IFCFG-TUNNEL
NAMESYNOPSIS
Tunnel interfaces
VARIABLES
Examples for tunnel configurations
BUGS
AUTHOR
SEE ALSO
NAME
ifcfg-tunnel − network tunnel interface configuration
SYNOPSIS
/etc/sysconfig/network/ifcfg-gre*
/etc/sysconfig/network/ifcfg-ipip*
/etc/sysconfig/network/ifcfg-sit*
/etc/sysconfig/network/ifcfg-tun*
/etc/sysconfig/network/ifcfg-tap*
Tunnel interfaces
It is possible to create static IP tunnel interfaces for three different protocols:
|
SIT |
IPv6 over IPv4 tunnel |
|||
|
GRE |
universal IPv4 tunnel |
|||
|
IPIP |
IPv4 over IPv4 tunnel |
Additionally, also creation of user space program driven tunnels using the universal TUN/TAP device driver is supported:
|
TAP |
Ethernet tunnel interface |
|||
|
TUN |
Point-to-Point IP tunnel interface |
Since there is not yet a YaST2 support for creating tunnels one must write appropriate config files by hand for now.
VARIABLES
These variables can used in ip tunnel config files:
|
TUNNEL |
Here you have to set the tunnel protocol. This may be "sit" for IPv6 over IPv4 tunnel, "gre" for universal IPv4 tunnel, "ipip" for IPv4 over IPv4 tunnel and "tap" or "tun" for the user space program driven tunnels. |
TUNNEL_LOCAL_IPADDR or TUNNEL_DEVICE
The address of the local tunnel’s end could be directly specified in TUNNEL_LOCAL_IPADDR variable. The address must be present on an existing interface of this host (the TUNNEL_DEVICE). If TUNNEL_LOCAL_IPADDR is empty the first ipv4 address without label from the interface given in the variable TUNNEL_DEVICE will be used. You can configure a label for each additional address on the interface, that you don’t want to use.
TUNNEL_REMOTE_IPADDR
The address of the remote tunnel’s end.
TUNNEL_TTL
Specify the Time To Life of the packet which carries the tunneled data. Usually it is set to 64 but in some circumstances you may want do use something else between 1 and 255. Special value is "inherit" in which case the TTL is copied from the inner (tunneled) packet. This is also the default if the TTL variable wasn’t used.
TUNNEL_OPTIONS
Here you may set additional options for the command ip tunnel add
TUNNEL_SET_PERSISTENT
Create a persistent tun or tap interface. Default is "yes". Non-persistent tunnels are not supported yet.
TUNNEL_SET_OWNER and TUNNEL_SET_GROUP
Allows to set the owner and group (by name or UID/GID) for persistent tun/tap interfaces.
Examples for tunnel configurations
This are some
generic examples for different tunnel types. Replace the
shown addresses and interface names by your individual ones.
As configuration names you may choose the interface names.
GRE and IPIP tunnels
Create a GRE tunnel between a
local computer with IP address 192.168.1.2 and a remote
computer with IP address 172.16.2.3. After the tunnel is
created assign an IP address 10.20.30.40 to it’s local
end. Default filename: ifcfg-gre1
STARTMODE=’onboot’
BOOTPROTO=’static’
TUNNEL=’gre’
TUNNEL_LOCAL_IPADDR=’192.168.1.2’
TUNNEL_REMOTE_IPADDR=’172.16.2.3’
IPADDR=’10.20.30.40’
TUNNEL_TTL=’64’
IPIP tunnel is created in exactly the same way, except that the variable TUNNEL has to be set to "ipip" in this case. Use filename ifcfg-tunl1 in this case.
SIT tunnels for IPv6 over IPv4
There are two modes in which SIT tunnels may operate: static and 6to4
To create a "static" tunnel one needs to know an IPv4 address of the remote end, while for a "6to4" tunnel the remote end is a "6to4 relay". These relays are usually public and could be reached either under their respective IPv4 address or under a unique IPv4 anycast address 192.88.99.1 (as defined in RFC 3068).
This typical
config file for a 6to4 tunnel should fit most
user’s needs and the only required change is the
external interface name. Default filename: ifcfg-sit1
STARTMODE=’onboot’
BOOTPROTO=’6to4’
TUNNEL=’sit’
TUNNEL_DEVICE=’eth0’
TUNNEL_TTL=’64’
Additionally you need to set some routes. Do that in a file
called ifroute-<configname> with the same configname
as in ifcfg-<configname>. Default filename:
ifroute-sit1 It may look like this:
2000::/3 2002:c058:6301::1 - - - metric 1
The magic string 2002:c058:6301::1 is a 6to4 version of the
anycast IPv4 address 192.88.99.1.
