[mirror_iproute2.git] / man / man8 / ip-tunnel.8

.TH IP\-TUNNEL 8 "20 Dec 2011" "iproute2" "Linux"
.SH "NAME"
ip-tunnel - tunnel configuration
.SH "SYNOPSIS"
.sp
.ad l
.in +8
.ti -8
.B ip
.RI "[ " OPTIONS " ]"
.B tunnel
.RI " { " COMMAND " | "
.BR help " }"
.sp
.ti -8
.BR "ip tunnel" " { " add " | " change " | " del " | " show " | " prl " }"
.RI "[ " NAME " ]"
.br
.RB "[ " mode
.IR MODE " ] [ "
.B remote
.IR ADDR " ] [ "
.B  local
.IR ADDR " ]"
.br
.RB "[ [" i "|" o "]" seq " ] [ [" i "|" o "]" key
.IR KEY " ] [ "
.RB "[" i "|" o "]" csum " ] ]"
.br
.RB "[ " encaplimit
.IR ELIM " ]"
.RB "[ " ttl
.IR TTL " ]"
.br
.RB "[ " tos
.IR TOS " ] [ "
.B flowlabel
.IR FLOWLABEL " ]"
.br
.RB "[ " prl-default
.IR ADDR " ] [ "
.B prl-nodefault
.IR ADDR " ] [ "
.B prl-delete
.IR ADDR " ]"
.br
.RB "[ [" no "]" pmtudisc " ]"
.RB "[ " dev
.IR PHYS_DEV " ]"

.ti -8
.IR MODE " := "
.RB " { " ipip " | " gre " | " sit " | " isatap " | " ip6ip6 " | " ipip6 " | " ip6gre " | " any " }"

.ti -8
.IR ADDR " := { " IP_ADDRESS " |"
.BR any " }"

.ti -8
.IR TOS " := { " STRING " | " 00 ".." ff " |"
.BR inherit " |"
.BI "inherit/" STRING
.RB "|"
.BI "inherit/" 00 ".." ff
.RB "}"

.ti -8
.IR ELIM " := {"
.BR none " | "
.IR 0 ".." 255 " }"

.ti -8
.ti -8
.IR TTL " := { " 1 ".." 255 " | "
.BR inherit " }"

.ti -8
.IR KEY " := { " DOTTED_QUAD " | " NUMBER " }"

.ti -8
.IR TIME " := " NUMBER "[s|ms]"

.SH DESCRIPTION
.B tunnel
objects are tunnels, encapsulating packets in IP packets and then
sending them over the IP infrastructure.
The encapsulating (or outer) address family is specified by the
.B -f
option.  The default is IPv4.

.TP
.B ip tunnel add
add a new tunnel
.TP
.B ip tunnel change
change an existing tunnel
.TP
.B ip tunnel delete
destroy a tunnel
.RS
.TP
.BI name " NAME " (default)
select the tunnel device name.

.TP
.BI mode " MODE"
set the tunnel mode. Available modes depend on the encapsulating address family.
.br
Modes for IPv4 encapsulation available:
.BR ipip ", " sit ", " isatap " and " gre "."
.br
Modes for IPv6 encapsulation available:
.BR ip6ip6 ", " ipip6 ", " ip6gre ", and " any "."

.TP
.BI remote " ADDRESS"
set the remote endpoint of the tunnel.

.TP
.BI local " ADDRESS"
set the fixed local address for tunneled packets.
It must be an address on another interface of this host.

.TP
.BI ttl " N"
set a fixed TTL
.I N
on tunneled packets.
.I N
is a number in the range 1--255. 0 is a special value
meaning that packets inherit the TTL value.
The default value for IPv4 tunnels is:
.BR "inherit" .
The default value for IPv6 tunnels is:
.BR "64" .


