tunnel objects are tunnels, encapsulating packets in IP packets and
then sending them over the IP infrastructure. The encapsulating (or
outer) address family is specified by the -f option. The default is
ip tunnel add
add a new tunnel
ip tunnel change
change an existing tunnel
ip tunnel delete
destroy a tunnel
select the tunnel device name.
set the tunnel mode. Available modes depend on the
encapsulating address family.
Modes for IPv4 encapsulation available: ipip, sit,
isatap, vti, and gre.
Modes for IPv6 encapsulation available: ip6ip6, ipip6,
ip6gre, vti6, and any.
set the remote endpoint of the tunnel.
set the fixed local address for tunneled packets. It
must be an address on another interface of this host.
ttl Nhoplimit N
set a fixed TTL (IPv4) or hoplimit (IPv6) N on tunneled
packets. N is a number in the range 1--255. 0 is a
special value meaning that packets inherit the TTL
value. The default value for IPv4 tunnels is: inherit.
The default value for IPv6 tunnels is: 64.
tos Tdsfield Ttclass T
set the type of service (IPv4) or traffic class (IPv6)
field on tunneled packets, which can be specified as
either a two-digit hex value (e.g. c0) or a predefined
string (e.g. internet). The value inherit causes the
field to be copied from the original IP header. The
values inherit/STRING or inherit/00..ff will set the
field to STRING or 00..ff when tunneling non-IP
packets. The default value is 00.
bind the tunnel to the device NAME so that tunneled
packets will only be routed via this device and will
not be able to escape to another device when the route
to endpoint changes.
disable Path MTU Discovery on this tunnel. It is
enabled by default. Note that a fixed ttl is
incompatible with this option: tunneling with a fixed
ttl always makes pmtu discovery.
key Kikey Kokey K ( only GRE tunnels ) use keyed GRE with key K. K is
either a number or an IP address-like dotted quad. The
key parameter sets the key to use in both directions.
The ikey and okey parameters set different keys for
input and output.
csum, icsum, ocsum
( only GRE tunnels ) generate/require checksums for
tunneled packets. The ocsum flag calculates checksums
for outgoing packets. The icsum flag requires that all
input packets have the correct checksum. The csum flag
is equivalent to the combination icsum ocsum.
seq, iseq, oseq
( only GRE tunnels ) serialize packets. The oseq flag
enables sequencing of outgoing packets. The iseq flag
requires that all input packets are serialized. The
seq flag is equivalent to the combination iseq oseq.
It doesn't work. Don't use it.encaplim ELIM
( only IPv6 tunnels ) set a fixed encapsulation limit.
Default is 4.
( only IPv6 tunnels ) set a fixed flowlabel.
ip tunnel prl
potential router list (ISATAP only)
mandatory device name.
prl-default ADDRprl-nodefault ADDRprl-delete ADDR
Add or delete ADDR as a potential router or default
ip tunnel show
list tunnels This command has no arguments.
This page is part of the iproute2 (utilities for controlling TCP/IP
networking and traffic) project. Information about the project can
be found at
If you have a bug report for this manual page, send it to
email@example.com, firstname.lastname@example.org. This page was obtained
from the project's upstream Git repository
on 2017-03-13. If you discover any rendering problems in this HTML
version of the page, or you believe there is a better or more up-to-
date source for the page, or you have corrections or improvements to
the information in this COLOPHON (which is not part of the original
manual page), send a mail to email@example.com
iproute2 20 Dec 2011 IP-TUNNEL(8)