ipip

由 datahunter 在五, 22/08/2014 - 19:15 發表

最後更新: 2015-01-10

介紹

the inner packet is unmodified (except the TTL field, which is decremented)

The Don't Fragment and the Type Of Service fields should be copied to the outer packet

tun0      Link encap:IPIP Tunnel  HWaddr
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ip tunnel show

tunl0: ip/ip  remote any  local any  ttl inherit  nopmtudisc
tun0: ip/ip  remote 192.168.123.103  local any  ttl inherit

# change the MTU (Path MTU) 非必要

ip link set tun0 mtu 1500

# 3. assign ip to tun0 (P-t-P)

ip addr add dev tun0 10.0.0.1 peer 10.0.0.2

# 查看

ifconfig tun0 會見到

tun0      Link encap:IPIP Tunnel  HWaddr
          inet addr:10.0.0.1  P-t-P:10.0.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

# 4. Add route to another side LAN

route add -net <LAN_IP>/24 dev tun0

Full Example

lan---A--wan--B---lan
    tun0 <-> tun0

Router A:

wan: 192.168.123.103
lan: 192.168.1.1
tun0: 10.0.0.1

Router B:

wan: 192.168.123.104
lan: 192.168.2.1
tun0: 10.0.0.2

ip tunnel add tun0 mode ipip local 192.168.123.103 remote 192.168.123.104 dev eth0
ip link set tun0 up
ip link set tun0 mtu 1500 # Default: mtu 1480 (非必要)
ip addr add dev tun0 10.0.0.1 peer 10.0.0.2
ip route add 192.168.2.0/24 dev tun0

ip tunnel add tun0 mode ipip local 192.168.123.104 remote 192.168.123.103 dev eth0
ip link set tun0 up
ip link set tun0 mtu 1500
ip addr add dev tun0 10.0.0.2 peer 10.0.0.1 # "ping 10.0.0.1" 是通的
ip route add 192.168.1.0/24 dev tun0 # "ping 192.168.2.1" 是通的

ifup-tunnel (/etc/sysconfig/network-scripts/ifup-tunnel)

Centos Configure

/etc/sysconfig/network-scripts/ifcfg-tun0

# Router A

ONBOOT=no
DEVICE=tun0
TYPE=IPIP
PEER_OUTER_IPADDR=192.168.123.104
PEER_INNER_IPADDR=10.0.0.2
MY_INNER_IPADDR=10.0.0.1

# Router B

ONBOOT=no
DEVICE=tun0
TYPE=IPIP
PEER_OUTER_IPADDR=192.168.123.103
PEER_INNER_IPADDR=10.0.0.1
MY_INNER_IPADDR=10.0.0.2

它是由 ifup-tunnel script 實現這 function ~

Firewall

Protocol

4 IP-in-IP

Rule

iptables -I INPUT -p ipip -i eth0 -s 192.168.123.103 -j ACCEPT

# 當 B router Set 好 firewall rule 後, A ping B 的 inner ip (10.0.0.2) 後, 那 tunnel 的雙向都會通了~ (最好都是雙方都 set !!)

GRE

GRE 是一個原本由 Cisco 開發的 tunneling 協定

Protocol: 47 GRE Generic Routing Encapsulation

設定

(192.168.0.0/24)A(10.0.0.1) <--wan--> (10.0.0.2)B(192.168.1.0/24)

tunA(172.16.0.1) <--p2p--> (172.16.0.2)tunB

ip tunnel add tunA mode gre remote 10.0.0.2 local 10.0.0.1 dev eth0
ip addr add 172.16.0.1 dev tunA
ifconfig tunA up
ifconfig tunA pointopoint 10.0.0.2
ip route add 192.168.1.0/24 dev tunA

ip tunnel add tunB mode gre remote 10.0.0.1 local 10.0.0.2 dev eth0
ip addr add 172.16.0.2 dev tunB
ifconfig tunA up
ifconfig tunA pointopoint 172.16.0.1
ip route add 192.168.0.0/24 dev tunB

# 查看

ip tunnel show
ip link show

# Shutdown

ip link set tunA down
ip tunnel del tunA

Debian Configuration

router X: /etc/network/interfaces

auto tun0
iface tun0 inet static
       address 172.16.0.1
       netmask 255.255.255.252
       up ip route add 192.168.1.0/24 dev tun0
       pre-up iptunnel add tun0 mode gre local 10.0.0.1 remote 10.0.0.2 pointopoint 172.16.0.2
       post-down iptunnel del tun0
       down ip route del 192.168.1.0/24 dev tun0

router Y: /etc/network/interfaces

auto tun0
iface tun0 inet static
       address 172.16.0.2
       netmask 255.255.255.252
       up 
       pre-up iptunnel add tun0 mode gre local 10.0.0.2 remote 10.0.0.1 pointopoint 172.16.0.1
       post-down iptunnel del tun0
       down

瀏覽次數： 2824

夢想家

ipip

介紹

目錄

Full Example

ifup-tunnel (/etc/sysconfig/network-scripts/ifup-tunnel)

Firewall

GRE