1IP-TUNNEL(8) Linux IP-TUNNEL(8)
2
3
4
6 ip-tunnel - tunnel configuration
7
9 ip tunnel help
10
11 ip [ OPTIONS ] tunnel { add | change | del | show | prl | 6rd } [ NAME
12 ]
13 [ mode MODE ] [ remote ADDR ] [ local ADDR ]
14 [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ] ]
15 [ encaplimit ELIM ] [ ttl|hoplimit TTL ]
16 [ tos TOS ] [ flowlabel FLOWLABEL ]
17 [ prl-default ADDR ] [ prl-nodefault ADDR ] [ prl-delete ADDR ]
18 [ 6rd-prefix ADDR ] [ 6rd-relay_prefix ADDR ] [ 6rd-reset ]
19 [ [no]pmtudisc ] [ [no]ignore-df ] [ [no]allow-localremote ]
20 [ dev PHYS_DEV ]
21
22 MODE := { ipip | gre | sit | isatap | vti | ip6ip6 | ipip6 | ip6gre |
23 vti6 | any }
24
25 ADDR := { IP_ADDRESS | any }
26
27 TOS := { STRING | 00..ff | inherit | inherit/STRING | inherit/00..ff }
28
29 ELIM := { none | 0..255 }
30
31 TTL := { 1..255 | inherit }
32
33 KEY := { DOTTED_QUAD | NUMBER }
34
35
37 tunnel objects are tunnels, encapsulating packets in IP packets and
38 then sending them over the IP infrastructure. The encapsulating (or
39 outer) address family is specified by the -f option. The default is
40 IPv4.
41
42
43 ip tunnel add
44 add a new tunnel
45
46 ip tunnel change
47 change an existing tunnel
48
49 ip tunnel delete
50 destroy a tunnel
51
52 name NAME (default)
53 select the tunnel device name.
54
55
56 mode MODE
57 set the tunnel mode. Available modes depend on the encap‐
58 sulating address family.
59 Modes for IPv4 encapsulation available: ipip, sit, isa‐
60 tap, vti, and gre.
61 Modes for IPv6 encapsulation available: ip6ip6, ipip6,
62 ip6gre, vti6, and any.
63
64
65 remote ADDRESS
66 set the remote endpoint of the tunnel.
67
68
69 local ADDRESS
70 set the fixed local address for tunneled packets. It
71 must be an address on another interface of this host.
72
73
74 ttl N
75
76 hoplimit N
77 set a fixed TTL (IPv4) or hoplimit (IPv6) N on tunneled
78 packets. N is a number in the range 1--255. 0 is a spe‐
79 cial value meaning that packets inherit the TTL value.
80 The default value for IPv4 tunnels is: inherit. The de‐
81 fault value for IPv6 tunnels is: 64.
82
83
84
85 tos T
86
87 dsfield T
88
89 tclass T
90 set the type of service (IPv4) or traffic class (IPv6)
91 field on tunneled packets, which can be specified as ei‐
92 ther a two-digit hex value (e.g. c0) or a predefined
93 string (e.g. internet). The value inherit causes the
94 field to be copied from the original IP header. The val‐
95 ues inherit/STRING or inherit/00..ff will set the field
96 to STRING or 00..ff when tunneling non-IP packets. The
97 default value is 00.
98
99
100 dev NAME
101 bind the tunnel to the device NAME so that tunneled pack‐
102 ets will only be routed via this device and will not be
103 able to escape to another device when the route to end‐
104 point changes.
105
106
107 nopmtudisc
108 disable Path MTU Discovery on this tunnel. It is enabled
109 by default. Note that a fixed ttl is incompatible with
110 this option: tunneling with a fixed ttl always makes pmtu
111 discovery.
112
113
114 ignore-df
115 enable IPv4 DF suppression on this tunnel. Normally
116 datagrams that exceed the MTU will be fragmented; the
117 presence of the DF flag inhibits this, resulting instead
118 in an ICMP Unreachable (Fragmentation Required) message.
119 Enabling this attribute causes the DF flag to be ignored.
120
121
122 key K
123
124 ikey K
125
126 okey K ( only GRE tunnels ) use keyed GRE with key K. K is ei‐
127 ther a number or an IP address-like dotted quad. The key
128 parameter sets the key to use in both directions. The
129 ikey and okey parameters set different keys for input and
130 output.
131
132
133 csum, icsum, ocsum
134 ( only GRE tunnels ) generate/require checksums for tun‐
135 neled packets. The ocsum flag calculates checksums for
136 outgoing packets. The icsum flag requires that all input
137 packets have the correct checksum. The csum flag is
138 equivalent to the combination icsum ocsum.
139
140
141 seq, iseq, oseq
142 ( only GRE tunnels ) serialize packets. The oseq flag
143 enables sequencing of outgoing packets. The iseq flag
144 requires that all input packets are serialized. The seq
145 flag is equivalent to the combination iseq oseq. It
146 doesn't work. Don't use it.
147
148
149 encaplimit ELIM
150 ( only IPv6 tunnels ) set a fixed encapsulation limit.
151 Default is 4.
152
153
154 flowlabel FLOWLABEL
155 ( only IPv6 tunnels ) set a fixed flowlabel.
156
157
158 allow-localremote
159 ( only IPv6 tunnels ) allow remote endpoint on the local
160 host.
161
162
163 ip tunnel prl
164 potential router list (ISATAP only)
165
166 dev NAME
167 mandatory device name.
168
169
170 prl-default ADDR
171
172 prl-nodefault ADDR
173
174 prl-delete ADDR
175 Add or delete ADDR as a potential router or default
176 router.
177
178
179 ip tunnel show
180 list tunnels This command has no arguments.
181
182
184 ip(8)
185
186
188 Original Manpage by Michail Litvak <mci@owl.openwall.com>
189
190
191
192iproute2 20 Dec 2011 IP-TUNNEL(8)