.TP
.BI tos " T"
.TP
.BI dsfield " T"
.TP
.BI tclass " T"
set the type of service (IPv4) or traffic class (IPv6) field on
tunneled packets, which can be specified as either a two-digit
hex value (e.g. c0) or a predefined string (e.g. internet).
The value
.B inherit
causes the field to be copied from the original IP header. The
values
.BI "inherit/" STRING
or
.BI "inherit/" 00 ".." ff
will set the field to
.I STRING
or
.IR 00 ".." ff
when tunneling non-IP packets. The default value is 00.

.TP
.BI dev " NAME"
bind the tunnel to the device
.I NAME
so that tunneled packets will only be routed via this device and will
not be able to escape to another device when the route to endpoint
changes.

.TP
.B nopmtudisc
disable Path MTU Discovery on this tunnel.
It is enabled by default.  Note that a fixed ttl is incompatible
with this option: tunneling with a fixed ttl always makes pmtu
discovery.

.TP
.BI key " K"
.TP
.BI ikey " K"
.TP
.BI okey " K"
.RB ( " only GRE tunnels " )
use keyed GRE with key
.IR K ". " K
is either a number or an IP address-like dotted quad.
The
.B key
parameter sets the key to use in both directions.
The
.BR ikey " and " okey
parameters set different keys for input and output.

.TP
.BR csum ", " icsum ", " ocsum
.RB ( " only GRE tunnels " )
generate/require checksums for tunneled packets.
The
.B ocsum
flag calculates checksums for outgoing packets.
The
.B icsum
flag requires that all input packets have the correct
checksum.  The
.B csum
flag is equivalent to the combination
.BR "icsum ocsum" .

.TP
.BR seq ", " iseq ", " oseq
.RB ( " only GRE tunnels " )
serialize packets.
The
.B oseq
flag enables sequencing of outgoing packets.
The
.B iseq
flag requires that all input packets are serialized.
The
.B  seq
flag is equivalent to the combination
.BR "iseq oseq" .
.B It isn't work. Don't use it.

.TP
.BI encaplim " ELIM"
.RB ( " only IPv6 tunnels " )
set a fixed encapsulation limit.  Default is 4.

.TP
.BI flowlabel " FLOWLABEL"
.RB ( " only IPv6 tunnels " )
set a fixed flowlabel.
.RE

.TP
.B ip tunnel prl
potential router list (ISATAP only)
.RS
.TP
.BI dev " NAME"
mandatory device name.

.TP
.BI prl-default " ADDR"
.TP
.BI prl-nodefault " ADDR"
.TP
.BI prl-delete " ADDR"
.RB "Add or delete " ADDR
as a potential router or default router.
.RE

.TP
.B ip tunnel show
list tunnels
This command has no arguments.

.SH SEE ALSO
.br
.BR ip (8)

