x SuSE Linux 13.1-RELEASE x
x SuSE Linux 13.1-RELEASEx
IFCFG-TUNNEL(5) Network configuration IFCFG-TUNNEL(5)
NAME
ifcfg-tunnel - network tunnel interface configuration
SYNOPSIS
/etc/sysconfig/network/ifcfg-gre*
/etc/sysconfig/network/ifcfg-ipip*
/etc/sysconfig/network/ifcfg-sit*
/etc/sysconfig/network/ifcfg-tun*
/etc/sysconfig/network/ifcfg-tap*
Tunnel interfaces
It is possible to create static IP tunnel interfaces for three differ-
ent protocols:
SIT IPv6 over IPv4 tunnel
GRE universal IPv4 tunnel
IPIP IPv4 over IPv4 tunnel
Additionally, creation of user space program driven tunnels using the
universal TUN/TAP device driver is supported:
TAP Ethernet tunnel interface
TUN Point-to-Point IP tunnel interface
Since there is not yet YaST2 support for creating tunnels one must
write appropriate config files by hand for now.
VARIABLES
These variables can used in ip tunnel config files:
TUNNEL Here you have to set the tunnel protocol. This may be "sit" for
IPv6 over IPv4 tunnel, "gre" for universal IPv4 tunnel, "ipip"
for IPv4 over IPv4 tunnel and "tap" or "tun" for the user space
program driven tunnels.
TUNNEL_LOCAL_IPADDR
The address of the local tunnel's end must be directly specified
in TUNNEL_LOCAL_IPADDR variable. The address must be present on
an existing interface of this host.
TUNNEL_REMOTE_IPADDR
The address of the remote tunnel's end.
TUNNEL_DEVICE
Permits to specify an optional device name, to bind the tunnel
to the device, so that tunneled packets will only be routed via
this device and will not be able to escape to usable routes
available on another devices.
TUNNEL_TTL
Specify the Time To Life of the packet which carries the tun-
neled data. Usually it is set to 64 but in some circumstances
you may want do use something else between 1 and 255. If not
explicitly set, the TTL is copied from the inner (tunneled)
packet.
TUNNEL_TOS
Specify the Type of Service of the packet which carries the tun-
neled data.
TUNNEL_PMTUDISC
Enable or disable the Path MTU Discovery on this tunnel. PMTU
discovery is disabled by default. Note that a fixed TTL is
incompatible with this option: tunnelling with a fixed TTL
always makes PMTU discovery.
TUNNEL_GRE_FLAGS <iseq | oseq | icsum | ocsum>
Permits to specify a space separated list of flags to enable
sequencing and checksums for incoming and outgoing tunneled
packets.
TUNNEL_GRE_IKEY <key>
TUNNEL_GRE_OKEY <key>
Permits to use of keyed GRE using the specified key for incoming
and outgoing tunneled packets in IPv4 dotted quad IP address
notation or as a number.
SIT_ISATAP
Applicable only to SIT tunnels. Enable or disable this variable
to control whether the SIT tunnel utilizes Intra-Site Automatic
Tunnel Addressing Protocol. By default this option is disabled.
TUNNEL_SET_OWNER and TUNNEL_SET_GROUP
Allows to set the owner and group (by name or UID/GID) for per-
sistent tun/tap interfaces.
Examples for tunnel configurations
These are some generic examples for different tunnel types. Replace the
shown addresses and interface names by your individual ones. As config-
uration names you may choose the interface names.
GRE and IPIP tunnels
Create a GRE tunnel between a local computer with IP address
192.168.1.2 and a remote computer with IP address 172.16.2.3.
After the tunnel is created assign an IP address 10.20.30.40 to
it's local end. Default filename: ifcfg-gre1
STARTMODE='onboot'
BOOTPROTO='static'
TUNNEL='gre'
TUNNEL_LOCAL_IPADDR='192.168.1.2'
TUNNEL_REMOTE_IPADDR='172.16.2.3'
IPADDR='10.20.30.40'
TUNNEL_TTL='64'
IPIP tunnels are created in exactly the same way, except that
the variable TUNNEL has to be set to "ipip". Use filename ifcfg-
tunl1 in this case.
SIT tunnels for IPv6 over IPv4
Static SIT tunnels are currently supported. To create a
"static" tunnel one needs to know an IPv4 address of the remote
end. The following example also assigns the local IPv6 address
3ffe:ffff::1234/64: ifcfg-sit1
STARTMODE='onboot'
BOOTPROTO='static'
TUNNEL='sit'
TUNNEL_LOCAL_IPADDR='192.168.1.2'
TUNNEL_REMOTE_IPADDR='172.16.2.3'
IPADDR='3ffe:ffff::1234/64'
TUNNEL_TTL='64'
Universal TUN/TAP tunnels
The universal TUN/TAP kernel driver provides an interface for
user space programs to operate a tunnel. There are two modes in
which the interface can be created:
TUN (a Point-to-Point interface using local and remote IP) or
TAP (like normal ethernet interface, e.g. for use in bridges).
The following configuration allows to create the interfaces per-
sistently:
ifcfg-tap0
STARTMODE='onboot'
BOOTPROTO='static'
TUNNEL='tap'
TUNNEL_SET_OWNER='username'
TUNNEL_SET_GROUP='groupname'
ifcfg-tun0
STARTMODE='onboot'
BOOTPROTO='static'
TUNNEL='tun'
TUNNEL_SET_OWNER='username'
TUNNEL_SET_GROUP='groupname'
The user space program can be started later. The TUN-
NEL_SET_OWNER and TUNNEL_SET_GROUP settings allow to run the
user space program with an different UID/GID than 0 (root).
When not specified, the user space program has to run with UID
0.
COPYRIGHT
Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
BUGS
Please report bugs at <https://bugzilla.novell.com/index.cgi>
AUTHORS
Michal Ludvig -- original tunnel man page
Karol Mroz -- wicked
SEE ALSO
ifcfg(5).
wicked August 2004 IFCFG-TUNNEL(5)
Want to link to this manual page? Use this URL:
<http://star2.abcm.com/cgi-bin/bsdi-man?query=ifcfg-tunnel&sektion=5&manpath=>