[lug] VPN using ipip tunnelling

Lynn Danielson lynnd at techangle.com
Tue Aug 15 23:47:57 MDT 2000

Jim Ockers <ockers at ockers.net> wrote:
> I have some Linux 2.0.x production systems that I can't upgrade, and I 
> have a Linux 2.2.x (Red Hat 6.2) system that I recently installed.  I've
> had a nice VPN (Virtual Private Network) running for some time using the
> Linux 2.0.x tunneling driver.
> To get that driver to work, you have to load the ipip.o module and the
> new_tunnel.o module.  Once both of these modules are loaded, there is a
> "tunl0" device in /proc/net/dev that can be ifconfiged as a point-to-point
> interface.  (Just like PPP, SLIP, etc.)  With the proper routing commands,
> the tunnel works fine.
> Since I've had such good luck with the Linux tunnelling under Linux 2.0.35
> and other such old kernels, I thought I try to extend it to this new Red Hat
> Linux system.  Unfortunately the new kernel seems to want me to use GRE
> encapsulation on my tunnellig packets, which my old Linux kernels don't
> support.
> I found the "ipip.o" kernel module for the 2.2.12 kernel, and when I load
> it there is a "tunl0" interface that shows up in /proc/net/dev .  The 2.2.14 
> ipip.o module appears to contain the IPIP encapsulation _and_ the tunnelling
> network device; under the older kernel there were two modules for this.
> However, I can't configure it as a point-to-point interface.  Whenever I
> type "ifconfig tunl0 pointopoint" it gets the
> IP address of, link encap IPIP, but the P-t-P is NOT,
> repeat NOT, present in the ifconfig.  For some reason I canNOT set the
> IFF_POINTOPOINT flag on the interface, and so my pointopoint directive
> on the ifconfig line gets ignored.
> And, then tunnelling doesn't work of course.
> Can anyone suggest how I can continue to use my old Linux-proprietary
> tunnelling encapsulation even on a 2.2.14 kernel?
> A normal point-to-point interface, like ppp, looks like this:
> ppp0      Link encap:Point-to-Point Protocol  
>           inet addr:  P-t-P:  Mask:
>           RX packets:42121 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:41518 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:10 
> The bogus tunnelling interface looks like this on my Linux 2.2.14 system:
> tunl0     Link encap:IPIP Tunnel  HWaddr   
>           inet addr:  Mask:
>           UP RUNNING NOARP  MTU:1480  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0 
> As you can see there is no P-t-P:other.ip.address on the latter ifconfig
> line.  Also in the flags it does not say "UP POINTOPOINT RUNNING NOARP"
> like I want it to.  If I try to use the interface I get lots of errors
> in the statistics.
> I've spent the better part of an afternoon battling this and I finally
> gave up.  Help...

More information about the LUG mailing list