Tunnels are used to merge two remote and physically not connected networks into one logical structure. Tunnels are widely used to create corporate networks or the so-called virtual private networks (VPN): several remote offices, connected to the network through the same or different providers, are connected to the company headquarters or to each other by tunnels, thus forming one corporate structure. Common IP address space and registration/accounting policy can be used throughout the whole VPN-based corporate network, independently of network provider(s) used. Tunnels also solve the problem of using common transport media in a public network so that different clients could be provided with services by several providers. It means that a client can be connected by a tunnel to a specific provider, to be serviced by that provider, irrespective of the client's connection point to a common transport network.
Syntax:
tun N mode {ipip | gre} tun N src ADDR dst ADDR [mtu N] [clear] |
Four parameters are necessary to configure a tunnel:
|
Use the "ifconfig" command to define internal IP-addresses for both ends of a tunnel "0" as addresses for an interface denoted as "tun0".
The tun command defines real IP-addresses for the tunnel "0" extremities.
Outgoing packets are encapsulated into IP datagrams and sent to the "194.34.34.34" address.
The "195.23.23.23" address is inserted into the datagram as source address. The "195.23.23.23" address must be a real IP-address for one of the router's interfaces; for the same reason, it shall be attainable from the router at the tunnel's remote end through the existing network (and not only through this tunnel). | ||||
At the opposite side of the tunnel this would look as follows.
| ||||
If you use a Cisco Systems router at the remote end, you may configure it as follows.
| ||||
Disabling the tunnel number 0.
|