Let's say that we want to create an IP over IP link between two machines, Router A and Router B. These routers are both connected to the InterNet; you also need a network to use on the tunnel.
We will use the network '192.168.1.0/24' as the private network of the tunnel.
In the example below Router A and B have addreses in the same subnet - this is not a requirement; you can create a tunnel to a host on the other side of the internet if you want.
You can call your tunnel whatever you like: lets call ours tunnel0.
ip tunnel add tunnel0 mode ipip remote 192.0.2.69 local 192.0.2.34 ip link set tunnel0 up ip addr add 192.168.1.1/24 dev tunnel0
ip tunnel add tunnel0 mode ipip remote 192.0.2.34 local 192.0.2.69 ip link set tunnel0 up ip addr add 192.168.1.254/24 dev tunnel0
Skip to 'testing the tunnel'.
auto tunnel0 iface tunnel0 inet static address 192.168.1.1 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 pre-up /sbin/ip tunnel add tunnel0 mode ipip remote 192.0.2.69 local 192.0.2.34 post-down /sbin/ip tunnel del tunnel0
auto tunnel0 iface tunnel0 inet static address 192.168.1.254 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 pre-up /sbin/ip tunnel add tunnel0 mode ipip remote 192.0.2.34 local 192.0.2.69 post-down /sbin/ip tunnel del tunnel0
After you have configured your tunnel via one of the examples above you should be able to ping the remote end:
Both pings should succeed without problems.
When tunneling between 2 routers, and 1 router has a private network on another interface, routing between the two can be confusing. Here is the network layout:
eth0: 22.214.171.124 (public)
eth0: 126.96.36.199 (public) eth1: 10.0.0.1
In my particular case, Router 1 is an asterisk system on a public network, and Router 2 is a NAT router that is also a gateway for my private 10.0.0.0/24 network. I have multiple SIP phones (which don't work through NAT) on the 10.0.0.0/24 network and I need to establish routes between the 2.
IN THIS ORDER ENTER THESE COMMANDS
iptunnel add iptun mode ipip remote 188.8.131.52 ifconfig iptun 10.0.1.1 route add -net 10.0.2.0/24 dev iptun
iptunnel add iptun mode ipip remote 184.108.40.206 ifconfig iptun 10.0.2.1 route add -net 10.0.1.0/24 dev iptun
route add -net 10.0.0.0/24 dev iptun route add -net 10.0.0.0/24 gw 10.0.0.1
Now from Router 2 you can ping any device on the 10.0.0.0/24 network behind Router 1, and from any device on the 10.0.0.0/24 network, you can ping Router 1 using the address 10.0.1.1
If anyone has a better way of doing this, using IPIP or GRE, or knows how to use MobileIP in this situation, please email me: firstname.lastname@example.org. I know I can accomplish this using IPSec or something of the like, however that is not my goal.
See the IPSec page for another tunneling option.