IFCFG-TUNNEL



IFCFG-TUNNEL

NAME
SYNOPSIS
Tunnel interfaces
VARIABLES
Examples for tunnel configurations
BUGS
AUTHOR
SEE ALSO

NAME

ifcfg-tunnel − network tunnel interface configuration

SYNOPSIS

/etc/sysconfig/network/ifcfg-gre*
/etc/sysconfig/network/ifcfg-ipip*
/etc/sysconfig/network/ifcfg-sit*

/etc/sysconfig/network/ifcfg-tun*
/etc/sysconfig/network/ifcfg-tap*

Tunnel interfaces

It is possible to create static IP tunnel interfaces for three different protocols:

SIT

IPv6 over IPv4 tunnel

GRE

universal IPv4 tunnel

IPIP

IPv4 over IPv4 tunnel

Additionally, also creation of user space program driven tunnels using the universal TUN/TAP device driver is supported:

TAP

Ethernet tunnel interface

TUN

Point-to-Point IP tunnel interface

Since there is not yet a YaST2 support for creating tunnels one must write appropriate config files by hand for now.

VARIABLES

These variables can used in ip tunnel config files:

TUNNEL

Here you have to set the tunnel protocol. This may be "sit" for IPv6 over IPv4 tunnel, "gre" for universal IPv4 tunnel, "ipip" for IPv4 over IPv4 tunnel and "tap" or "tun" for the user space program driven tunnels.

TUNNEL_LOCAL_IPADDR or TUNNEL_DEVICE

The address of the local tunnel’s end could be directly specified in TUNNEL_LOCAL_IPADDR variable. The address must be present on an existing interface of this host (the TUNNEL_DEVICE). If TUNNEL_LOCAL_IPADDR is empty the first ipv4 address without label from the interface given in the variable TUNNEL_DEVICE will be used. You can configure a label for each additional address on the interface, that you don’t want to use.

TUNNEL_REMOTE_IPADDR

The address of the remote tunnel’s end.

TUNNEL_TTL

Specify the Time To Life of the packet which carries the tunneled data. Usually it is set to 64 but in some circumstances you may want do use something else between 1 and 255. Special value is "inherit" in which case the TTL is copied from the inner (tunneled) packet. This is also the default if the TTL variable wasn’t used.

TUNNEL_OPTIONS

Here you may set additional options for the command ip tunnel add

TUNNEL_SET_PERSISTENT

Create a persistent tun or tap interface. Default is "yes". Non-persistent tunnels are not supported yet.

TUNNEL_SET_OWNER and TUNNEL_SET_GROUP

Allows to set the owner and group (by name or UID/GID) for persistent tun/tap interfaces.

Examples for tunnel configurations

This are some generic examples for different tunnel types. Replace the shown addresses and interface names by your individual ones. As configuration names you may choose the interface names.
GRE and IPIP tunnels

Create a GRE tunnel between a local computer with IP address 192.168.1.2 and a remote computer with IP address 172.16.2.3. After the tunnel is created assign an IP address 10.20.30.40 to it’s local end. Default filename: ifcfg-gre1
STARTMODE=’onboot’
BOOTPROTO=’static’
TUNNEL=’gre’
TUNNEL_LOCAL_IPADDR=’192.168.1.2’
TUNNEL_REMOTE_IPADDR=’172.16.2.3’
IPADDR=’10.20.30.40’
TUNNEL_TTL=’64’

IPIP tunnel is created in exactly the same way, except that the variable TUNNEL has to be set to "ipip" in this case. Use filename ifcfg-tunl1 in this case.

SIT tunnels for IPv6 over IPv4

There are two modes in which SIT tunnels may operate: static and 6to4

To create a "static" tunnel one needs to know an IPv4 address of the remote end, while for a "6to4" tunnel the remote end is a "6to4 relay". These relays are usually public and could be reached either under their respective IPv4 address or under a unique IPv4 anycast address 192.88.99.1 (as defined in RFC 3068).

This typical config file for a 6to4 tunnel should fit most user’s needs and the only required change is the external interface name. Default filename: ifcfg-sit1
STARTMODE=’onboot’
BOOTPROTO=’6to4’
TUNNEL=’sit’
TUNNEL_DEVICE=’eth0’
TUNNEL_TTL=’64’
Additionally you need to set some routes. Do that in a file called ifroute-<configname> with the same configname as in ifcfg-<configname>. Default filename: ifroute-sit1 It may look like this:
2000::/3 2002:c058:6301::1 - - - metric 1
The magic string 2002:c058:6301::1 is a 6to4 version of the anycast IPv4 address 192.88.99.1.

To create a "static" tunnel with local IPv6 address 3ffe:ffff::1234/64 use a config file like this: Default filename: ifcfg-sit1
STARTMODE=’onboot’
BOOTPROTO=’static’
TUNNEL=’sit’
TUNNEL_LOCAL_IPADDR=’192.168.1.2’
TUNNEL_REMOTE_IPADDR=’172.16.2.3’
IPADDR=’3ffe:ffff::1234/64’
TUNNEL_TTL=’64’

Universal TUN/TAP tunnels

The universal TUN/TAP kernel driver provides an interface for user space programs to operate a tunnel. There are two modes in which the interface can be created:
TUN (a Point-to-Point interface using local and remote IP) or
TAP (like normal ethernet interface, e.g. for use in bridges).

The following configuration allows to create the interfaces persistently:

ifcfg-tap0
STARTMODE=’onboot’
BOOTPROTO=’static’
TUNNEL=’tap’
# optionally:
TUNNEL_SET_PERSISTENT=’yes’
TUNNEL_SET_OWNER=’username’
TUNNEL_SET_GROUP=’groupname’

ifcfg-tun0
STARTMODE=’onboot’
BOOTPROTO=’static’
TUNNEL=’tun’
# optionally:
TUNNEL_SET_PERSISTENT=’yes’
TUNNEL_SET_OWNER=’username’
TUNNEL_SET_GROUP=’groupname’

The user space program can be started later, e.g. by the ifservices(5) mechanism. The TUNNEL_SET_OWNER and TUNNEL_SET_GROUP settings allow to run the user space program with an different UID/GID than 0 (root). When not specified, the user space program has to run with UID 0.

Non-persistent tunnels (TUNNEL_SET_PERSISTENT=no), where the user space program (e.g. openvpn) is started directly in ifup, are not supported yet.

BUGS

Please report bugs at <http://www.suse.de/feedback>

AUTHOR

Christian Zoz <zoz@suse.de> -- ifup script
Michal Svec <msvec@suse.cz> -- ifup script
Bjoern Jacke -- ifup script
Mads Martin Joergensen <mmj@suse.de> -- ifup manual page
Michal Ludvig <mludvig@suse.cz> -- tunnel support

SEE ALSO

ifcfg(5), ifup(8).






Opportunity


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.





Free Software


Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.


Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.





Free Books


The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.


Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.





Education


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.


Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.