mirror of
https://git.proxmox.com/git/mirror_iproute2
synced 2025-10-12 21:40:01 +00:00
adbb296594
In the presence of firewalls which improperly block ICMP Unreachable
(including Fragmentation Required) messages, Path MTU Discovery is
prevented from working.
The workaround is to handle IPv4 payloads opaquely, ignoring the DF
bit.
Kernel commit 22a59be8b7693eb2d0897a9638f5991f2f8e4ddd ("net: ipv4:
Add ability to have GRE ignore DF bit in IPv4 payloads") is
complemented by this user-space changeset which exposes control of
this setting.
Reviewed-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
275 lines
5.3 KiB
Groff
275 lines
5.3 KiB
Groff
.TH IP\-TUNNEL 8 "20 Dec 2011" "iproute2" "Linux"
|
|
.SH "NAME"
|
|
ip-tunnel - tunnel configuration
|
|
.SH "SYNOPSIS"
|
|
.sp
|
|
.ad l
|
|
.in +8
|
|
.ti -8
|
|
.B ip tunnel help
|
|
.sp
|
|
.ti -8
|
|
.BR "ip "
|
|
.RI "[ " OPTIONS " ]"
|
|
.BR "tunnel" " { " add " | " change " | " del " | " show " | " prl " | " 6rd " }"
|
|
.RI "[ " NAME " ]"
|
|
.br
|
|
.RB "[ " mode
|
|
.IR MODE " ] [ "
|
|
.B remote
|
|
.IR ADDR " ] [ "
|
|
.B local
|
|
.IR ADDR " ]"
|
|
.br
|
|
.RB "[ [" i "|" o "]" seq " ] [ [" i "|" o "]" key
|
|
.IR KEY " ] [ "
|
|
.RB "[" i "|" o "]" csum " ] ]"
|
|
.br
|
|
.RB "[ " encaplimit
|
|
.IR ELIM " ]"
|
|
.RB "[ " ttl "|" hoplimit
|
|
.IR TTL " ]"
|
|
.br
|
|
.RB "[ " tos
|
|
.IR TOS " ] [ "
|
|
.B flowlabel
|
|
.IR FLOWLABEL " ]"
|
|
.br
|
|
.RB "[ " prl-default
|
|
.IR ADDR " ] [ "
|
|
.B prl-nodefault
|
|
.IR ADDR " ] [ "
|
|
.B prl-delete
|
|
.IR ADDR " ]"
|
|
.br
|
|
.RB "[ " 6rd-prefix
|
|
.IR ADDR " ] ["
|
|
.B 6rd-relay_prefix
|
|
.IR ADDR " ] [
|
|
.BR 6rd-reset " ]"
|
|
.br
|
|
.RB "[ [" no "]" pmtudisc " ]"
|
|
.RB "[ [" no "]" ignore-df " ]"
|
|
.RB "[ " dev
|
|
.IR PHYS_DEV " ]"
|
|
|
|
.ti -8
|
|
.IR MODE " := "
|
|
.RB " { " ipip " | " gre " | " sit " | " isatap " | " vti " | " ip6ip6 " | " ipip6 " | " ip6gre " | " vti6 " | " any " }"
|
|
|
|
.ti -8
|
|
.IR ADDR " := { " IP_ADDRESS " |"
|
|
.BR any " }"
|
|
|
|
.ti -8
|
|
.IR TOS " := { " STRING " | " 00 ".." ff " |"
|
|
.BR inherit " |"
|
|
.BI "inherit/" STRING
|
|
.RB "|"
|
|
.BI "inherit/" 00 ".." ff
|
|
.RB "}"
|
|
|
|
.ti -8
|
|
.IR ELIM " := {"
|
|
.BR none " | "
|
|
.IR 0 ".." 255 " }"
|
|
|
|
.ti -8
|
|
.ti -8
|
|
.IR TTL " := { " 1 ".." 255 " | "
|
|
.BR inherit " }"
|
|
|
|
.ti -8
|
|
.IR KEY " := { " DOTTED_QUAD " | " NUMBER " }"
|
|
|
|
.SH DESCRIPTION
|
|
.B tunnel
|
|
objects are tunnels, encapsulating packets in IP packets and then
|
|
sending them over the IP infrastructure.
|
|
The encapsulating (or outer) address family is specified by the
|
|
.B -f
|
|
option. The default is IPv4.
|
|
|
|
.TP
|
|
.B ip tunnel add
|
|
add a new tunnel
|
|
.TP
|
|
.B ip tunnel change
|
|
change an existing tunnel
|
|
.TP
|
|
.B ip tunnel delete
|
|
destroy a tunnel
|
|
.RS
|
|
.TP
|
|
.BI name " NAME " (default)
|
|
select the tunnel device name.
|
|
|
|
.TP
|
|
.BI mode " MODE"
|
|
set the tunnel mode. Available modes depend on the encapsulating address family.
|
|
.br
|
|
Modes for IPv4 encapsulation available:
|
|
.BR ipip ", " sit ", " isatap ", " vti ", and " gre "."
|
|
.br
|
|
Modes for IPv6 encapsulation available:
|
|
.BR ip6ip6 ", " ipip6 ", " ip6gre ", " vti6 ", and " any "."
|
|
|
|
.TP
|
|
.BI remote " ADDRESS"
|
|
set the remote endpoint of the tunnel.
