[plug] Routing with nonat - ssh tunnel and port forwarding

Carl Gherardi carl.gherardi at gmail.com
Thu Mar 19 09:19:36 WST 2009

> For simply tunnelling the IP traffic across the network you can create a
> tunnel trivially, with either IP-in-IP or GRE, on Linux, without a
> problem.
> IP-in-IP is relatively Linux specific, but easy:
>    ip tunnel add example1 mode ipip remote local \
>        ttl 64 dev eth0
> GRE is not Linux specific, so you can terminate it at any host that
> supports a GRE tunnel.  The same is true of IPIP tunnels, but less
> things support them.  Anyway:
>    ip tunnel add example2 mode gre remote local \
>        ttl 64 dev eth0
> GRE also supports multiple tunnels with the same host, through the key,
> csum and seq features, about which you can learn if you want.
> IPIP tunnels only carry IPv4, GRE carries anything.

Thanks for this. I found ssh -w last night and that seemed
appropriate. I've had problems stacking the additional tun device on
the existing vpnc connection (which is how i'm hopping the broken
equip in 1 direction)

> and that PMTU discovery is enabled on your application servers, or
> manually configure their MTU.

Need to look this up.

> Footnotes:
> [1]  ...well, personally I would make the life of whoever owned the
>     faulty device in the middle hell until they fixed their problem, so
>     that I didn't have to work around it, since it saves work in the
>     long run, but if you can't do that then you are correct... ;)

The broken peice of equipment is 'no line installed', which we are on
but is going to take longer than acceptable.


Carl G

More information about the plug mailing list