Linux IP Tunnel Mini-Mini HOWTO
Very Rough First Draft
Why are IP tunnels interesting?
- Mobile IP
- IP Tunnels are required for many Mobile IP schemes.
- VPN- Virtual Private Network
- IP tunnels offer an intersting, cost-effective alternative to WAN's (Wide
Area Networks). WAN's are typically created when there is a need to share
network data between several geographical locations. WAN's are usually very
expensive to implement: they require long-distance, high-speed data
Although the internet now provides access to virtually anywhere on the planet,
there are issues surrounding security and/or protocols. IP tunnelling can
provide a solution for these issues. Some protocols, such as Novell IPX, are
not native to the internet. Tunnels of IPX over IP can provide a means of
linking separate IPX sites over the internet.
Another issue arises when one site wishes to share private data, such s NFS
mounts, CVS repository servers, private web servers, or network backup with
another site. Normally, each site is behind a firewall that prevents external
access to the private data, thus preventing sharing. Tunnels that send
encrypted IP over IP provide a means of connecting two local LANS, allowing
them to share data, but keeping them behind the firewalls.
The following Technologies:
- IPX Tunnels
- Refere to the Linux IPX-HOWTO for additinal detail on setting up an IPX
- Mobile IP
- There are a number of web sites covering Mobile IP issues.
- Simple Key-Management for IP. Uses Diffie-Helmen to provide a
simple, fast encrypted IP tunnel communications and
and the Linux implementation of SKIP,
The ENSKIP kernel module and encryption daemon build
on top of the Linux firewall/masquerade technology
to provide a WAN bridge between LAN segments.
SKIP for FreeBSD
- Point-To-Point Tunnel
- Build a VPN using ssh-pppd as a tunnel. See the
- The Linux 2.0 and 2.1 series kernels provide support fot IP tunnels:
/dev/tunl0, /dev/tunl1, etc.
- VPN's can also be built by combining
firewalls with IPSEC.
Install and Setup
The following steps to install and set up IPIP encapsulated
tunnels on Linux.
- Obtain and install a Linux v.2.0 or v.2.1 kernel
- Configure the kernel for IP tunneling. Recompile. Reboot. If the kernel has
been successfuly configured, then a 'cat /proc/net/dev' should show a tunl0
and tunl1 device, in additional to the usual lo and eth0 or ppp0
- read /usr/src/linux/drivers/net/README.tunnel
Draft Version 0.01 -- 10 Feb 1997
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.1;
with no Invariant Sections, with no Front-Cover Texts, and with no
Back-Cover Texts. A copy of the license is included at the URL
the web page titled
"GNU Free Documentation License".