IFCFG-TUNNEL(5) Network configuration IFCFG-TUNNEL(5)NAMEifcfg-tunnel - network tunnel interface configuration
SYNOPSIS
/etc/sysconfig/network/ifcfg-gre*
/etc/sysconfig/network/ifcfg-ipip*
/etc/sysconfig/network/ifcfg-sit*
/etc/sysconfig/network/ifcfg-tun*
/etc/sysconfig/network/ifcfg-tap*
Tunnel interfaces
It is possible to create static IP tunnel interfaces for three differ‐
ent protocols:
SIT IPv6 over IPv4 tunnel
GRE universal IPv4 tunnel
IPIP IPv4 over IPv4 tunnel
Additionally, also creation of user space program driven tunnels using
the universal TUN/TAP device driver is supported:
TAP Ethernet tunnel interface
TUN Point-to-Point IP tunnel interface
Since there is not yet a YaST2 support for creating tunnels one must
write appropriate config files by hand for now.
VARIABLES
These variables can used in ip tunnel config files:
TUNNEL Here you have to set the tunnel protocol. This may be "sit" for
IPv6 over IPv4 tunnel, "gre" for universal IPv4 tunnel, "ipip"
for IPv4 over IPv4 tunnel and "tap" or "tun" for the user space
program driven tunnels.
TUNNEL_LOCAL_IPADDR or TUNNEL_DEVICE
The address of the local tunnel's end could be directly speci‐
fied in TUNNEL_LOCAL_IPADDR variable. The address must be
present on an existing interface of this host (the TUN‐
NEL_DEVICE). If TUNNEL_LOCAL_IPADDR is empty the first ipv4
address without label from the interface given in the variable
TUNNEL_DEVICE will be used. You can configure a label for each
additional address on the interface, that you don't want to use.
TUNNEL_REMOTE_IPADDR
The address of the remote tunnel's end.
TUNNEL_TTL
Specify the Time To Life of the packet which carries the tun‐
neled data. Usually it is set to 64 but in some circumstances
you may want do use something else between 1 and 255. Special
value is "inherit" in which case the TTL is copied from the
inner (tunneled) packet. This is also the default if the TTL
variable wasn't used.
TUNNEL_OPTIONS
Here you may set additional options for the command ip tunnel
add
TUNNEL_SET_PERSISTENT
Create a persistent tun or tap interface. Default is "yes".
Non-persistent tunnels are not supported yet.
TUNNEL_SET_OWNER and TUNNEL_SET_GROUP
Allows to set the owner and group (by name or UID/GID) for per‐
sistent tun/tap interfaces.
Examples for tunnel configurations
This are some generic examples for different tunnel types. Replace the
shown addresses and interface names by your individual ones. As config‐
uration names you may choose the interface names.
GRE and IPIP tunnels
Create a GRE tunnel between a local computer with IP address
192.168.1.2 and a remote computer with IP address 172.16.2.3.
After the tunnel is created assign an IP address 10.20.30.40 to
it's local end. Default filename: ifcfg-gre1
STARTMODE='onboot'
BOOTPROTO='static'
TUNNEL='gre'
TUNNEL_LOCAL_IPADDR='192.168.1.2'
TUNNEL_REMOTE_IPADDR='172.16.2.3'
IPADDR='10.20.30.40'
TUNNEL_TTL='64'
IPIP tunnel is created in exactly the same way, except that the
variable TUNNEL has to be set to "ipip" in this case. Use file‐
name ifcfg-tunl1 in this case.
SIT tunnels for IPv6 over IPv4
There are two modes in which SIT tunnels may operate: static and
6to4
To create a "static" tunnel one needs to know an IPv4 address of
the remote end, while for a "6to4" tunnel the remote end is a
"6to4 relay". These relays are usually public and could be
reached either under their respective IPv4 address or under a
unique IPv4 anycast address 192.88.99.1 (as defined in RFC
3068).
This typical config file for a 6to4 tunnel should fit most
user's needs and the only required change is the external inter‐
face name. Default filename: ifcfg-sit1
STARTMODE='onboot'
BOOTPROTO='6to4'
TUNNEL='sit'
TUNNEL_DEVICE='eth0'
TUNNEL_TTL='64'
Additionally you need to set some routes. Do that in a file
called ifroute-<configname> with the same configname as in
ifcfg-<configname>. Default filename: ifroute-sit1 It may look
like this:
2000::/3 2002:c058:6301::1 - - - metric 1
The magic string 2002:c058:6301::1 is a 6to4 version of the any‐
cast IPv4 address 192.88.99.1.
To create a "static" tunnel with local IPv6 address
3ffe:ffff::1234/64 use a config file like this: Default file‐
name: ifcfg-sit1
STARTMODE='onboot'
BOOTPROTO='static'
TUNNEL='sit'
TUNNEL_LOCAL_IPADDR='192.168.1.2'
TUNNEL_REMOTE_IPADDR='172.16.2.3'
IPADDR='3ffe:ffff::1234/64'
TUNNEL_TTL='64'
Universal TUN/TAP tunnels
The universal TUN/TAP kernel driver provides an interface for
user space programs to operate a tunnel. There are two modes in
which the interface can be created:
TUN (a Point-to-Point interface using local and remote IP) or
TAP (like normal ethernet interface, e.g. for use in bridges).
The following configuration allows to create the interfaces per‐
sistently:
ifcfg-tap0
STARTMODE='onboot'
BOOTPROTO='static'
TUNNEL='tap'
# optionally:
TUNNEL_SET_PERSISTENT='yes'
TUNNEL_SET_OWNER='username'
TUNNEL_SET_GROUP='groupname'
ifcfg-tun0
STARTMODE='onboot'
BOOTPROTO='static'
TUNNEL='tun'
# optionally:
TUNNEL_SET_PERSISTENT='yes'
TUNNEL_SET_OWNER='username'
TUNNEL_SET_GROUP='groupname'
The user space program can be started later, e.g. by the ifser‐
vices(5) mechanism. The TUNNEL_SET_OWNER and TUNNEL_SET_GROUP
settings allow to run the user space program with an different
UID/GID than 0 (root). When not specified, the user space pro‐
gram has to run with UID 0.
Non-persistent tunnels (TUNNEL_SET_PERSISTENT=no), where the
user space program (e.g. openvpn) is started directly in ifup,
are not supported yet.
BUGS
Please report bugs at <http://www.suse.de/feedback>
AUTHOR
Christian Zoz <zoz@suse.de> -- ifup script
Michal Svec <msvec@suse.cz> -- ifup script
Bjoern Jacke -- ifup script
Mads Martin Joergensen <mmj@suse.de> -- ifup manual page
Michal Ludvig <mludvig@suse.cz> -- tunnel support
SEE ALSOifcfg(5), ifup(8).
sysconfig August 2004 IFCFG-TUNNEL(5)