To create a
"static" tunnel with local IPv6 address
3ffe:ffff::1234/64 use a config file like this: Default
filename: ifcfg-sit1
STARTMODE=’onboot’
BOOTPROTO=’static’
TUNNEL=’sit’
TUNNEL_LOCAL_IPADDR=’192.168.1.2’
TUNNEL_REMOTE_IPADDR=’172.16.2.3’
IPADDR=’3ffe:ffff::1234/64’
TUNNEL_TTL=’64’
Universal TUN/TAP tunnels
The universal TUN/TAP kernel
driver provides an interface for user space programs to
operate a tunnel. There are two modes in which the interface
can be created:
TUN (a Point-to-Point interface using local and remote IP)
or
TAP (like normal ethernet interface, e.g. for use in
bridges).
The following configuration allows to create the interfaces persistently:
ifcfg-tap0
STARTMODE=’onboot’
BOOTPROTO=’static’
TUNNEL=’tap’
# optionally:
TUNNEL_SET_PERSISTENT=’yes’
TUNNEL_SET_OWNER=’username’
TUNNEL_SET_GROUP=’groupname’
ifcfg-tun0
STARTMODE=’onboot’
BOOTPROTO=’static’
TUNNEL=’tun’
# optionally:
TUNNEL_SET_PERSISTENT=’yes’
TUNNEL_SET_OWNER=’username’
TUNNEL_SET_GROUP=’groupname’
The user space program can be started later, e.g. by the ifservices(5) mechanism. The TUNNEL_SET_OWNER and TUNNEL_SET_GROUP settings allow to run the user space program with an different UID/GID than 0 (root). When not specified, the user space program has to run with UID 0.
Non-persistent tunnels (TUNNEL_SET_PERSISTENT=no), where the user space program (e.g. openvpn) is started directly in ifup, are not supported yet.
BUGS
Please report bugs at <http://www.suse.de/feedback>
AUTHOR
Christian Zoz
<zoz@suse.de> -- ifup script
Michal Svec <msvec@suse.cz> -- ifup script
Bjoern Jacke -- ifup script
Mads Martin Joergensen <mmj@suse.de> -- ifup manual
page
Michal Ludvig <mludvig@suse.cz> -- tunnel support
SEE ALSO
ifcfg(5), ifup(8).
More Linux Commands
manpages/cacosh.3.html
cacosh(3) - complex arc hyperbolic cosine - Linux man page
The cacosh() function calculates the complex arc hyperbolic cosine of z. If y = cacosh(z), then z = ccosh(y). The imaginary part of y is chosen in the interval
manpages/archive.8.html
archive(8) - Usenet article archiver - Linux manual page....
archive makes copies of files specified on its standard input. It is normally run either as a channel feed under innd or by a script before news.daily is run. a
manpages/ifcfg-tunnel.5.html
ifcfg-tunnel(5) - network tunnel interface configuration tool
It is possible to create static IP tunnel interfaces for three different protocols: SIT IPv6 over IPv4 tunnel GRE universal IPv4 tunnel IPIP. creation of user..
manpages/loginctl.1.html
loginctl(1) Control the systemd login manager (Man Page)....
loginctl may be used to introspect and control the state of the systemd(1) login manager systemd-logind.service(8). OPTIONS The following options are understood
manpages/pamdepth.1.html
pamdepth(1) - change the maxval in a Netpbm image (ManPage)
This program is part of Netpbm(1) pamdepth reads a Netpbm image as input, changes its depth (color resolution), and writes out the resulting Netpbm image. I.e.
manpages/gnutls_x509_crq_get_attribute_info.3.html
gnutls_x509_crq_get_attribute_info(3) - API function........
This function will return the requested attribute OID in the certificate, and the critical flag for it. The attribute OID will be stored as a string in the prov
manpages/gnutls_x509_crt_check_issuer.3.html
gnutls_x509_crt_check_issuer(3) - API function (Man Page)...
This function will check if the given certificate was issued by the given issuer. RETURNS It will return true (1) if the given certificate is issued by the give
manpages/acl_entries.3.html
acl_entries(3) - return the number of entries in an ACL.....
The acl_entries() function returns the number of ACL entries that are contained in the ACL referred to by the argument acl. RETURN VALUE The acl_entries() funct
manpages/gnutls_x509_crq_deinit.3.html
gnutls_x509_crq_deinit(3) - API function - Linux man page...
This function will deinitialize a PKCS10 certificate request structure. REPORTING BUGS Report bugs to <bug-gnutls@gnu.org>. GnuTLS home page: http://www.gnu.org
manpages/sync.2.html
sync(2) - commit buffer cache to disk - Linux manual page...
sync() causes all buffered modifications to file metadata and data to be written to the underlying filesystems. syncfs() is like sync(), but synchronizes just t
manpages/XtAppAddTimeOut.3.html
XtAppAddTimeOut(3) - register and remove timeouts (ManPage)
The XtAppAddTimeOut function creates a timeout and returns an identifier for it. The timeout value is set to interval. The callback procedure is called when the
manpages/csinf.3.html
csinf(3) - complex sine function (Library - Linux man page)
The complex sine function is defined as: csin(z) = (exp(i * z) - exp(-i * z)) / (2 * i) VERSIONS These functions first appeared in glibc in version 2.1. CONFORM
