* VTun *
Frequently Asked Questions

VTun - Frequently Asked Questions

1. General Questions

2. Error Messages 3. Crypto Questions
1. General Questions
1.1 What is VTun ?
 VTun is the easiest way to create Virtual Tunnels over TCP/IP networks
 with traffic shaping, compression, and encryption. At least, we think so.
 It supports IP, PPP, SLIP, Ethernet and other tunnel types.
 VTun is easily and highly configurable, it can be used for various
 network tasks.

1.2 What does VTun stand for ?
 Virtual TUNnel.

1.3 Whom do I contact for support ?
 Please send your suggestions, questions and problem descriptions to
 VTun mailing list vtun-users@lists.sf.net

1.4 Is VTun Y2K compliant?

1.5 Where can I download VTun package ?
 You can download complete VTun package from the following web sites:

1.6 Can I establish VTun tunnel with Windows machine ?
 Unfortunately there is no VTun client for Windows yet.
 We a looking for a guru who will port VTun to Windows.

1.7 Can I establish VTun tunnel with Cisco ?
 No. VTun doesn't support tunneling with Cisco.

1.8 Does VTun support PPTP, L2TP, IPsec ?
 VTun uses it's own simple and efficient protocol with TCP or UDP.
 It doesn't support PPTP, L2TP, IPsec.

1.9 What platforms are supported by VTun ?
 VTun was developed on Linux and then ported to several other OS:
    Linux (any glibc based distribution)
    FreeBSD, OpenBSD, NetBSD and other BSD clones.

1.10 Does VTun server support multiple clients ?
 Sure. Number of the clients is limited only by the capabilities of
 your machine.

1.11 How many tunnels can VTun handle ?
 Number of the tunnels is limited only by the capabilities of your

1.12 What do I need to run VTun ?
 You should install and configure VTun package and read documentation.
 Usually you'll need:
    Universal TUN/TAP device driver (http://vtun.sourceforge.net/tun)
    PPP driver and pppd.

1.13 What hardware do I need to run VTun ?
 Hardware requirements depends on your configuration:
    486DX2/66/16Mb will handle simple tunnels without compression
    and encryption.
    P200/64Mb will handle several medium speed tunnels with compression
    and encryption without any problem.
    Celeron 400/64Mb, perfectly encrypts and compresses high speed
    channels like 2Mbits.
 Real life examples:
    PII466/128Mb was compressing several 3-4Mbits tunnels.  
    AlphaXL 266/64Mb was compressing and shaping about 10-50 tunnels
    from 64Kbit to 512Kbit.
    P200MMX/64Mb with about 100 tunnels over loopback.

1.14 VTun supports many tunnel types, which type should I use ?
 Well, it is not very easy to answer this question in the FAQ.
 Please read documentation which comes with VTun package and visit
 VTun web site http://vtun.sourceforge.net

1.15 Where can I find configuration recommendations and examples ?
 VTun package contains several config file samples.
 Please read README.Setup

1.16 Why ZLIB compression does not work with UDP protocol ?
 UDP doesn't not provide reliable transport, and some frames could be
 lost on unreliable links. VTun does not have any retransmission or
 recovery algorithm for the lost UDP frames, because retransmission will
 be handled by Upper layers.
 You should use LZO compression with UDP protocol.    

1.17 Why PPP tunnel is unstable over UDP ?
 Explanation is the same as with above case. Use TCP for PPP tunnels or
 use TUN instead of PPP, since tun device is completely the same with
 ppp device for the kernel.

1.18 Why do routes specified after 'ppp' command in config file produce errors and don't install correctly ?
 Actually there is no straight way to determine when pppd has established
 connection with the other end. VTun execute those route commands right
 after the launch of pppd and if PPP link is not established, route
 commands will fail. Since version 2.0b3, VTun delays 10 seconds before
 issuing the route commands, which should fix almost all cases.  
 I'll think about more elegant way to fix this problem.

1.19 How secure is VTun ?
 Well. VTun doesn't try to be the MOST secure tunneling software in the
 world, it tries to be fast, stable, rich of features, easy to use
 and secure enough instead.
 VTun uses Challenge Based Authentication and doesn't transfer passwords
 in clear text. Encryption module uses MD5 for 128 bits key generation
 and BlowFish algorithm for actual data encryption.
 There could be some weaknesses in key generation method; we will try
 to address them in future releases.

1.20 Who has developed such nice and cool software ?
 Thanks :). You can find list of VTun team members on the web site or
 in the 'Credits' file in VTun package.

