2000-05-13 19:22:15 +04:00
|
|
|
.\" $NetBSD: ipip.4,v 1.4 2000/05/13 15:22:17 mycroft Exp $
|
1999-03-28 21:05:18 +04:00
|
|
|
.\"
|
|
|
|
.\" Copyright 1998 (c) The NetBSD Foundation, Inc.
|
|
|
|
.\" All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" This code is derived from software contributed to The NetBSD Foundation
|
|
|
|
.\" by Heiko W.Rupp <hwr@pilhuhn.de>
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
|
|
.\" must display the following acknowledgement:
|
|
|
|
.\" This product includes software developed by the NetBSD
|
|
|
|
.\" Foundation, Inc. and its contributors.
|
|
|
|
.\" 4. Neither the name of the The NetBSD Foundation nor the names of its
|
|
|
|
.\" contributors may be used to endorse or promote products derived
|
|
|
|
.\" from this software without specific prior written permission.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
|
|
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
|
|
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
|
|
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
.\"
|
|
|
|
.Dd 28 March 1999
|
|
|
|
.Dt IPIP 4
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
|
|
|
.Nm ipip
|
|
|
|
.Nd encapsulating network device
|
|
|
|
.Sh SYNOPSIS
|
|
|
|
.Cd pseudo-device ipip Op Ar count
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
The
|
|
|
|
.Nm ipip
|
|
|
|
network interface is a pseudo device that allows to encapsulate datagrams
|
|
|
|
into IP. These encapsulated datagrams are routed to a destination host,
|
|
|
|
where they are decapsulated and further routed to their final destination.
|
|
|
|
The so called ``tunnel'' appears to the inner datagrams like one hop.
|
|
|
|
Encapsulation is according to RFC 2003. The outer datagram header is of
|
|
|
|
IP type 4 (IPIP).
|
|
|
|
.Pp
|
|
|
|
The network interfaces are named
|
|
|
|
.Sy ipip Ns Ar 0 ,
|
|
|
|
.Sy ipip Ns Ar 1
|
|
|
|
and so on, as many as have given on the
|
|
|
|
.Sy pseudo-device
|
|
|
|
line in the system config file.
|
|
|
|
.Pp
|
|
|
|
Note that the IP addresses of the tunnel endpoints may be the same as the
|
|
|
|
ones defined with
|
|
|
|
.Xr ifconfig
|
|
|
|
for the interface (as if IP is encapsulated), but need not be.
|
|
|
|
.Pp
|
|
|
|
.Sh EXAMPLE
|
|
|
|
Configuration example:
|
1999-12-22 17:55:49 +03:00
|
|
|
.Bd -literal
|
1999-03-28 21:05:18 +04:00
|
|
|
Host X-- Host A ----------------tunnel---------- cisco D------Host E
|
|
|
|
\\ |
|
|
|
|
\\ /
|
|
|
|
+------Host B----------Host C----------+
|
|
|
|
|
1999-12-22 17:55:49 +03:00
|
|
|
.Ed
|
1999-03-28 21:05:18 +04:00
|
|
|
On host A (NetBSD):
|
|
|
|
|
|
|
|
# route add default B
|
|
|
|
# ifconfig ipipN A D netmask 0xffffffff up
|
|
|
|
# route add E D
|
|
|
|
|
|
|
|
On Host D (Cisco):
|
|
|
|
|
|
|
|
Interface TunnelX
|
1999-12-16 01:07:30 +03:00
|
|
|
ip unnumbered D ! e.g. address from Ethernet interface
|
|
|
|
tunnel source D ! e.g. address from Ethernet interface
|
1999-03-28 21:05:18 +04:00
|
|
|
tunnel destination A
|
|
|
|
ip route C <some interface and mask>
|
|
|
|
ip route A mask C
|
|
|
|
ip route X mask tunnelX
|
|
|
|
|
|
|
|
OR
|
|
|
|
|
|
|
|
On Host D (NetBSD):
|
|
|
|
|
|
|
|
# route add default C
|
|
|
|
# ifconfig ipipN D A
|
|
|
|
.Pp
|
|
|
|
If all goes well, you should see packets flowing ;-)
|
|
|
|
.Pp
|
|
|
|
If you want to reach Host A over the tunnel (from the Cisco D), then
|
1999-12-16 01:07:30 +03:00
|
|
|
you have to have an alias on Host A for e.g. the Ethernet interface like:
|
1999-03-28 21:05:18 +04:00
|
|
|
ifconfig <etherif> alias Y
|
|
|
|
and on the cisco
|
|
|
|
ip route Y mask tunnelX
|
|
|
|
.Sh NOTE
|
|
|
|
For correct operation, the
|
|
|
|
.Nm
|
|
|
|
device needs a route to the destination, that is less specific than the
|
|
|
|
one over the tunnel.
|
|
|
|
(Basically, there needs to be a route to the decapsulating host that
|
|
|
|
does not run over the tunnel, as this would be a loop ..)
|
|
|
|
.Pp
|
|
|
|
In order to
|
|
|
|
.Xr ifconfig
|
|
|
|
to actually mark the interface as up, the keyword ``up'' must be given
|
|
|
|
last on its command line.
|
|
|
|
.Pp
|
|
|
|
The kernel must be set to forward datagrams by either option
|
|
|
|
``GATEWAY'' in the kernel config file or by issuing the appropriate
|
|
|
|
option to
|
|
|
|
.Xr sysctl .
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr netintro 4 ,
|
|
|
|
.Xr ip 4 ,
|
|
|
|
.Xr gre 4 ,
|
|
|
|
.Xr atalk 4 ,
|
|
|
|
.Xr inet 4 ,
|
|
|
|
.Xr ifconfig 8 ,
|
|
|
|
.Xr options 4 ,
|
|
|
|
.Xr protocols 5 ,
|
|
|
|
.Xr sysctl 8
|
|
|
|
.Pp
|
|
|
|
A description of IPIP encapsulation can be found in RFC 2003.
|
|
|
|
.Sh BUGS
|
|
|
|
The ipip_compute_route() code in ip_ipip.c toggles the last bit of the
|
|
|
|
IP-address to provoke the search for a less specific route than the
|
|
|
|
one directly over the tunnel to prevent loops. This is possibly not
|
|
|
|
the best solution.
|
|
|
|
.Pp
|
|
|
|
Traceroute does not work yet over the tunnel :(
|