[Qemu-discuss] A question on QEMU networking and openVPN

[Chan Kim]

Dear QEMU users,

About a month ago, I successfully made the QEMU work in our real network using 
TAP networking.
I made tap0 device, created a bridge, with eth0 of my host and tap0 of qemu 
connected to the bridge br0.
Now I can run linux and rtems image on the virtual machine and can communicate 
with real world network.
By the way, I assigned bridge IP address (I don't know why I had to set IP 
address to the bridge, anyway..) 129.254.132.48
and the virtual machine 132.49. (my host is 132.37). Everything works fine.

For internal documentation, I'm trying to understand how QEMU works when in 
networking .
In the qemu-ifup script I have this line. ($1 is the name of tap device (tap0) 
passed by qemu executable)
/usr/sbin/openvpn --mktun --dev $1 --user id -un`
What does this line mean? I understand openvpn is for making an SSL connection 
between my machine and outside world (on TCP/IP) using a port.(Isn't it 
correct?) Does this mean QEMU uses openvpn connection? (if so where in the 
source is it shown? I guess it should be an interface of my ethernet card 
qdev..I'm using a modified version of hw/net/lan9118.c)

Is it that (for example for sending a packet) the processing steps are 
1. The final Ethernet frame from QEMU is encapsulated for SSL into a L3 packet 
and sent to the openvpn interface
2. The SSL encapsulated packet(internally having original Ethernet frame) is 
sent to the TUN device and then to TAP device(because the openvpn is connected 
to the TUN/TAP).
3. The TAP device attaches Ethernet frame header and sends it to the bridge 
(software bridge in my host)
4. The frame is sent to eth0 (my real Ethernet card of the host) and sent out.
?

Or is the SSL encapsulation being used only in my host? Or is SSL encapsulation 
is not used at all?
Any explanation will be deeply appreciated.
Thanks!

Chan