[clue-tech] VPN using ipip tunnelling

Match Grun match at dimensional.com
Tue Aug 15 22:51:46 MDT 2000 

Jim,

There was a two part article in Linux Journal about January this year.
This discussed using pppd and ssh to implement a VPN. This might
help.

Mmmm...

Jim Ockers wrote:

> Howdy y'all.
>
> Most of you probably have never messed with this but it can't hurt
> to ask.
>
> I have some Linux 2.0.x production systems that I can't upgrade, and I
> have a Linux 2.2.x (Red Hat 6.2) system that I recently installed.  I've
> had a nice VPN (Virtual Private Network) running for some time using the
> Linux 2.0.x tunneling driver.
>
> To get that driver to work, you have to load the ipip.o module and the
> new_tunnel.o module.  Once both of these modules are loaded, there is a
> "tunl0" device in /proc/net/dev that can be ifconfiged as a point-to-point
> interface.  (Just like PPP, SLIP, etc.)  With the proper routing commands,
> the tunnel works fine.
>
> Since I've had such good luck with the Linux tunnelling under Linux 2.0.35
> and other such old kernels, I thought I try to extend it to this new Red Hat
> Linux system.  Unfortunately the new kernel seems to want me to use GRE
> encapsulation on my tunnellig packets, which my old Linux kernels don't
> support.
>
> I found the "ipip.o" kernel module for the 2.2.12 kernel, and when I load
> it there is a "tunl0" interface that shows up in /proc/net/dev .  The 2.2.14
> ipip.o module appears to contain the IPIP encapsulation _and_ the tunnelling
> network device; under the older kernel there were two modules for this.
>
> However, I can't configure it as a point-to-point interface.  Whenever I
> type "ifconfig tunl0 192.168.168.168 pointopoint 10.2.3.45" it gets the
> IP address of 192.168.168.168, link encap IPIP, but the P-t-P is NOT,
> repeat NOT, present in the ifconfig.  For some reason I canNOT set the
> IFF_POINTOPOINT flag on the interface, and so my pointopoint directive
> on the ifconfig line gets ignored.
>
> And, then tunnelling doesn't work of course.
>
> Can anyone suggest how I can continue to use my old Linux-proprietary
> tunnelling encapsulation even on a 2.2.14 kernel?
>
> A normal point-to-point interface, like ppp, looks like this:
>
> ppp0      Link encap:Point-to-Point Protocol
>           inet addr:192.168.1.254  P-t-P:192.168.3.254  Mask:255.255.255.255
>           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
>           RX packets:42121 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:41518 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:10
>
> The bogus tunnelling interface looks like this on my Linux 2.2.14 system:
>
> tunl0     Link encap:IPIP Tunnel  HWaddr
>           inet addr:192.168.1.254  Mask:255.255.255.0
>           UP RUNNING NOARP  MTU:1480  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>
> As you can see there is no P-t-P:other.ip.address on the latter ifconfig
> line.  Also in the flags it does not say "UP POINTOPOINT RUNNING NOARP"
> like I want it to.  If I try to use the interface I get lots of errors
> in the statistics.
>
> I've spent the better part of an afternoon battling this and I finally
> gave up.  Help...
>
> --
> Jim Ockers (ockers at ockers.net)                     Ask me about Linux!
> Contact info: please see http://www.ockers.net/
>
> Fight Spam! Join CAUCE (Coalition Against Unsolicited Commercial Email)
> at http://www.cauce.org/ .
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.techangle.com
> http://clue.techangle.com/mailman/listinfo/clue-tech

More information about the clue-tech mailing list