wiki:OverlayRouting

Tunnel configuration with ip command

Overview

The ip utility is located in iproute2 package and it's used to build ipip tunnels too.

Here below are listed some useful ip commands needed for a tunnel creation:

ip tunnel add $TunnelName mode ipip local $LocalIP remote $RemoteIP

This command creates a new interface called $TunnelName that represents the local end-point of tunnel.

ip link set $TunnelName up

That is the same to use the command ifconfig $TunnelName up.

ip addr add $PrivateIP_of_tunnel dev $TunnelName

Assign a private ip to the interface $TunnelName.

ip route add $PrivateNET_IP_of_tunnel dev $TunnelName

Add a new route in the routing tables to permit packets with destination $PrivateNET_IP_of_tunnel to be send in the tunnel.

Example

An example of architecture that can use this commands is the following:

There is a server (192.168.x.y) and some clients (i.e. two: 192.168.x.x and 192.168.x.z) that want communicate with the server through two tunnels (one tunnel for each client).

On the clients we create virtual interfaces for the tunnels and assign an IP address. 10.0.0.1 on the first client and 10.0.10.1 on the second client.

On the server we create two virtual interfaces, one for each tunnel. We assign the IP addresses 10.0.0.2 and 10.0.10.2 . Finally, we set the routing table on the server to do the routing between the client and to do NAT.

The commands for the first client is here below listed:

ip tunnel add tunnel1 mode ipip local 192.168.x.x remote 192.168.x.y
ip link set tunnel1 up
ip addr add 10.0.0.1 dev tunnel1
ip route add 10.0.0.0/16 via 10.0.0.1

The commands for the second client are:

ip tunnel add tunnel2 mode ipip local 192.168.x.z remote 192.168.x.y
ip link set tunnel2 up
ip addr add 10.0.10.1 dev tunnel2
ip route add 10.0.0.0/16 via 10.0.10.1

And for the server:

ip tunnel add tunnel1 mode ipip local 192.168.x.y remote 192.168.x.x
ip tunnel add tunnel2 mode ipip local 192.168.x.y remote 192.168.x.z
ip link set tunnel1 up
ip addr add 10.0.0.2 dev tunnel1
ip link set tunnel2 up
ip addr add 10.0.10.2 dev tunnel2
ip route add 10.0.0.0/24 dev tunnel1
ip route add 10.0.10.0/24 dev tunnel2

In the occurrence you need NAT service on the server, there are simple commands lines that you have to add on the iptables configuration:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.0.10.1 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.0.0.1 -o eth0 -j MASQUERADE

where eth0 is the server interface with public ip.

Last modified 11 years ago Last modified on Apr 18, 2007, 9:51:22 AM