netmask broadcast

Ether 5e: 04: f6: 78: 9a: 01 txqueuelen 500 (Ethernet)

RX packets 0 bytes 0 (0.0 B)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 0 bytes 0 (0.0 B)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

After the above operations, the virtual network card has been created and configured.

Next Add a tap1 with another command (refer to the

[Root @ VM_196_26_centos ~] # Ip tuntap add tap1 mode tap

[Root @ VM_196_26_centos ~] # Ifconfig tap1

[Root @ VM_196_26_centos ~] # Ifconfig tap1

Tap1: flags = 4099 <UP, BROADCAST, MULTICAST> mtu 1500

Inet netmask broadcast

Ether 2e: 69: AB: 20: 0d: a7 txqueuelen 500 (Ethernet)

RX packets 0 bytes 0 (0.0 B)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 0 bytes 0 (0.0 B)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

3.Finally, how can I delete tap0 and tap1? (Reference

[Root @ VM_196_26_centos ~] # Tunctl-d tap0

Set 'tap0' nonpersistent

[Root @ VM_196_26_centos ~] # Tunctl-d tap1

Set 'tap1' nonpersistent

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.