tun/tap networking for VMs on linux using iproute2

So the guides for tun/tap are all different, and they seem to all include bridges, which are eeky, i don't even understand how bridges work.

This method will let your guest have a separate ip routed through the host.

Bridges are nice if you want dhcp, but they hinder what you can do with your network, so this is a guide on how to set up your networking for simple routed networking with a guest os and a host, using tun/tap interfaces.

host os

This works at least on lguest, qemu and xen with small variations, so here is the qemu example: These commands should mostly be issued as root, but you could start a qemu vm as a user, set up networking as root, should work fine

• First create the tun/tap interface

    TAP=$(sudo tunctl -b -u $youruser)
   or as root
    TAP=$(sudo tunctl -b)

• start your guest with this $TUN interface, in quemu this is:

  qemu -net nic -net tap,vlan=0,ifname=$TAP,script=no $whatever_else_options-you_want

  • in the guest set your ip addres to a static ip

• from the host again, set the $TAP interface's address to your host's address

    ip link set $TAP up arp on
    ip addr replace dev $TAP $your.host's.ip.addr
    ip route add $guestIP via $your.host's.ip.addr dev $TAP

• set up ip forwarding and ARP packet proxying

    echo 1 > /proc/sys/net/ipv4/conf/$TAP/proxy_arp
    echo 1 > /proc/sys/net/ipv4/ip_forward
    echo 1 > /proc/sys/net/ipv4/conf/$MAIN_IFACE/proxy_arp

where $MAIN_IFACE is the interface of the host that is connected to the external network.

I have chose this type of networking because it doesn't add yet an other layer of indirection in hte network stack. You can't use bonded interfaces on bridges, etc.

Guest os

This largely depends on your guest os of course, the main things are:

• your ip will be $guestIP

• the gateway will be $your.host's.ip.addr

• and the netmask is /32 which means 255.255.255.255

  plan9 example:

  ip/ipconfig -g {hostIP} {guestIP} {netmask}/32