tunnel objects are tunnels, encapsulating packets in IP packets and then sending them over the IP
infrastructure. The encapsulating (or outer) address family is specified by the -f option. The default
is IPv4.
iptunneladd
add a new tunnel
iptunnelchange
change an existing tunnel
iptunneldelete
destroy a tunnel
nameNAME(default)
select the tunnel device name.
modeMODE
set the tunnel mode. Available modes depend on the encapsulating address family.
Modes for IPv4 encapsulation available: ipip, sit, isatap, vti, and gre.
Modes for IPv6 encapsulation available: ip6ip6, ipip6, ip6gre, vti6, and any.
remoteADDRESS
set the remote endpoint of the tunnel.
localADDRESS
set the fixed local address for tunneled packets. It must be an address on another
interface of this host.
ttlNhoplimitN
set a fixed TTL (IPv4) or hoplimit (IPv6) N on tunneled packets. N is a number in the
range 1--255. 0 is a special value meaning that packets inherit the TTL value. The default
value for IPv4 tunnels is: inherit. The default value for IPv6 tunnels is: 64.
tosTdsfieldTtclassT
set the type of service (IPv4) or traffic class (IPv6) field on tunneled packets, which can
be specified as either a two-digit hex value (e.g. c0) or a predefined string (e.g.
internet). The value inherit causes the field to be copied from the original IP header.
The values inherit/STRING or inherit/00..ff will set the field to STRING or 00..ff when
tunneling non-IP packets. The default value is 00.
devNAME
bind the tunnel to the device NAME so that tunneled packets will only be routed via this
device and will not be able to escape to another device when the route to endpoint changes.
nopmtudisc
disable Path MTU Discovery on this tunnel. It is enabled by default. Note that a fixed ttl
is incompatible with this option: tunneling with a fixed ttl always makes pmtu discovery.
ignore-df
enable IPv4 DF suppression on this tunnel. Normally datagrams that exceed the MTU will be
fragmented; the presence of the DF flag inhibits this, resulting instead in an ICMP
Unreachable (Fragmentation Required) message. Enabling this attribute causes the DF flag
to be ignored.
keyKikeyKokeyK ( onlyGREtunnels ) use keyed GRE with key K. K is either a number or an IP address-like
dotted quad. The key parameter sets the key to use in both directions. The ikey and okey
parameters set different keys for input and output.
csum, icsum, ocsum
( onlyGREtunnels ) generate/require checksums for tunneled packets. The ocsum flag
calculates checksums for outgoing packets. The icsum flag requires that all input packets
have the correct checksum. The csum flag is equivalent to the combination icsumocsum.
seq, iseq, oseq
( onlyGREtunnels ) serialize packets. The oseq flag enables sequencing of outgoing
packets. The iseq flag requires that all input packets are serialized. The seq flag is
equivalent to the combination iseqoseq. Itdoesn'twork.Don'tuseit.encaplimitELIM
( onlyIPv6tunnels ) set a fixed encapsulation limit. Default is 4.
flowlabelFLOWLABEL
( onlyIPv6tunnels ) set a fixed flowlabel.
allow-localremote
( onlyIPv6tunnels ) allow remote endpoint on the local host.
iptunnelprl
potential router list (ISATAP only)
devNAME
mandatory device name.
prl-defaultADDRprl-nodefaultADDRprl-deleteADDR
Add or delete ADDR as a potential router or default router.
iptunnelshow
list tunnels This command has no arguments.
Install Now
Emojis
PNG Icons