From a0172c375c724e8d4bfbba1d061e70bcb494bc79 Mon Sep 17 00:00:00 2001 From: Phil Dibowitz Date: Tue, 27 Mar 2018 15:47:04 -0700 Subject: ifup-tunnel: Support 'external' tunnels (#172) * ifup-tunnel: Support 'external' tunnels This is a newish feature upstream. You can now set the external flag on a ip6_tunnel type interface (though not the primary one, ip6tnl0), and doing so will allow it to decapsulate any packet, and assuming that the inner address is the one on that interface, it'll drop it back on the stack. This is useful for DSR vips. While v6-in-v6 was already supported, this allows v4-in-v6 which is necessary to serve v4 traffic in a v6only infrastructure. There's comments in ifup-tunnel that imply it was designed only for GRE tunnels, but this still seems like the best place for this. --- sysconfig/network-scripts/ifup-tunnel | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'sysconfig/network-scripts') diff --git a/sysconfig/network-scripts/ifup-tunnel b/sysconfig/network-scripts/ifup-tunnel index 5a1df54c..afdfe928 100755 --- a/sysconfig/network-scripts/ifup-tunnel +++ b/sysconfig/network-scripts/ifup-tunnel @@ -47,7 +47,7 @@ IPIP) proto=-4 /sbin/modprobe ipip ;; -IPIP6) +IPIP6|EXTERNAL) MODE=ipip6 proto=-6 /sbin/modprobe ip6_tunnel @@ -66,10 +66,14 @@ fi # Create the tunnel # The outer addresses are those of the underlying (public) network. -/sbin/ip $proto tunnel add "$DEVICE" mode "$MODE" \ - ${MY_OUTER_IPADDR:+local "$MY_OUTER_IPADDR"} \ - ${PEER_OUTER_IPADDR:+remote "$PEER_OUTER_IPADDR"} \ - ${KEY:+key "$KEY"} ${TTL:+ttl "$TTL"} +if [ "$TYPE" = 'EXTERNAL' ]; then + /sbin/ip link add "$DEVICE" type ip6tnl external +else + /sbin/ip $proto tunnel add "$DEVICE" mode "$MODE" \ + ${MY_OUTER_IPADDR:+local "$MY_OUTER_IPADDR"} \ + ${PEER_OUTER_IPADDR:+remote "$PEER_OUTER_IPADDR"} \ + ${KEY:+key "$KEY"} ${TTL:+ttl "$TTL"} +fi if [ -n "$MTU" ]; then /sbin/ip link set "$DEVICE" mtu "$MTU" -- cgit v1.2.1