• linuxfoundation.org/networking/tunneling#introduction" title="networking:tunneling ?" class="wikilink1" style="outline: none; text-decoration-line: none; color: rgb(0, 136, 0);">1 Introduction
• 2 IPIP tunnels
• mple" title="networking:tunneling ?" class="wikilink1" style="outline: none; text-decoration-line: none; color: rgb(0, 136, 0);">2.1 Manual configuration example
• 2.2 /etc/net configuration example
• 3 GRE tunnels
• 3.1 Manual configuration example
• 3.2 /etc/net configuration example
• 4 SIT tunnels
• 4.1 Manual configuration example
• 4.2 /etc/net configuration example
• 5 Links

Tunneling is a way to transform data frames to allow them pass networks with incompatible address spaces or even incompatible protocols. There are different kinds of tunnels: some process only IPv4 packets and some can carry any type of frame. Linux kernel supports 3 tunnel types: IPIP (IPv4 in IPv4), GRE (IPv4/IPv6 over IPv4) and SIT (IPv6 over IPv4). Tunnels are managed with ip program, part of Iproute2:

 $ /sbin/ip tunnel help
 Usage: ip tunnel { add | change | del | show } [ NAME ]
           [ mode { ipip | gre | sit } ] [ remote ADDR ] [ local ADDR ]
           [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ]
           [ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ dev PHYS_DEV ]
 
 Where: NAME := STRING
        ADDR := { IP_ADDRESS | any }
        TOS  := { NUMBER | inherit }
        TTL  := { 1..255 | inherit }
        KEY  := { DOTTED_QUAD | NUMBER }

Iproute2 is usually shipped with documentation, of which you need the file ip-tunnels.ps to learn about tunnel management. In Fedora Core 4 it is /usr/share/doc/iproute-2.6.11/ip-tunnels.ps.

IPIP kind of tunnels is the simplest one. It has the lowest overhead, but can incapsulate only IPv4 unicast traffic, so you will not be able to setup OSPF, RIP or any other multicast-based protocol. You can setup only one tunnel for unique tunnel endpoints pair. It can work with FreeBSD and cisco IOS. Kernel module is 'ipip'. The following example demonstrates configuration of IPIP tunnel with four IPv4 routes, manually or via /etc/net.

 # modprobe ipip
 # ip tu ad ipiptun mode ipip local 10.3.3.3 remote 10.4.4.4 ttl 64 dev eth0
 # ip ad ad dev ipiptun 10.0.0.1 peer 10.0.0.2/32
 # ip li se dev ipiptun up
 # ip ro ad 10.4.10.0/24 via 10.0.0.2
 # ip ro ad 10.4.20.0/24 via 10.0.0.2
 # ip ro ad 10.4.30.0/24 via 10.0.0.2
 # ip ro ad 10.4.40.0/24 via 10.0.0.2

 # mkdir /etc/net/ifaces/ipiptun
 # cat > /etc/net/ifaces/ipiptun/options
 TYPE=iptun
 TUNTYPE=ipip
 TUNLOCAL=10.3.3.3
 TUNREMOTE=10.4.4.4
 TUNOPTIONS='ttl 64'
 HOST=eth0
 ^D
 # cat > /etc/net/ifaces/ipiptun/ipv4address
 10.0.0.1 peer 10.0.0.2/32
 ^D
 # cat > /etc/net/ifaces/ipiptun/ipv4route
 10.4.10.0/24 via 10.0.0.2
 10.4.20.0/24 via 10.0.0.2
 10.4.30.0/24 via 10.0.0.2
 10.4.40.0/24 via 10.0.0.2
 ^D
 # ifup ipiptun

GRE tunnels can incapsulate IPv4/IPv6 unicast/multicast traffic, so it is de-facto tunnel standard for dynamic routed networks. You can setup up to 64K tunnels for an unique tunnel endpoints pair. It can work with FreeBSD and cisco IOS. Kernel module is 'ip_gre'. The following example demonstrates configuration of GRE tunnel with two IPv4 routes.

 # modprobe ip_gre
 # ip tu ad gretun mode gre local 10.5.5.5 remote 10.6.6.6 ttl 64 dev eth0
 # ip ad ad dev gretun 10.0.0.3 peer 10.0.0.4/32
 # ip li se dev gretun up
 # ip ro ad 10.6.10.0/24 via 10.0.0.4
 # ip ro ad 10.6.20.0/24 via 10.0.0.4

 # mkdir /etc/net/ifaces/gretun
 # cat > /etc/net/ifaces/gretun/options
 TYPE=iptun
 TUNTYPE=gre
 TUNLOCAL=10.5.5.5
 TUNREMOTE=10.6.6.6
 TUNOPTIONS='ttl 64'
 HOST=eth0
 ^D
 # cat > /etc/net/ifaces/gretun/ipv4address
 10.0.0.3 peer 10.0.0.4/32
 ^D
 # cat > /etc/net/ifaces/gretun/ipv4route
 10.6.10.0/24 via 10.0.0.4
 10.6.20.0/24 via 10.0.0.4
 ^D
 # ifup gretun

SIT stands for Simple Internet Transition. Its main purpose is to interconnect isolated IPv6 networks, located in global IPv4 Internet. SIT works like IPIP. It can work with FreeBSD and cisco IOS. Kernel module is 'ipv6'. Once loaded, ipv6 module can't be unloaded. You can get your own IPv6 prefix and a SIT tunnel from a tunnel broker. The following example demonstrates configuration of SIT tunnel with three IPv6 routes.

 # modprobe ipv6
 # ip tu ad sittun mode sit local 10.7.7.7 remote 10.8.8.8 ttl 64 dev eth0
 # ip ad ad dev sittun 2001:0DB8:1234::000e/127
 # ip li se dev sittun up
 # ip -6 ro ad 2001:0DB8:5678::/48 via 2001:0DB8:1234::000f
 # ip -6 ro ad 2001:0DB8:5679::/48 via 2001:0DB8:1234::000f
 # ip -6 ro ad 2001:0DB8:567a::/48 via 2001:0DB8:1234::000f

 # mkdir /etc/net/ifaces/sittun
 # cat > /etc/net/ifaces/sittun/options
 TYPE=iptun
 TUNTYPE=sit
 CONFIG_IPV6=yes
 TUNLOCAL=10.7.7.7
 TUNREMOTE=10.8.8.8
 TUNOPTIONS='ttl 64'
 HOST=eth0
 ^D
 # cat > /etc/net/ifaces/sittun/ipv4address
 2001:0DB8:1234::000e/127
 ^D
 # cat > /etc/net/ifaces/sittun/ipv4route
 2001:0DB8:5678::/48 via 2001:0DB8:1234::000f
 2001:0DB8:5679::/48 via 2001:0DB8:1234::000f
 2001:0DB8:567a::/48 via 2001:0DB8:1234::000f
 ^D
 # ifup sittun

• LARTC: GRE and other tunnels
• XS26 Project
• SIXXS Tunnel Broker
• Hurricane Electric's IPv6 Tunnel Broker
• IANA: IPv6 unicast address assignment