[lug] VPN using ipip tunnelling
lynnd at techangle.com
Tue Aug 15 23:47:57 MDT 2000
Jim Ockers <ockers at ockers.net> wrote:
> I have some Linux 2.0.x production systems that I can't upgrade, and I
> have a Linux 2.2.x (Red Hat 6.2) system that I recently installed. I've
> had a nice VPN (Virtual Private Network) running for some time using the
> Linux 2.0.x tunneling driver.
> To get that driver to work, you have to load the ipip.o module and the
> new_tunnel.o module. Once both of these modules are loaded, there is a
> "tunl0" device in /proc/net/dev that can be ifconfiged as a point-to-point
> interface. (Just like PPP, SLIP, etc.) With the proper routing commands,
> the tunnel works fine.
> Since I've had such good luck with the Linux tunnelling under Linux 2.0.35
> and other such old kernels, I thought I try to extend it to this new Red Hat
> Linux system. Unfortunately the new kernel seems to want me to use GRE
> encapsulation on my tunnellig packets, which my old Linux kernels don't
> I found the "ipip.o" kernel module for the 2.2.12 kernel, and when I load
> it there is a "tunl0" interface that shows up in /proc/net/dev . The 2.2.14
> ipip.o module appears to contain the IPIP encapsulation _and_ the tunnelling
> network device; under the older kernel there were two modules for this.
> However, I can't configure it as a point-to-point interface. Whenever I
> type "ifconfig tunl0 192.168.168.168 pointopoint 10.2.3.45" it gets the
> IP address of 192.168.168.168, link encap IPIP, but the P-t-P is NOT,
> repeat NOT, present in the ifconfig. For some reason I canNOT set the
> IFF_POINTOPOINT flag on the interface, and so my pointopoint directive
> on the ifconfig line gets ignored.
> And, then tunnelling doesn't work of course.
> Can anyone suggest how I can continue to use my old Linux-proprietary
> tunnelling encapsulation even on a 2.2.14 kernel?
> A normal point-to-point interface, like ppp, looks like this:
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:192.168.1.254 P-t-P:192.168.3.254 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
> RX packets:42121 errors:0 dropped:0 overruns:0 frame:0
> TX packets:41518 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:10
> The bogus tunnelling interface looks like this on my Linux 2.2.14 system:
> tunl0 Link encap:IPIP Tunnel HWaddr
> inet addr:192.168.1.254 Mask:255.255.255.0
> UP RUNNING NOARP MTU:1480 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> As you can see there is no P-t-P:other.ip.address on the latter ifconfig
> line. Also in the flags it does not say "UP POINTOPOINT RUNNING NOARP"
> like I want it to. If I try to use the interface I get lots of errors
> in the statistics.
> I've spent the better part of an afternoon battling this and I finally
> gave up. Help...
More information about the LUG