Re: ipip tunnel - route complains!

Stuart Lynne (sl@whiskey.fireplug.net)
24 Dec 1998 07:16:23 GMT

In article <199812231531.QAA17905@wanadoo.fr>,
<christophe.leroy5@capway.com> wrote:
>>Hi,
>
>>it looks like I can't get ipip tunneling to work. I use kernel 2.1.131 >and
>>net-tools 1.49. I asked for help a few days ago and someone told >me to
>>upgrade to the newest net-tools. Done. Still the same problem:
>
>
>
>Second solution is:
>
>- Get iproute2 package from ftp.inr.ac.ru/ip-routing
>- Do on each side:
> ip tunnel add tunl1 mode ipip local your_eth0_ip remote
>rmt_eth0_ip
> ifconfig tunl1 this_side_tunnel_ip

Assuming two systems:

system A eth0: 10.0.1.1 eth1: 192.168.1.254
system B eth0: 10.0.2.1 eth1: 192.168.2.254

Where the network connections are via eth0 (the 10.0.0.0 network) and
the two systems wish to have the 192.168.1 and 192.168.2 networks
tunneled together:

On system A:

ip tunnel add tun0 mode ipip remote 10.0.2.1 local 192.168.1.254
ip addr add 192.168.1.254 dev tun0
ip link set tun0 up
ip route add 192.168.2.0/24 dev tun0

On system B:

ip tunnel add tun0 mode ipip remote 10.0.1.1 local 192.168.2.254
ip addr add 192.168.2.254 dev tun0
ip link set tun0 up
ip route add 192.168.1.0/24 dev tun0

Don't forget to poke holes in your firewall for protocol 4 (not port 4,
protocol 4 for IPIP or protocol 47 for GRE).

Don't forget that if you have a firewall that you are now letting the
people from the far end in to the inside of your firewall. So you may
want to have additional rule for data crossing the tun0 interface.

If you have masquerading turned on be sure to have the latest 2.1.131ac13
kernel.

-- 
Stuart Lynne <sl@fireplug.net>      604-461-7532      <http://edge.fireplug.net>
PGP Fingerprint: 28 E2 A0 15 99 62 9A 00  88 EC A3 EE 2D 1C 15 68


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/