1. Manuals
  2. Tumbleweed
  3. wicked
  4. ifcfg-tunnel(5)

Scroll to navigation

IFCFG-TUNNEL(5) Network configuration IFCFG-TUNNEL(5)

NAME

ifcfg-tunnel - network tunnel interface configuration

SYNOPSIS

/etc/sysconfig/network/ifcfg-gre*
/etc/sysconfig/network/ifcfg-ipip*
/etc/sysconfig/network/ifcfg-sit*

/etc/sysconfig/network/ifcfg-tun*
/etc/sysconfig/network/ifcfg-tap*

Tunnel interfaces

It is possible to create static IP tunnel interfaces for three different protocols:

IPv6 over IPv4 tunnel
universal IPv4 tunnel
IPv4 over IPv4 tunnel

Additionally, creation of user space program driven tunnels using the universal TUN/TAP device driver is supported:

Ethernet tunnel interface
Point-to-Point IP tunnel interface

Since there is not yet YaST2 support for creating tunnels one must write appropriate config files by hand for now.

VARIABLES

These variables can used in ip tunnel config files:

Here you have to set the tunnel protocol. This may be "sit" for IPv6 over IPv4 tunnel, "gre" for universal IPv4 tunnel, "ipip" for IPv4 over IPv4 tunnel and "tap" or "tun" for the user space program driven tunnels.
The address of the local tunnel's end must be directly specified in TUNNEL_LOCAL_IPADDR variable. The address must be present on an existing interface of this host.
The address of the remote tunnel's end.
Permits to specify an optional device name, to bind the tunnel to the device, so that tunneled packets will only be routed via this device and will not be able to escape to usable routes available on another devices.
Specify the Time To Life of the packet which carries the tunneled data. Usually it is set to 64 but in some circumstances you may want do use something else between 1 and 255. If not explicitly set, the TTL is copied from the inner (tunneled) packet.
Specify the Type of Service of the packet which carries the tunneled data.
Enable or disable the Path MTU Discovery on this tunnel. PMTU discovery is disabled by default. Note that a fixed TTL is incompatible with this option: tunnelling with a fixed TTL always makes PMTU discovery.
Permits to specify a space separated list of flags to enable sequencing and checksums for incoming and outgoing tunneled packets.
Permits to use of keyed GRE using the specified key for incoming and outgoing tunneled packets in IPv4 dotted quad IP address notation or as a number.
Applicable only to SIT tunnels. Enable or disable this variable to control whether the SIT tunnel utilizes Intra-Site Automatic Tunnel Addressing Protocol. By default this option is disabled.
Allows to set the owner and group (by name or UID/GID) for persistent tun/tap interfaces.

Examples for tunnel configurations

These are some generic examples for different tunnel types. Replace the shown addresses and interface names by your individual ones. As configuration names you may choose the interface names.

GRE and IPIP tunnels
Create a GRE tunnel between a local computer with IP address 192.168.1.2 and a remote computer with IP address 172.16.2.3. After the tunnel is created assign an IP address 10.20.30.40 to it's local end. Default filename: ifcfg-gre1 


   STARTMODE='onboot'


   BOOTPROTO='static'


   TUNNEL='gre'


   TUNNEL_LOCAL_IPADDR='192.168.1.2'


   TUNNEL_REMOTE_IPADDR='172.16.2.3'


   IPADDR='10.20.30.40'


   TUNNEL_TTL='64'
IPIP tunnels are created in exactly the same way, except that the variable TUNNEL has to be set to "ipip". Use filename ifcfg-tunl1 in this case.
SIT tunnels for IPv6 over IPv4
Static SIT tunnels are currently supported. To create a "static" tunnel one needs to know an IPv4 address of the remote end. The following example also assigns the local IPv6 address 3ffe:ffff::1234/64: ifcfg-sit1 


   STARTMODE='onboot'


   BOOTPROTO='static'


   TUNNEL='sit'


   TUNNEL_LOCAL_IPADDR='192.168.1.2'


   TUNNEL_REMOTE_IPADDR='172.16.2.3'


   IPADDR='3ffe:ffff::1234/64'


   TUNNEL_TTL='64'
The universal TUN/TAP kernel driver provides an interface for user space programs to operate a tunnel. There are two modes in which the interface can be created: 


  TUN (a Point-to-Point interface using local and remote IP) or


  TAP (like normal ethernet interface, e.g. for use in bridges).

The following configuration allows to create the interfaces persistently:

ifcfg-tap0



   STARTMODE='onboot'


   BOOTPROTO='static'


   TUNNEL='tap'


   TUNNEL_SET_OWNER='username'


   TUNNEL_SET_GROUP='groupname'

ifcfg-tun0



   STARTMODE='onboot'


   BOOTPROTO='static'


   TUNNEL='tun'


   TUNNEL_SET_OWNER='username'


   TUNNEL_SET_GROUP='groupname'

The user space program can be started later. The TUNNEL_SET_OWNER and TUNNEL_SET_GROUP settings allow to run the user space program with an different UID/GID than 0 (root). When not specified, the user space program has to run with UID 0.

COPYRIGHT

Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.

BUGS

Please report bugs at <https://bugzilla.novell.com/index.cgi>

AUTHORS

Michal Ludvig -- original tunnel man page
Karol Mroz -- wicked

SEE ALSO

ifcfg(5).

August 2004 wicked