CRXN
/
docs
mirror of https://codeberg.org/CRXN/docs.git
1
0
Fork 0
Code Releases Activity

add docs for fou and gue 

Signed-off-by: Marek Küthe <m.k@mk16.de>
This commit is contained in:
Marek Küthe 2023-01-03 01:41:59 +01:00
parent 584e6e021e
commit 4bc5e7b87d
No known key found for this signature in database
GPG Key ID: 7E869146699108C7
1 changed files with 52 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
docs/tunneling/iptunnel.md
View File

@ -69,3 +69,55 @@ ip link add <interface> type vxlan id <vni> remote <remote> local <local> dstpor
```
`<vni>` (**V**irtual Extensible LA**N** **ID** ) is the ID of the VLAN. This can range from 1 to 16777216 (2^24). It must be the same for both peers and must not already be used.
`<dstport>` is the port which is used for the VXLAN connection. It must be open on UDP. The port must be the same for both peers. Officially VXLAN has port 4789, but for historical reasons Linux uses port default 8472. If you specify a 0 as port, the default port default 8472 is used. If you don't specify a port, you get a warning.
## IP tunnel over UDP
Tunnels at Layer 3 (IP level) can be problematic. For example, NATs or firewalls can drop the packets. To work around this, it is possible to encapsulate the encapsulated packets again into a UDP packet. For this you can use either FOU or GUE. With FOU you have to specify the protocol to be encapsulated manually, but FOU does not need an extra header. With GUE you don't have to specify the protocol, GUE uses its own header.
Keep in mind that the more tunnel mechanisms are used, the more headers are generally used. This leads to a reduction in MTU. This means that less data can be transmitted per packet. A high MTU is therefore desirable.
### Foo-over-UDP (FOU)
Use the following command to enable FOU for a port:
```
ip fou add port <lport> ipproto <proto>
```
Replace `<lport>` with your local port. You have to open this port on UDP in your firewall. Replace `<proto>` with the protocol you want to encapsulate (e.g. `gre` or `sit`).
Add the following command to the actual tunnel command:
```
encap fou encap-dport <rport>
```
For example:
```
ip link add <interface> type gre remote <remote> local <local> ttl 255 encap fou encap-dport <rport>
```
Replace `<rport>` with the remote port of your peer.
If you want to stop using a port for FOU, you can use the following command:
```
ip fou del port <lport>
```
If you get the following error message, you can try to load the FOU kernel module:
```
RTNETLINK answers: No such file or directory
Error talking to the kernel
```
```
modprobe fou
```
### Generic UDP Encapsulation (GUE)
Use the following command to enable FOU for a port:
```
ip fou add port <lport> gue
```
Replace `<lport>` with your local port. You have to open this port on UDP in your firewall.
Add the following command to the actual tunnel command:
```
encap gue encap-dport <rport>
```