oasis-root

ip-tunnel.8 (5592B)

.TH IP\-TUNNEL 8 "20 Dec 2011" "iproute2" "Linux"
.SH "NAME"
ip-tunnel - tunnel configuration
.SH "SYNOPSIS"
.sp
.ad l
.in +8
.ti -8
.B ip tunnel help
.sp
.ti -8
.BR "ip "
.RI "[ " OPTIONS " ]"
.BR "tunnel" " { " add " | " change " | " del " | " show " | " prl " | " 6rd " }"
.RI "[ " NAME " ]"
.br
.RB "[ " mode
.IR MODE " ] [ "
.B remote
.IR ADDR " ] [ "
.B  local
.IR ADDR " ]"
.br
.RB "[ [" i "|" o "]" seq " ] [ [" i "|" o "]" key
.IR KEY " ] [ "
.RB "[" i "|" o "]" csum " ] ]"
.br
.RB "[ " encaplimit
.IR ELIM " ]"
.RB "[ " ttl "|" hoplimit
.IR TTL " ]"
.br
.RB "[ " tos
.IR TOS " ] [ "
.B flowlabel
.IR FLOWLABEL " ]"
.br
.RB "[ " prl-default
.IR ADDR " ] [ "
.B prl-nodefault
.IR ADDR " ] [ "
.B prl-delete
.IR ADDR " ]"
.br
.RB "[ " 6rd-prefix
.IR ADDR " ] ["
.B 6rd-relay_prefix
.IR ADDR " ] [
.BR 6rd-reset " ]"
.br
.RB "[ [" no "]" pmtudisc " ]"
.RB "[ [" no "]" ignore-df " ]"
.RB "[ [" no "]" allow-localremote " ]"
.br
.RB "[ " dev
.IR PHYS_DEV " ]"
.ti -8
.IR MODE " := "
.RB " { " ipip " | " gre " | " sit " | " isatap " | " vti " | " ip6ip6 " | " ipip6 " | " ip6gre " | " vti6 " | " any " }"
.ti -8
.IR ADDR " := { " IP_ADDRESS " |"
.BR any " }"
.ti -8
.IR TOS " := { " STRING " | " 00 ".." ff " |"
.BR inherit " |"
.BI "inherit/" STRING
.RB "|"
.BI "inherit/" 00 ".." ff
.RB "}"
.ti -8
.IR ELIM " := {"
.BR none " | "
.IR 0 ".." 255 " }"
.ti -8
.ti -8
.IR TTL " := { " 1 ".." 255 " | "
.BR inherit " }"
.ti -8
.IR KEY " := { " DOTTED_QUAD " | " NUMBER " }"
.SH DESCRIPTION
.B tunnel
objects are tunnels, encapsulating packets in IP packets and then
sending them over the IP infrastructure.
The encapsulating (or outer) address family is specified by the
.B -f
option. The default is IPv4.
.TP
.B ip tunnel add
add a new tunnel
.TP
.B ip tunnel change
change an existing tunnel
.TP
.B ip tunnel delete
destroy a tunnel
.RS
.TP
.BI name " NAME " (default)
select the tunnel device name.
.TP
.BI mode " MODE"
set the tunnel mode. Available modes depend on the encapsulating address family.
.br
Modes for IPv4 encapsulation available:
.BR ipip ", " sit ", " isatap ", " vti ", and " gre "."
.br
Modes for IPv6 encapsulation available:
.BR ip6ip6 ", " ipip6 ", " ip6gre ", " vti6 ", and " any "."
.TP
.BI remote " ADDRESS"
set the remote endpoint of the tunnel.
.TP
.BI local " ADDRESS"
set the fixed local address for tunneled packets.
It must be an address on another interface of this host.
.TP
.BI ttl " N"
.TP
.BI hoplimit " N"
set a fixed TTL (IPv4) or hoplimit (IPv6)
.I N
on tunneled packets.
.I N
is a number in the range 1--255. 0 is a special value
meaning that packets inherit the TTL value.
The default value for IPv4 tunnels is:
.BR "inherit" .
The default value for IPv6 tunnels is:
.BR "64" .
.TP
.BI tos " T"
.TP
.BI dsfield " T"
.TP
.BI tclass " T"
set the type of service (IPv4) or traffic class (IPv6) field on
tunneled packets, which can be specified as either a two-digit
hex value (e.g. c0) or a predefined string (e.g. internet).
The value
.B inherit
causes the field to be copied from the original IP header. The
values
.BI "inherit/" STRING
or
.BI "inherit/" 00 ".." ff
will set the field to
.I STRING
or
.IR 00 ".." ff
when tunneling non-IP packets. The default value is 00.
.TP
.BI dev " NAME"
bind the tunnel to the device
.I NAME
so that tunneled packets will only be routed via this device and will
not be able to escape to another device when the route to endpoint
changes.
.TP
.B nopmtudisc
disable Path MTU Discovery on this tunnel.
It is enabled by default. Note that a fixed ttl is incompatible
with this option: tunneling with a fixed ttl always makes pmtu
discovery.
.TP
.B ignore-df
enable IPv4 DF suppression on this tunnel.
Normally datagrams that exceed the MTU will be fragmented; the presence
of the DF flag inhibits this, resulting instead in an ICMP Unreachable
(Fragmentation Required) message.  Enabling this attribute causes the
DF flag to be ignored.
.TP
.BI key " K"
.TP
.BI ikey " K"
.TP
.BI okey " K"
.RB ( " only GRE tunnels " )
use keyed GRE with key
.IR K ". " K
is either a number or an IP address-like dotted quad.
The
.B key
parameter sets the key to use in both directions.
The
.BR ikey " and " okey
parameters set different keys for input and output.
.TP
.BR csum ", " icsum ", " ocsum
.RB ( " only GRE tunnels " )
generate/require checksums for tunneled packets.
The
.B ocsum
flag calculates checksums for outgoing packets.
The
.B icsum
flag requires that all input packets have the correct
checksum. The
.B csum
flag is equivalent to the combination
.BR "icsum ocsum" .
.TP
.BR seq ", " iseq ", " oseq
.RB ( " only GRE tunnels " )
serialize packets.
The
.B oseq
flag enables sequencing of outgoing packets.
The
.B iseq
flag requires that all input packets are serialized.
The
.B  seq
flag is equivalent to the combination
.BR "iseq oseq" .
.B It doesn't work. Don't use it.
.TP
.BI encaplimit " ELIM"
.RB ( " only IPv6 tunnels " )
set a fixed encapsulation limit. Default is 4.
.TP
.BI flowlabel " FLOWLABEL"
.RB ( " only IPv6 tunnels " )
set a fixed flowlabel.
.TP
.BI allow-localremote
.RB ( " only IPv6 tunnels " )
allow remote endpoint on the local host.
.RE
.TP
.B ip tunnel prl
potential router list (ISATAP only)
.RS
.TP
.BI dev " NAME"
mandatory device name.
.TP
.BI prl-default " ADDR"
.TP
.BI prl-nodefault " ADDR"
.TP
.BI prl-delete " ADDR"
.RB "Add or delete " ADDR
as a potential router or default router.
.RE
.TP
.B ip tunnel show
list tunnels
This command has no arguments.
.SH SEE ALSO
.br
.BR ip (8)
.SH AUTHOR
Original Manpage by Michail Litvak <mci@owl.openwall.com>