|
|
|
|
.TP
|
|
.BI local " ADDRESS"
|
|
set the fixed local address for tunneled packets.
|
|
It must be an address on another interface of this host.
|
|
|
|
.TP
|
|
.BI ttl " N"
|
|
.TP
|
|
.BI hoplimit " N"
|
|
set a fixed TTL (IPv4) or hoplimit (IPv6)
|
|
.I N
|
|
on tunneled packets.
|
|
.I N
|
|
is a number in the range 1--255. 0 is a special value
|
|
meaning that packets inherit the TTL value.
|
|
The default value for IPv4 tunnels is:
|
|
.BR "inherit" .
|
|
The default value for IPv6 tunnels is:
|
|
.BR "64" .
|
|
|
|
|
|
.TP
|
|
.BI tos " T"
|
|
.TP
|
|
.BI dsfield " T"
|
|
.TP
|
|
.BI tclass " T"
|
|
set the type of service (IPv4) or traffic class (IPv6) field on
|
|
tunneled packets, which can be specified as either a two-digit
|
|
hex value (e.g. c0) or a predefined string (e.g. internet).
|
|
The value
|
|
.B inherit
|
|
causes the field to be copied from the original IP header. The
|
|
values
|
|
.BI "inherit/" STRING
|
|
or
|
|
.BI "inherit/" 00 ".." ff
|
|
will set the field to
|
|
.I STRING
|
|
or
|
|
.IR 00 ".." ff
|
|
when tunneling non-IP packets. The default value is 00.
|
|
|
|
.TP
|
|
.BI dev " NAME"
|
|
bind the tunnel to the device
|
|
.I NAME
|
|
so that tunneled packets will only be routed via this device and will
|
|
not be able to escape to another device when the route to endpoint
|
|
changes.
|
|
|
|
.TP
|
|
.B nopmtudisc
|
|
disable Path MTU Discovery on this tunnel.
|
|
It is enabled by default. Note that a fixed ttl is incompatible
|
|
with this option: tunneling with a fixed ttl always makes pmtu
|
|
discovery.
|
|
|
|
.TP
|
|
.B ignore-df
|
|
enable IPv4 DF suppression on this tunnel.
|
|
Normally datagrams that exceed the MTU will be fragmented; the presence
|
|
of the DF flag inhibits this, resulting instead in an ICMP Unreachable
|
|
(Fragmentation Required) message. Enabling this attribute casues the
|
|
DF flag to be ignored.
|
|
|
|
.TP
|
|
.BI key " K"
|
|
.TP
|
|
.BI ikey " K"
|
|
.TP
|
|
.BI okey " K"
|
|
.RB ( " only GRE tunnels " )
|
|
use keyed GRE with key
|
|
.IR K ". " K
|
|
is either a number or an IP address-like dotted quad.
|
|
The
|
|
.B key
|
|
parameter sets the key to use in both directions.
|
|
The
|
|
.BR ikey " and " okey
|
|
parameters set different keys for input and output.
|
|
|
|
.TP
|
|
.BR csum ", " icsum ", " ocsum
|
|
.RB ( " only GRE tunnels " )
|
|
generate/require checksums for tunneled packets.
|
|
The
|
|
.B ocsum
|
|
flag calculates checksums for outgoing packets.
|
|
The
|
|
.B icsum
|
|
flag requires that all input packets have the correct
|
|
checksum. The
|
|
.B csum
|
|
flag is equivalent to the combination
|
|
.BR "icsum ocsum" .
|
|
|
|
.TP
|
|
.BR seq ", " iseq ", " oseq
|
|
.RB ( " only GRE tunnels " )
|
|
serialize packets.
|
|
The
|
|
.B oseq
|
|
flag enables sequencing of outgoing packets.
|
|
The
|
|
.B iseq
|
|
flag requires that all input packets are serialized.
|
|
The
|
|
.B seq
|
|
flag is equivalent to the combination
|
|
.BR "iseq oseq" .
|
|
.B It doesn't work. Don't use it.
|
|
|
|
.TP
|
|
.BI encaplim " ELIM"
|
|
.RB ( " only IPv6 tunnels " )
|
|
set a fixed encapsulation limit. Default is 4.
|
|
|
|
.TP
|
|
.BI flowlabel " FLOWLABEL"
|
|
.RB ( " only IPv6 tunnels " )
|
|
set a fixed flowlabel.
|
|
.RE
|
|
|
|
.TP
|
|
.B ip tunnel prl
|
|
potential router list (ISATAP only)
|
|
.RS
|
|
.TP
|
|
.BI dev " NAME"
|
|
mandatory device name.
|
|
|
|
.TP
|
|
.BI prl-default " ADDR"
|
|
.TP
|
|
.BI prl-nodefault " ADDR"
|
|
.TP
|
|
.BI prl-delete " ADDR"
|
|
.RB "Add or delete " ADDR
|
|
as a potential router or default router.
|
|
.RE
|
|
|
|
.TP
|
|
.B ip tunnel show
|
|
list tunnels
|
|
This command has no arguments.
|
|
|
|
.SH SEE ALSO
|
|
.br
|
|
.BR ip (8)
|
|
|
|
.SH AUTHOR
|
|
Original Manpage by Michail Litvak <mci@owl.openwall.com>
|