Section: Network configuration (5)
Updated: August 2004Index
ifcfg-tunnel - network tunnel interface configuration
It is possible to create static IP tunnel interfaces for three differentprotocols:
- IPv6 over IPv4 tunnel
- universal IPv4 tunnel
- IPv4 over IPv4 tunnel
Additionally, creation of user space program driven tunnels usingthe universal TUN/TAP device driver is supported:
- Ethernet tunnel interface
- Point-to-Point IP tunnel interface
Since there is not yet YaST2 support for creating tunnels one mustwrite appropriate config files by hand for now.
These variables can used in ip tunnel config files:
- Here you have to set the tunnel protocol. This may be "sit" for IPv6 over IPv4tunnel, "gre" for universal IPv4 tunnel, "ipip" for IPv4 over IPv4 tunnel and"tap" or "tun" for the user space program driven tunnels.
- The address of the local tunnel's end must be directly specified inTUNNEL_LOCAL_IPADDRvariable. The address must be present on an existing interface of this host.
- The address of the remote tunnel's end.
- Permits to specify an optional device name, to bind the tunnel to the device,so that tunneled packets will only be routed via this device and will not beable to escape to usable routes available on another devices.
- Specify theTime To Lifeof the packet which carries the tunneled data. Usually it is set to 64 but insome circumstances you may want do use something else between 1 and 255. If notexplicitly set, the TTL is copied from the inner (tunneled) packet.
- Specify theType of Serviceof the packet which carries the tunneled data.
- Enable or disable thePath MTU Discoveryon this tunnel. PMTU discovery is disabled by default. Note that a fixed TTL isincompatible with this option: tunnelling with a fixed TTL always makes PMTUdiscovery.
- TUNNEL_GRE_FLAGS <iseq | oseq | icsum | ocsum>
- Permits to specify a space separated list of flags to enable sequencing andchecksums for incomming and outgoing tunneled packets.
- TUNNEL_GRE_IKEY <key>
- TUNNEL_GRE_OKEY <key>
- Permits to use of keyed GRE using the specified key for incomming and outgoingtunneled packets in IPv4 dotted quad IP address notation or as a number.
- Applicable only to SIT tunnels. Enable or disable this variable to controlwhether the SIT tunnel utilizes Intra-Site Automatic Tunnel Addressing Protocol.By default this option is disabled.
- TUNNEL_SET_OWNER and TUNNEL_SET_GROUPAllows to set the owner and group (by name or UID/GID) for persistenttun/tap interfaces.
Examples for tunnel configurations
These are some generic examples for different tunnel types. Replace the shownaddresses and interface names by your individual ones. As configuration namesyou may choose the interface names.
- GRE and IPIP tunnels
- Create a GRE tunnel between a local computer with IP address 192.168.1.2and a remote computer with IP address 172.16.2.3. After the tunnel iscreated assign an IP address 10.20.30.40 to it's local end. Default filename:ifcfg-gre1
STARTMODE='onboot' BOOTPROTO='static' TUNNEL='gre' TUNNEL_LOCAL_IPADDR='192.168.1.2' TUNNEL_REMOTE_IPADDR='172.16.2.3' IPADDR='10.20.30.40' TUNNEL_TTL='64'IPIP tunnels are created in exactly the same way, except that the variableTUNNELhas to be set to "ipip". Use filenameifcfg-tunl1in this case.
- SIT tunnels for IPv6 over IPv4
- StaticSIT tunnels are currently supported.To create a "static" tunnel one needs to know an IPv4 address of the remote end.The following example also assigns the local IPv6 address 3ffe:ffff::1234/64:ifcfg-sit1
STARTMODE='onboot' BOOTPROTO='static' TUNNEL='sit' TUNNEL_LOCAL_IPADDR='192.168.1.2' TUNNEL_REMOTE_IPADDR='172.16.2.3' IPADDR='3ffe:ffff::1234/64' TUNNEL_TTL='64'
- Universal TUN/TAP tunnels
- The universal TUN/TAP kernel driver provides an interface for userspace programs to operate a tunnel. There are two modes in whichthe interface can be created:
TUN (a Point-to-Point interface using local and remote IP) or TAP (like normal ethernet interface, e.g. for use in bridges).
The following configuration allows to create the interfacespersistently:
STARTMODE='onboot' BOOTPROTO='static' TUNNEL='tap' TUNNEL_SET_OWNER='username' TUNNEL_SET_GROUP='groupname'
STARTMODE='onboot' BOOTPROTO='static' TUNNEL='tun' TUNNEL_SET_OWNER='username' TUNNEL_SET_GROUP='groupname'
The user space program can be started later. TheTUNNEL_SET_OWNER and TUNNEL_SET_GROUP settings allow to runthe user space program with an different UID/GID than 0 (root).When not specified, the user space program has to run with UID 0.
Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
Please report bugs at <https://bugzilla.novell.com/index.cgi
Michal Ludvig -- original tunnel man pageKarol Mroz -- wicked
- Tunnel interfaces
- Examples for tunnel configurations
- SEE ALSO
This document was created byman2html,using the manual pages.