Page tree
Skip to end of metadata
Go to start of metadata

Successfully pass the free certification exam at IW Academy and become an Infinet Certified Engineer.

To the certification exam


Tunnels are used to merge two remote and physically not connected networks into one logical structure. Tunnels are widely used to create corporate networks or the so-called virtual private networks (VPN): several remote offices, connected to the network through the same or different providers, are connected to the company headquarters or to each other by tunnels, thus forming one corporate structure. Common IP address space and registration/accounting policy can be used throughout the whole VPN-based corporate network, independently of network provider(s) used. Tunnels also solve the problem of using common transport media in a public network so that different clients could be provided with services by several providers. It means that a client can be connected by a tunnel to a specific provider, to be serviced by that provider, irrespective of the client's connection point to a common transport network.


tun N mode {ipip | gre}
tun N src ADDR dst ADDR [mtu N] [clear]

Four parameters are necessary to configure a tunnel:

  1. The internal IP-address of the local end of the P2P link
  2. The internal IP-address of the remote end of the P2P link
  3. Real source IP-address to be specified in the outgoing packets
  4. Real destination IP-address to be specified in the outgoing packets.


N mode

Allows to select type of encapsulation for tunnel "N".

  • "ipip"  IP into IP encapsulation (described in RFC 2003).
  • "gre" – generic routing encapsulation.

N src ADDR dst ADDR

Assigns the source (src) and destination (dst) real IP-addresses to a tunnel specified by its logical number "N" which has been created by an "ifconfig" command.

[mtu N]

Allows to set the Maximum Transfer Unit size for packets going through the tunnel. Default value is 1480 bytes.


Disabling the tunnel number "N".


Use the "ifconfig" command to define internal IP-addresses for both ends of a tunnel "0" as addresses for an interface denoted as "tun0".

ifconfig tun0

The tun command defines real IP-addresses for the tunnel "0" extremities.

tun 0 src dst

Outgoing packets are encapsulated into IP datagrams and sent to the "" address.


The "" address shall also be attainable through an interface of the router different from that used to access the tunnel. This can be done, for example, by using explicit static routing (the route add command), or by prohibiting importation of some of the RIP protocol route descriptors arriving to that interface. If this condition is not satisfied, a looping may happen, when already encapsulated packets come back to the tunnel entrance, and so on, causing system overload. The system watches over such situations, and when discovering a loop, drops erroneous packets and writes a message into the system log.

tunX: looping...

The "" address is inserted into the datagram as source address.

The "" address must be a real IP-address for one of the router's interfaces; for the same reason, it shall be attainable from the router at the tunnel's remote end through the existing network (and not only through this tunnel).

At the opposite side of the tunnel this would look as follows.

ifconfig tun0
tun 0 src dst

If you use a Cisco Systems router at the remote end, you may configure it as follows.

interface Tunnel0
 ip address
 tunnel source
 tunnel destination
 tunnel mode ipip

Disabling the tunnel number 0.

tun 0 clear