Linux IP Tunnel Mini-Mini HOWTO

Very Rough First Draft


Why are IP tunnels interesting?
Mobile IP
IP Tunnels are required for many Mobile IP schemes.
VPN- Virtual Private Network
IP tunnels offer an intersting, cost-effective alternative to WAN's (Wide Area Networks). WAN's are typically created when there is a need to share network data between several geographical locations. WAN's are usually very expensive to implement: they require long-distance, high-speed data connections.

Although the internet now provides access to virtually anywhere on the planet, there are issues surrounding security and/or protocols. IP tunnelling can provide a solution for these issues. Some protocols, such as Novell IPX, are not native to the internet. Tunnels of IPX over IP can provide a means of linking separate IPX sites over the internet.

Another issue arises when one site wishes to share private data, such s NFS mounts, CVS repository servers, private web servers, or network backup with another site. Normally, each site is behind a firewall that prevents external access to the private data, thus preventing sharing. Tunnels that send encrypted IP over IP provide a means of connecting two local LANS, allowing them to share data, but keeping them behind the firewalls.


The following Technologies:
IPX Tunnels
Refere to the Linux IPX-HOWTO for additinal detail on setting up an IPX tunnel.
Mobile IP
There are a number of web sites covering Mobile IP issues.

Simple Key-Management for IP. Uses Diffie-Helmen to provide a simple, fast encrypted IP tunnel communications and key-management protocol. See SKIP, and the Linux implementation of SKIP, ENSKIP. The ENSKIP kernel module and encryption daemon build on top of the Linux firewall/masquerade technology to provide a WAN bridge between LAN segments.

SKIP for FreeBSD

Point-To-Point Tunnel
Build a VPN using ssh-pppd as a tunnel. See the VPN mini-HOWTO

The Linux 2.0 and 2.1 series kernels provide support fot IP tunnels: /dev/tunl0, /dev/tunl1, etc.

VPN's can also be built by combining firewalls with IPSEC.

Install and Setup

The following steps to install and set up IPIP encapsulated tunnels on Linux.
  1. Obtain and install a Linux v.2.0 or v.2.1 kernel
  2. Configure the kernel for IP tunneling. Recompile. Reboot. If the kernel has been successfuly configured, then a 'cat /proc/net/dev' should show a tunl0 and tunl1 device, in additional to the usual lo and eth0 or ppp0
  3. read /usr/src/linux/drivers/net/README.tunnel

Draft Version 0.01 -- 10 Feb 1997

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is included at the URL, the web page titled "GNU Free Documentation License".