1.21 I don't like VTun. Where can I send complaints ?
 You can send them to /dev/null.

 Seriously, complaints are merely badly-worded criticism which people
 won't discuss further. We welcome criticism and suggestions, of
 course, as long as we can discuss it. If you just want to spout, it's
 not going to do anyone any good, and you may as well just send it to
 /dev/null. We're sorry to hear you just don't like it; even more
 sorry to hear you don't want to help improve it for everyone else.

1.22 Where can I get more information about VTun ?
 VTun package contains:
    Manual page for vtund.
    Manual page for configuration file.
    Fully documented config file.
    Several README files.

1.23 Can I use vtun over SSH ?
 Yes, via the port forwarding feature of ssh.  Don't enable vtun's
 encryption as ssh does its own encryption.  Also, make sure to select
 the TCP protocol as SSH can forward TCP but not UDP.  An example
 session might look something like this:

 home$ ssh -L 5000:localhost:5000 work.megacorp.com
 (authenticate if necessary)
 work$ vtund -s home_tunnel_config
 home$ vtund home_tunnel_config localhost

1.24 Is it possible to establish a vtun link from a client behind NAT or a firewall?
 Yes it is, but you need to use TCP protocol.

2. Error Messages
2.1 Why do I see no vtund log and error messages ?
 On several Unices, FreeBSD for example, syslog doesn't log message
 with INFO priority, by default.
 You should add "*.info;" to the line with /var/log/messages in

2.2 Why do I get "Input/output error" pppd error message ?
 This usually means that vtund on other side has dropped connection,
 check logs on other side.

2.3 Why do I get "couldn't find any suitable secret (password)" pppd error message ?
 New versions of pppd use authentication by default.
 Just add "noauth" option to ppp command.

2.4 Why do I get "XXXX returned error Y" error message ?
 Usually this means that you use incorrect syntax for that command.
 Also please read question 1.19 about routes and pppd.

2.5 Why do I get "Serial line is looped back" pppd error message ?
 Sometimes pppd incorrectly decides that pseudo terminal is looped back.
 Just add "nomagic" option to ppp command.

2.6 Why do I get "Can't allocate tun device" or "Can't allocate tap device" error messages ?
 This error means that Universal TUN/TAP driver module is not loaded
 or you do not have correct /dev/tunXX or /dev/tapXX device nodes.
 Make sure you have installed and configured Universal TUN/TAP device
 driver (http://vtun.sourceforge.net/tun)

2.7 Why do I get "LZO compression is not supported" error message ?
 This error means that LZO compression is not compiled in.
 You will have to download binary VTun package or recompile vtund with
 LZO support.

2.8 Why do I get "expecting WORD at line xxx" error message ?
 This usually means that you are using password that contain only
 numerical characters.
 VTun passwords must be alpha characters or a mixture of alpha and
 numerical characters.

2.9 Why do I get the message "kernel: application bug: vtund(XXXX) has SIGCHLD set to SIG_IGN but calls wait()" in my system log?
 Red Hat Linux users will notice this message. It's been spotted
 only on Red Hat Linux, and cannot be provoked easily enough on
 any other system. We're advising people not to worry, but
 definitely appreciate discussion on this topic that can result
 in a fix that removes the warning.

3. Crypto Questions
3.1 Isn't using only XOR to encrypt challenges completely unsafe ?
 A few documents discussing security in VTun have pointed to
 sections of code that use XOR to 'encrypt' challenges:

 97:void encrypt_chal(char *chal, char *pwd)
 99: char * xor_msk = pwd;
 100: register int i, xor_len = strlen(xor_msk);
 102: for(i=0; i < VTUN_CHAL_SIZE; i++)
 103: chal[i] ^= xor_msk[i%xor_len];

 However, this code doesn't get compiled into any standard
 release, and anyone familiar with #ifdef notation should
 understand that immediately. This code is continually requested
 by third-parties, though, and needs to remain in the product.
 Since one needs to intentionally and willingly cripple the
 product before this code becomes a concern, we don't think it's
 a serious concern. (Of course, we're open to debate!)

3.2 I have this problem with a binary built wihout SSL ...

 This is difficult to say, but you have to stop right there.

 The no-SSL binary isn't supported. Yes, the XOR code will
 remain in the product, and yes, we do intend to consider the
 implications of the code when we continue development, but we
 don't advocate ever building a no-SSL VTun, and we will not
 spend time supporting a configuration which we so reluctantly
 leave in place. There's a longer story to this, but the result
 is the same: we will normally avoid issues related to no-SSL

 Having said that, let me affirm that we do (and will) accept
 modifications to the sections of code that only get exercised in
 non-SSL builds, and we will continue to consider the non-SSL code
 when we continue development. We will review new code and merge
 it into the product so that others can benefit, but we will not
 support or advocate that variant ourselves.

 If you have any unanswered question please send it to the mailing list

Copyright (C) 1999-2016 Maxim Krasnyansky