ifconfig tunl1 10.0.0.1 pointopoint 193.233.7.65to create tunnel. It does not work in 2.2.0!
A: You are right, it does not work. The command written above is split to two commands.
ip tunnel add MY-TUNNEL mode ipip remote 193.233.7.65will create tunnel device with name
MY-TUNNEL
. Now you may configure
it with:
ifconfig MY-TUNNEL 10.0.0.1Certainly, if you prefer name
tunl1
to MY-TUNNEL
,
you still may use it.
ifconfig tunl0 10.0.0.1 route add -net 10.0.0.0 gw 193.233.7.65 dev tunl0to tunnel net 10.0.0.0 via router 193.233.7.65. It does not work in 2.2.0! Moreover,
route
prints a funny error sort of
``network unreachable'' and after this I found a strange direct route
to 10.0.0.0 via tunl0
in routing table.
A: Yes, in 2.2 the rule that normal gateway must reside on directly connected network has not any exceptions. You may tell kernel, that this particular route is abnormal:
ifconfig tunl0 10.0.0.1 netmask 255.255.255.255 ip route add 10.0.0.0/8 via 193.233.7.65 dev tunl0 onlinkNote keyword
onlink
, it is the magic key that orders kernel
not to check for consistency of gateway address.
Probably, after this explanation you have already guessed another method
to cheat kernel:
ifconfig tunl0 10.0.0.1 netmask 255.255.255.255 route add -host 193.233.7.65 dev tunl0 route add -net 10.0.0.0 netmask 255.0.0.0 gw 193.233.7.65 route del -host 193.233.7.65 dev tunl0Well, if you like such tricks, nobody may prohibit you to use them. Only do not forget that between
route add
and route del
host 193.233.7.65 is
unreachable.
tunnel
device module and ipip
module.
I cannot find any tunnel
in 2.2!
A: Linux-2.2 has single module ipip
for both directions of tunneling
and for all IPIP tunnel devices.
traceroute
does not work over tunnel! Well, stop... It works,
only skips some number of hops.
A: Yes. By default tunnel driver copies ttl
value from
inner packet to outer one. It means that path traversed by tunneled
packets to another endpoint is not hidden. If you dislike this, or if you
are going to use some routing protocol expecting that packets
with ttl 1 will reach peering host (f.e. RIP, OSPF or EBGP)
and you are not afraid of
tunnel loops, you may append option ttl 64
, when creating tunnel
with ip tunnel add
.