1.8 KiB
IP tunnel
Note: IP tunnels (includes GRE, GRETAP and SIT) are unencrypted.
Generic Routing Encapsulation (GRE)
GRE tunnels on layer 3 of the ISO/OSI model.
Configuring with ip
To create a tunnel, you can use the following command:
ip link add <interface> type gre remote <remote> local <local> ttl 255
ip link set dev <interface> up
Replace <interface> with the desired interface name, <remote> with the IPv4 of the peer and <local> with your own IPv4.
If you want to establish the tunnel over IPv6 instead, you can replace the mode gre with mode ip6gre.
To delete a tunnel, you can use the following command:
ip link del <interface>
To assign an IP address to the interface, you can use the following command:
ip link del <interface>
To assign an IP address to the interface, you can use the following command:
ip addr add dev <interface> <ll>
Replace <ll> with your own link-local address.
Automatic start with ifupdown
If you want to start the GRE tunnel automatically, you can use an ifupdown template which is placed under /etc/network/interfaces.d:
auto <interface>
iface <interface> inet6 manual
pre-up ip link add <interface> type gre remote <remote> local <local> ttl 255
up ip addr add dev <interface> <ll>
post-down ip link del <interface>
The interface can then be stopped and started accordingly:
ifup <interface>
ifdown <interface>
GRETAP
GRETAP tunnels operate on layer 2 of the ISO/OSI model. To use a GRETAP tunnel, you only have to change the mode: For IPv4 gretap and for IPv6 ip6gretap.
Simple Internet Transition (SIT)
SIT tunnels can be created in the same way as GRE tunnels. The difference is that you write type sit instead of type gre. SIT tunnels are designed to encapsulate IPv6 packets, so a SIT tunnel must be established over IPv4.