diff options
| author | Phil Dibowitz <phil@ipom.com> | 2018-03-27 15:47:04 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-03-27 15:47:04 -0700 |
| commit | a0172c375c724e8d4bfbba1d061e70bcb494bc79 (patch) | |
| tree | c2bbb6902e28abef592b3472903bfac3a1521071 | |
| parent | bf2bfcf34a76b6967e4389239c55c5a41033f03a (diff) | |
| download | initscripts-a0172c375c724e8d4bfbba1d061e70bcb494bc79.tar initscripts-a0172c375c724e8d4bfbba1d061e70bcb494bc79.tar.gz initscripts-a0172c375c724e8d4bfbba1d061e70bcb494bc79.tar.bz2 initscripts-a0172c375c724e8d4bfbba1d061e70bcb494bc79.tar.xz initscripts-a0172c375c724e8d4bfbba1d061e70bcb494bc79.zip | |
ifup-tunnel: Support 'external' tunnels (#172)
* ifup-tunnel: Support 'external' tunnels
This is a newish feature upstream. You can now set the external flag on a
ip6_tunnel type interface (though not the primary one, ip6tnl0), and doing so
will allow it to decapsulate any packet, and assuming that the inner address is
the one on that interface, it'll drop it back on the stack.
This is useful for DSR vips. While v6-in-v6 was already supported, this allows
v4-in-v6 which is necessary to serve v4 traffic in a v6only infrastructure.
There's comments in ifup-tunnel that imply it was designed only for GRE tunnels,
but this still seems like the best place for this.
| -rw-r--r-- | sysconfig.txt | 7 | ||||
| -rwxr-xr-x | sysconfig/network-scripts/ifup-tunnel | 14 |
2 files changed, 15 insertions, 6 deletions
diff --git a/sysconfig.txt b/sysconfig.txt index 8f347cb7..0b1b500c 100644 --- a/sysconfig.txt +++ b/sysconfig.txt @@ -931,7 +931,12 @@ Files in /etc/sysconfig/network-scripts/ "mode=active-backup arp_interval=60 arp_ip_target=192.168.1.1,192.168.1.2" Tunnel-specific items: - TYPE=GRE|IPIP|IPIP6 + TYPE=GRE|IPIP|IPIP6|EXTERNAL + External is a mode for ip6_tunnel interfaces (that cannot be set on + the primary ip6tnl0 interface), which permits unwrapping encapsulated + packets regardless of their internal IP (v4 or v6) provided the inner + address is on the interface. Use $MY_INNER_IPADDR for v4 addresses. Use + $IPV6ADDR and $IPV6ADDR_SECONDARIES as usual for v6 addresses. MY_INNER_IPADDR=local IP address of the tunnel interface PEER_OUTER_IPADDR=IP address of the remote tunnel endpoint MY_OUTER_IPADDR=IP address of the local tunnel endpoint diff --git a/sysconfig/network-scripts/ifup-tunnel b/sysconfig/network-scripts/ifup-tunnel index 5a1df54c..afdfe928 100755 --- a/sysconfig/network-scripts/ifup-tunnel +++ b/sysconfig/network-scripts/ifup-tunnel @@ -47,7 +47,7 @@ IPIP) proto=-4 /sbin/modprobe ipip ;; -IPIP6) +IPIP6|EXTERNAL) MODE=ipip6 proto=-6 /sbin/modprobe ip6_tunnel @@ -66,10 +66,14 @@ fi # Create the tunnel # The outer addresses are those of the underlying (public) network. -/sbin/ip $proto tunnel add "$DEVICE" mode "$MODE" \ - ${MY_OUTER_IPADDR:+local "$MY_OUTER_IPADDR"} \ - ${PEER_OUTER_IPADDR:+remote "$PEER_OUTER_IPADDR"} \ - ${KEY:+key "$KEY"} ${TTL:+ttl "$TTL"} +if [ "$TYPE" = 'EXTERNAL' ]; then + /sbin/ip link add "$DEVICE" type ip6tnl external +else + /sbin/ip $proto tunnel add "$DEVICE" mode "$MODE" \ + ${MY_OUTER_IPADDR:+local "$MY_OUTER_IPADDR"} \ + ${PEER_OUTER_IPADDR:+remote "$PEER_OUTER_IPADDR"} \ + ${KEY:+key "$KEY"} ${TTL:+ttl "$TTL"} +fi if [ -n "$MTU" ]; then /sbin/ip link set "$DEVICE" mtu "$MTU" |