.SH AUTHOR
Original Manpage by Michail Litvak <mci@owl.openwall.com>
Commit	Line	Data
2a9721f1 SH	1	.TH IP\-TUNNEL 8 "20 Dec 2011" "iproute2" "Linux"
2a9721f1 SH	2	.SH "NAME"
aab2702d	3	ip-tunnel - tunnel configuration
2a9721f1 SH	4	.SH "SYNOPSIS"
	5	.sp
	6	.ad l
	7	.in +8
	8	.ti -8
	9	.B ip
	10	.RI "[ " OPTIONS " ]"
	11	.B tunnel
	12	.RI " { " COMMAND " \| "
	13	.BR help " }"
	14	.sp
	15	.ti -8
	16	.BR "ip tunnel" " { " add " \| " change " \| " del " \| " show " \| " prl " }"
	17	.RI "[ " NAME " ]"
	18	.br
	19	.RB "[ " mode
	20	.IR MODE " ] [ "
	21	.B remote
	22	.IR ADDR " ] [ "
	23	.B local
	24	.IR ADDR " ]"
	25	.br
	26	.RB "[ [" i "\|" o "]" seq " ] [ [" i "\|" o "]" key
	27	.IR KEY " ] [ "
	28	.RB "[" i "\|" o "]" csum " ] ]"
	29	.br
	30	.RB "[ " encaplimit
	31	.IR ELIM " ]"
	32	.RB "[ " ttl
	33	.IR TTL " ]"
	34	.br
	35	.RB "[ " tos
	36	.IR TOS " ] [ "
	37	.B flowlabel
	38	.IR FLOWLABEL " ]"
	39	.br
	40	.RB "[ " prl-default
	41	.IR ADDR " ] [ "
	42	.B prl-nodefault
	43	.IR ADDR " ] [ "
	44	.B prl-delete
	45	.IR ADDR " ]"
	46	.br
	47	.RB "[ [" no "]" pmtudisc " ]"
	48	.RB "[ " dev
	49	.IR PHYS_DEV " ]"
2a9721f1 SH	50
	51	.ti -8
	52	.IR MODE " := "
9abde37c	53	.RB " { " ipip " \| " gre " \| " sit " \| " isatap " \| " ip6ip6 " \| " ipip6 " \| " ip6gre " \| " any " }"
2a9721f1 SH	54
	55	.ti -8
	56	.IR ADDR " := { " IP_ADDRESS " \|"
	57	.BR any " }"
	58
	59	.ti -8
e59fd3db DW	60	.IR TOS " := { " STRING " \| " 00 ".." ff " \|"
	61	.BR inherit " \|"
	62	.BI "inherit/" STRING
daa45cad	63	.RB "\|"
e59fd3db	64	.BI "inherit/" 00 ".." ff
daa45cad	65	.RB "}"
2a9721f1 SH	66
	67	.ti -8
	68	.IR ELIM " := {"
	69	.BR none " \| "
	70	.IR 0 ".." 255 " }"
	71
	72	.ti -8
	73	.ti -8
	74	.IR TTL " := { " 1 ".." 255 " \| "
	75	.BR inherit " }"
	76
	77	.ti -8
	78	.IR KEY " := { " DOTTED_QUAD " \| " NUMBER " }"
	79
	80	.ti -8
	81	.IR TIME " := " NUMBER "[s\|ms]"
	82
	83	.SH DESCRIPTION
	84	.B tunnel
	85	objects are tunnels, encapsulating packets in IP packets and then
	86	sending them over the IP infrastructure.
6274b0b7	87	The encapsulating (or outer) address family is specified by the
2a9721f1 SH	88	.B -f
	89	option. The default is IPv4.
	90
61f541fe	91	.TP
	92	.B ip tunnel add
	93	add a new tunnel
	94	.TP
	95	.B ip tunnel change
	96	change an existing tunnel
	97	.TP
	98	.B ip tunnel delete
	99	destroy a tunnel
	100	.RS
2a9721f1 SH	101	.TP
	102	.BI name " NAME " (default)
	103	select the tunnel device name.
	104
	105	.TP
	106	.BI mode " MODE"
	107	set the tunnel mode. Available modes depend on the encapsulating address family.
	108	.br
	109	Modes for IPv4 encapsulation available:
	110	.BR ipip ", " sit ", " isatap " and " gre "."
	111	.br
	112	Modes for IPv6 encapsulation available:
9abde37c	113	.BR ip6ip6 ", " ipip6 ", " ip6gre ", and " any "."
2a9721f1 SH	114
	115	.TP
	116	.BI remote " ADDRESS"
	117	set the remote endpoint of the tunnel.
	118
	119	.TP
	120	.BI local " ADDRESS"
	121	set the fixed local address for tunneled packets.
	122	It must be an address on another interface of this host.
	123
	124	.TP
	125	.BI ttl " N"
	126	set a fixed TTL
	127	.I N
	128	on tunneled packets.
	129	.I N
	130	is a number in the range 1--255. 0 is a special value
	131	meaning that packets inherit the TTL value.
	132	The default value for IPv4 tunnels is:
