How to create a tunnel useing Linux.

Updated 06/05/01


The quick way



1. You may need to load the moduaul ipip.o.
To load it:
/sbin/insmod /lib/modules/2.2.14-5.0smp/ipv4/ipip.o

If you are not sure which modules are loaded type:
/sbin/lsmod

2. I added to /etc/conf.modules [on RH-7.1 it is /etc/modules.conf]:
alias tunl0 ipip

3. Then add to the /etc/rc.d/rc3.d/S99local:

# Load tunnel module ipip.
/sbin/insmod /lib/modules/2.2.14-5.0smp/ipv4/ipip.o
This will alow the modual ipip.o to load on bootup.

4. To start the tunnel, add the tunnel commands to the /etc/rc.d/rc.local [you might want to load them manualy first.] :

/sbin/iptunnel add tunl1 mode ipip remote 38.245.76.68 # This points to the remote end of the tunnel.

Note that 140.173.4.105 is the local Linux box, and 140.173.4.106 is the remote host.
/sbin/ifconfig tunl1 140.173.4.105 pointopoint 140.173.4.106

Please note that tunl1 is not a mistype. Linux tunnels do not seem to like to use tunl0, so we are useing tunl1. Also note that the addresses are the inner header addresses.


5. Put a static route pointing to the remote host in /etc/sysconfig/staticroutes [Linux box.]

eth0 net 38.245.76.68 netmask 255.255.255.0 gw 38.245.76.105
The first ip address belongs to the remote host, and the second ip belongs to the local host.
These addresses are the outer header addresses.

  • The end. Below are the steps that I took to arive at this point.


    • This was setup on bak.code-donkey.org [Red Hat-6.2] going to boingo.code-donkey.org [FreeBSD-4.3].
    140.173.4.104/30
    140.173.4.105/30
    140.173.4.106/30
    140.173.4.107/30

    Usage: iptunnel { add | change | del | show } [ NAME ]
    [ mode { ipip | gre | sit } ] [ remote ADDR ] [ local ADDR ]
    [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ]
    [ ttl TTL ] [ tos TOS ] [ nopmtudisc ] [ dev PHYS_DEV ]
    iptunnel -V | --version

    Where: NAME := STRING
    ADDR := { IP_ADDRESS | any }
    TOS := { NUMBER | inherit }
    TTL := { 1..255 | inherit }
    KEY := { DOTTED_QUAD | NUMBER }

    The steps I took.



    1. [root@bak /]# /sbin/iptunnel add tunl0 mode ipip remote 140.173.4.106 local 140.173.4.106 ttl 1

    got back:
    ioctl: No such device
    It is a moudule [/lib/modules/2.2.14-5.0smp/ipv4/ipip.o]

    2. I loaded the moduaul.
    to load it:
    /sbin/insmod /lib/modules/2.2.14-5.0smp/ipv4/ipip.o
    -it works.
    /sbin/lsmod [shows what modulds are loaded.]

    3. I added to /etc/conf.modules:
    alias tunl0 ipip

    4. I also added to the /etc/rc.d/rc3.d/S99local:
    # Load tunnel module ipip - Alec 6/5/01
    /sbin/insmod /lib/modules/2.2.14-5.0smp/ipv4/ipip.o

    5. In /etc/sysconfig/network-scripts I created a file called tunnel [which is baced on one in uclapc.] It looks like:
    --------------------------------------------------------------------------------------------
    #!/bin/bash
    #

    case "$1" in
    start)
    /sbin/iptunnel add tunl1 mode ipip remote 38.245.76.105
    # modify the above IP address to reflect the desired tunnel endpoint
    /sbin/ifconfig tunl1 140.173.4.105 pointopoint 140.173.4.106
    # modify the above IP addresses to reflect the tunnel addresses
    exit 0
    ;;
    stop)
    /sbin/ifconfig tunl1 down
    /sbin/iptunnel del tunl1
    exit 0
    ;;
    *)
    echo "Usage: tunnel {start|stop}"
    exit 1
    esac

    exit 0

    --------------------------------------------------------------------------------------------
    the above is only working when I load it manualy.

    6. To get around the problem of the i/f not comming up I add the tunnel commands to the /etc/rc.d/rc.local [Linux box]:

    /sbin/iptunnel add tunl1 mode ipip remote 38.245.76.68
    /sbin/ifconfig tunl1 140.173.4.105 pointopoint 140.173.4.106

    - it seems to work.
    I then made the file excicutable by "chmod 755 tunnel" .

    I also put a static route to boingo's 38.245.76.68 address in /etc/sysconfig/staticroutes on bak. [Linux box.]

    eth0 net 38.245.76.68 netmask 255.255.255.0 gw 38.245.76.105

    - To the above script I changed the "tunl0" to "tunl1" on Dan Massey's advice. They had had a simaler problem binging up their tunnel. The tunl0 would not come up so we use tunl1.


    7. I added to /etc/rc.d/init.d an executable file called "tunnel" and in it I put:

    -------------------------------------------------------------------------------------------
    #
    # tunnel Bring up/down tunnels
    #
    # chkconfig: 2345 50 90
    # description: Activates/Deactivates tunnel interfaces

    # Source function library.
    . /etc/init.d/functions

    [ -f /etc/sysconfig/network-scripts/tunnel ] || exit 0


    function start()
    {
    echo -n "Bringing up tunnel interfaces: "
    echo `/sbin/ifconfig | grep ^[t] | awk '{print $1}'`
    /etc/sysconfig/network-scripts/tunnel start
    RETVAL=$?
    [ "$RETVAL" = 0 ] && touch /var/lock/subsys/tunnel
    }

    function stop()
    {
    echo -n "Bringing down tunnel interfacess:"
    /etc/sysconfig/network-scripts/tunnel stop
    rm -f /var/lock/subsys/tunnel
    }


    case "$1" in
    start)
    start
    ;;
    stop)
    stop
    ;;
    status)
    echo "Tunnel interfaces:"
    echo `/sbin/ifconfig | grep ^[t] | awk '{print $1}'`
    ;;
    restart)
    stop
    start
    ;;
    *)
    echo "Usage: tunnel {start|stop|restart|status}"
    exit 1
    esac

    exit 0

    ---------------------------------------------------------------------------------------
    I did not have much luck with this script either.... It could be a differnce between RH-6.2 and RH-7.1

    8. I added to boingo [fbsd 4.3] a static route to the rc.local along with the gif0 information.

    # A test tunnel from [fbsd 4.3] to bak.code-donkey.org [RH 6.2]

    /sbin/ifconfig gif0 140.173.4.106 140.173.4.105 netmask 255.255.255.252
    /usr/sbin/gifconfig gif0 38.245.76.68 38.245.76.105

    # A route to bak.code-donkey.org [RH 6.2] from fbsd 4.3

    route add -net 140.173.4.105 140.173.4.106
    [140.173.4.105/30 is the destination, and 140.173.4.106 is the gateway.]