.\" Generated by scdoc 1.11.2 .\" Complete documentation for this program is not available as a GNU info page .ie \n(.g .ds Aq \(aq .el .ds Aq ' .nh .ad l .\" Begin generated content: .TH "interfaces-tunnel" "5" "2024-03-13" .P .SH NAME .P \fBinterfaces-tunnel\fR - Tunnel extensions for the interfaces(5) file format .P .SH DESCRIPTION .P The following options set up tunneling interfaces with ifupdown-ng.\& .P .SH TUNNEL-RELATED OPTIONS .P A tunnel interface must have a mode, remote IP and a local IP or device set, all other options are optional.\& .P \fBtunnel-mode\fR \fImode\fR .RS 4 Denotes the mode for this tunnel.\& Basically all tunnel modes supported by Linux / iproute2 are supported as well.\& This includes but is not limited to \fIgre\fR/\fIgretap\fR, \fIip6gre\fR/\fIip6gretap\fR, \fIipip\fR/\fIip6ip\fR/\fIsit\fR.\& .P .RE \fBtunnel-local\fR \fIIP\fR .RS 4 Denotes the IP address used as the local tunnel endpoint.\& According to the \fItunnel-mode\fR an IPv4 or IPv6 address has to be given.\& For compatiblity to ifupdown1 \fIlocal\fR is an alias for this option.\& .P .RE \fBtunnel-local-dev\fR \fIinterface\fR .RS 4 When the local IP address the tunnel should be established from isn'\&t static and therefore might change (e.\&g.\& configured by DHCP or PPP) it might be desireable to just use the address configured on \fIinterface\fR.\& When \fItunnel-local-dev\fR is given instead of \fItunnel-local\fR ifupdown-ng will try to determine the IP address set on the given \fIinterface\fR with respect to the address family required to set up a tunnel of the given \fImode\fR and use this to set up the tunnel.\& .P .RE \fBtunnel-remote\fR \fIIP\fR .RS 4 Denotes the IP address used as the remote tunnel endpoint.\& According to the \fItunnel-mode\fR an IPv4 or IPv6 address has to be given.\& For compatiblity to ifupdown1 \fIendpoint\fR is an alias for this option.\& .P .RE \fBtunnel-physdev\fR \fIinterface\fR .RS 4 Denotes the \fIinterface\fR the encapsulated packets should be sent out by.\& This comes in handy when using VRFs to denote that the local tunnel endpoint should be terminated in VRF \fIinterface\fR or the VRF associated with \fIinterface\fR.\& .P Note: Depending on the \fImode\fR of the tunnel either the VRF interface or the real underlay interface may have to given as \fIinterface\fR.\& .P .RE \fBtunnel-ttl\fR \fIttl\fR .RS 4 Denotes the TTL value to use in outgoing packets.\& \fIttl\fR is a number in the range 1 - 255 whereas 0 is a special value meaning that packets inherit the TTL value.\& The default for IPv4 tunnels is to inherit the TTL, for IPv6 tunnels it'\&s 64.\& For compatiblity to ifupdown1 \fIttl\fR is an alias for this option.\& .P .P .P .RE .SH IPIP/SIT-RELATED OPTIONS .P \fBtunnel-encap\fR \fIencap\fR .RS 4 Denotes the type of secondary UDP encapsulation to use for this tunnel if any.\& Supported \fIencap\fR values are \fIfou\fR, \fIgue\fR, and \fInone\fR.\& \fIfou\fR indicates Foo-Over-UDP, \fIgue\fR indicates Generic UDP Encapsulation.\& .P .RE .SH GRE-RELATED OPTIONS .P \fBtunnel-encap\fR \fIencap\fR .RS 4 Denotes the type of secondary UDP encapsulation to use for this tunnel if any.\& Supported \fIencap\fR values are \fIfou\fR, \fIgue\fR, and \fInone\fR.\& \fIfou\fR indicates Foo-Over-UDP, \fIgue\fR indicates Generic UDP Encapsulation.\& .P .RE \fBtunnel-key\fR \fIkey\fR .RS 4 Denotes the_key to used for keyed GRE to allow multiple tunnels between the same two endpoints.\& \fIkey\fR is either a number or an IPv4 address- like dotted quad.\& The key parameter specifies the same key to use in both directions.\& The \fItunnel-ikey\fR and \fItunnel-okey\fR parameters specify different keys for input and output.\& For compatiblity to ifupdown1 \fIkey\fR is an alias for this option.\& .P .RE \fBtunnel-hoplimit\fR \fIttl\fR .RS 4 Denotes the Hop Limit value to use in outgoing packets for \fIip6gre\fR/\fIip6gretap\fR tunnels.\& .P .RE \fBtunnel-ignore-df\fR \fIbool\fR .RS 4 Denotes wether to enable/disable IPv4 DF suppression on this tunnel.\& Normally datagrams that exceed the MTU will be fragmented; the presence of the DF flag inhibits this, resulting instead in an ICMP Unreachable (Fragmentation Required) message.\& Enabling this attribute causes the DF flag to be ignored.\& .P .RE \fBtunnel-ikey\fR \fIkey\fR .RS 4 Denotes the key to used for keyed GRE for packets received.\& See \fItunnel-key\fR for details.\& .P .RE \fBtunnel-okey\fR \fIkey\fR .RS 4 Denotes the key to used for keyed GRE for packets sent out.\& See \fItunnel-key\fR for details.\& .P .RE \fBtunnel-pmtudisc\fR \fIbool\fR .RS 4 Denotes wether to enable/disable Path MTU Discovery on this tunnel.\& It is enabled by default.\& Note that a fixed ttl is incompatible with this option: tunneling with a fixed ttl always makes pmtu discovery.\& .P .RE \fBtunnel-tos\fR \fItos\fR .RS 4 Denotes the TOS value to use in outgoing packets.\& .P .P .RE .SH EXAMPLES .P A simple GRE tunnel .P .nf .RS 4 auto gre0 iface gre0 tunnel-mode gre tunnel-remote 198\&.51\&.100\&.1 tunnel-local 203\&.0\&.113\&.2 # address 192\&.0\&.2\&.42/24 address 2001:db8::42/64 .fi .RE .P A GRE tunnel where the local IP is learned from \fIeth0\fR .P .nf .RS 4 auto gre1 iface gre1 tunnel-mode gre tunnel-remote 198\&.51\&.100\&.1 tunnel-local-dev eth0 # address 192\&.0\&.2\&.42/24 address 2001:db8::42/64 .fi .RE .P A GRE tunnel which transfers encapasulated packets via \fIeth0\fR which is part of a VRF.\& .P .nf .RS 4 auto eth0 iface eth0 address 203\&.0\&.113\&.2/24 gateway 203\&.0\&.113\&.1 vrf vrf_external auto tun-vrf iface tun-vrf tunnel-mode gre tunnel-remote 198\&.51\&.100\&.1 tunnel-local 203\&.0\&.113\&.2 tunnel-physdev eth0 # address 192\&.0\&.2\&.42/24 address 2001:db8::42/64 auto vrf_external iface vrf_external vrf-table 1023 .fi .RE .P .SH AUTHORS .P Maximilian Wilhelm