	133	.BR "inherit" .
	134	The default value for IPv6 tunnels is:
	135	.BR "64" .
	136
	137
	138	.TP
	139	.BI tos " T"
	140	.TP
	141	.BI dsfield " T"
	142	.TP
	143	.BI tclass " T"
e59fd3db DW	144	set the type of service (IPv4) or traffic class (IPv6) field on
	145	tunneled packets, which can be specified as either a two-digit
	146	hex value (e.g. c0) or a predefined string (e.g. internet).
	147	The value
	148	.B inherit
	149	causes the field to be copied from the original IP header. The
	150	values
	151	.BI "inherit/" STRING
	152	or
	153	.BI "inherit/" 00 ".." ff
	154	will set the field to
	155	.I STRING
	156	or
	157	.IR 00 ".." ff
	158	when tunneling non-IP packets. The default value is 00.
2a9721f1 SH	159
	160	.TP
	161	.BI dev " NAME"
	162	bind the tunnel to the device
	163	.I NAME
	164	so that tunneled packets will only be routed via this device and will
	165	not be able to escape to another device when the route to endpoint
	166	changes.
	167
	168	.TP
	169	.B nopmtudisc
	170	disable Path MTU Discovery on this tunnel.
	171	It is enabled by default. Note that a fixed ttl is incompatible
6274b0b7	172	with this option: tunneling with a fixed ttl always makes pmtu
2a9721f1 SH	173	discovery.
	174
	175	.TP
	176	.BI key " K"
	177	.TP
	178	.BI ikey " K"
	179	.TP
	180	.BI okey " K"
	181	.RB ( " only GRE tunnels " )
	182	use keyed GRE with key
	183	.IR K ". " K
	184	is either a number or an IP address-like dotted quad.
	185	The
	186	.B key
	187	parameter sets the key to use in both directions.
	188	The
	189	.BR ikey " and " okey
	190	parameters set different keys for input and output.
	191
	192	.TP
	193	.BR csum ", " icsum ", " ocsum
	194	.RB ( " only GRE tunnels " )
	195	generate/require checksums for tunneled packets.
	196	The
	197	.B ocsum
	198	flag calculates checksums for outgoing packets.
	199	The
	200	.B icsum
	201	flag requires that all input packets have the correct
	202	checksum. The
	203	.B csum
	204	flag is equivalent to the combination
	205	.BR "icsum ocsum" .
	206
	207	.TP
	208	.BR seq ", " iseq ", " oseq
	209	.RB ( " only GRE tunnels " )
	210	serialize packets.
	211	The
	212	.B oseq
	213	flag enables sequencing of outgoing packets.
	214	The
	215	.B iseq
	216	flag requires that all input packets are serialized.
	217	The
	218	.B seq
	219	flag is equivalent to the combination
	220	.BR "iseq oseq" .
	221	.B It isn't work. Don't use it.
	222
2a9721f1 SH	223	.TP
	224	.BI encaplim " ELIM"
	225	.RB ( " only IPv6 tunnels " )
	226	set a fixed encapsulation limit. Default is 4.
	227
	228	.TP
	229	.BI flowlabel " FLOWLABEL"
	230	.RB ( " only IPv6 tunnels " )
	231	set a fixed flowlabel.
61f541fe	232	.RE
2a9721f1	233
61f541fe	234	.TP
	235	.B ip tunnel prl
	236	potential router list (ISATAP only)
	237	.RS
2a9721f1 SH	238	.TP
	239	.BI dev " NAME"
	240	mandatory device name.
	241
	242	.TP
	243	.BI prl-default " ADDR"
	244	.TP
	245	.BI prl-nodefault " ADDR"
	246	.TP
	247	.BI prl-delete " ADDR"
	248	.RB "Add or delete " ADDR
	249	as a potential router or default router.
61f541fe	250	.RE
2a9721f1	251
61f541fe	252	.TP
	253	.B ip tunnel show
	254	list tunnels
2a9721f1 SH	255	This command has no arguments.
	256
	257	.SH SEE ALSO
	258	.br
	259	.BR ip (8)
	260
	261	.SH AUTHOR
	262	Original Manpage by Michail Litvak <mci@owl.openwall.com>