Penguin
Note: You are viewing an old revision of this page. View the current version.

IPIP is a very simple method of tunneling IP packets over an IP connection.

Kernel Requirements

You need to have ip over ip routing support compiled in or compiled as a module

Networking Options -> IP Tunneling (CONFIG_NET_IPIP)

Userspace Requirements

You will also need /sbin/ip (see iproute(8)?). This usually comes in a package called iproute (eg Debian) or iproute2 depending on your distribution.

Example Network

There are two machines that we want to create a ip over ip link between for some reason. Lets call them Router A and Router B. These routers are both connected to the internet, you will also need a network to use on the tunnel. In the example below Router A and B have addreses in the same subnet, this is not a requirement, you can create a tunnel to a host on the other side of the internet if you want.

| Tunnel Network | 192.168.1.0/24 | Router A - IP | 192.0.2.34 | Router A - Tunnel IF | 192.168.1.1 | Router B - IP | 192.0.2.69 | Router B - Tunnel IF | 192.168.1.254

iproute sample setup

You can call your tunnel whatever you like, substitute <name> for something more descriptive in the examples below

Router A

ip tunnel add <name> mode ipip remote 192.0.2.69 local 192.0.2.34 ip link set <name> up ip addr add 192.168.1.1/24 dev <name>

Router B

ip tunnel add <name> mode ipip remote 192.0.2.34 local 192.0.2.69 ip link set <name> up ip addr add 192.168.1.254/24 dev <name>

Debian sample setup

Router A

Edit /etc/network/interfaces

auto <name> iface <name> inet static

address 192.168.1.1 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 pre-up /sbin/ip tunnel add <name> mode ipip remote 192.0.2.69 local 192.0.2.34 post-down /sbin/ip tunnel del <name>

Then execute

ifup <name>

Router B

Edit /etc/network/interfaces

auto <name> iface <name> inet static

address 192.168.1.254 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 pre-up /sbin/ip tunnel add <name> mode ipip remote 192.0.2.34 local 192.0.2.69 post-down /sbin/ip tunnel del <name>

Then execute

ifup <name>

Testing your tunnel

After you have configured your tunnel via one of the examples above you should be able to ping the remote end

Router A

ping 192.168.1.254

Router B

ping 192.168.1.1

Both pings should succeed without problems.

Using your tunnel

  • You can now use your tunnel - just pretend it's a peice of ethernet between the two computers.
  • Remember the MTU on the tunnel will be lower than normal because of the extra IP header.
  • You can setup routing and whatever you like over the tunnel.
  • If you lose your route to the tunnel endpoint, the tunnel will not work either !

See also: IPIPHowto?


CategoryNetworking