IPIP是在两台主机之间的IP层上建立一条虚拟的通道(没有加密,没有压缩),相当于建立一条VPN.
下面是一个例子:
我们想在两台机器之间建立ipip,它们分别为:Router A 和 Router B. 它们分别都连接到网络上.
Router A:
外网地址是: 192.0.2.34
内网地址是: 192.168.1.1
Router B:
外网地址是: 192.0.2.69
内网地址是: 192.168.1.254
在Router A上执行命令:
ip tunnel add tunnel0 mode ipip remote 192.0.2.69 local 192.0.2.34
ip link set tunnel0 up
ip addr add 192.168.1.1/24 dev tunnel0
在Router B执行命令:
ip tunnel add tunnel0 mode ipip remote 192.0.2.34 local 192.0.2.69
ip link set tunnel0 up
ip addr add 192.168.1.254/24 dev tunnel0Skip to 'testing the tunnel'.
Debian sample setup
Router A
Edit /etc/network/interfaces:
auto tunnel0
iface tunnel0 inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
pre-up /sbin/ip tunnel add tunnel0 mode ipip remote 192.0.2.69 local 192.0.2.34
post-down /sbin/ip tunnel del tunnel0Then execute
ifup tunnel0.
Router B
Edit /etc/network/interfaces:
auto tunnel0
iface tunnel0 inet static
address 192.168.1.254
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
pre-up /sbin/ip tunnel add tunnel0 mode ipip remote 192.0.2.34 local 192.0.2.69
post-down /sbin/ip tunnel del tunnel0Then execute
ifup tunnel0
Testing your tunnel
After you have configured your tunnel via one of the examples above you should be able to ping the remote end:
Router A
ping 192.168.1.254
Router B
ping 192.168.1.1
Both pings should succeed without problems.
使用你建立的IP tunnel
You can now use your tunnel - just pretend it's a piece of Ethernet between the two computers.
Remember the MTU on the tunnel will be lower than normal because of the extra IP header.
You can setup routing and whatever you like over the tunnel.
If you lose your route to the tunnel endpoint, the tunnel will not work either.
--------------------------------------------------------------------------------
More complex situations
When tunneling between 2 routers, and 1 router has a private network on another interface, routing between the two can be confusing. Here is the network layout:
Router 1
eth0: 1.2.3.4 (public)Router 2
eth0: 4.3.2.1 (public)
eth1: 10.0.0.1In my particular case, Router 1 is an asterisk system on a public network, and Router 2 is a NAT router that is also a gateway for my private 10.0.0.0/24 network. I have multiple SIP phones (which don't work through NAT) on the 10.0.0.0/24 network and I need to establish routes between the 2.
IN THIS ORDER ENTER THESE COMMANDS
Router 1
iptunnel add iptun mode ipip remote 4.3.2.1
ifconfig iptun 10.0.1.1
route add -net 10.0.2.0/24 dev iptunRouter 2
iptunnel add iptun mode ipip remote 1.2.3.4
ifconfig iptun 10.0.2.1
route add -net 10.0.1.0/24 dev iptunRouter 1
route add -net 10.0.0.0/24 dev iptun
route add -net 10.0.0.0/24 gw 10.0.0.1Now from Router 2 you can ping any device on the 10.0.0.0/24 network behind Router 1, and from any device on the 10.0.0.0/24 network, you can ping Router 1 using the address 10.0.1.1
