1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
#!/bin/sh
RCDLINKS="2,S45 3,S45 6,K45"
################################################################################
# Script to create a gre or ipip tunnel -- Shorewall 1.2
#
# Modified - Steve Cowles 5/9/2000
# Incorporated init {start|stop} syntax and iproute2 usage
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
# (c) 2000,2001,2002 - Tom Eastep (teastep@shorewall.net)
#
# Modify the following variables to match your configuration
#
# chkconfig: 2345 26 89
# description: GRE/IP Tunnel
#
################################################################################
#
# Type of tunnel (gre or ipip)
#
tunnel_type=gre
# Name of the tunnel
#
tunnel="dfwbos"
#
# Address of your External Interface (only required for gre tunnels)
#
myrealip="x.x.x.x"
# Address of the local system -- this is the address of one of your
# local interfaces (or for a mobile host, the address that this system has
# when attached to the local network).
#
myip="192.168.1.254"
# Address of the Remote system -- this is the address of one of the
# remote system's local interfaces (or if the remote system is a mobile host,
# the address that it uses when attached to the local network).
hisip="192.168.9.1"
# Internet address of the Remote system
#
gateway="x.x.x.x"
# Remote sub-network -- if the remote system is a gateway for a
# private subnetwork that you wish to
# access, enter it here. If the remote
# system is a stand-alone/mobile host, leave this
# empty
subnet="192.168.9.0/24"
PATH=$PATH:/sbin:/usr/sbin:/usr/local/sbin
load_modules () {
case $tunnel_type in
ipip)
echo "Loading IP-ENCAP Module"
modprobe ipip
;;
gre)
echo "Loading GRE Module"
modprobe ip_gre
;;
esac
}
do_stop() {
if [ -n "`ip link show $tunnel 2>/dev/null`" ]; then
echo "Stopping $tunnel"
ip link set dev $tunnel down
fi
if [ -n "`ip addr show $tunnel 2>/dev/null`" ]; then
echo "Deleting $tunnel"
ip tunnel del $tunnel
fi
}
do_start() {
#NOTE: Comment out the next line if you have built gre/ipip into your kernel
load_modules
if [ -n "`ip link show $tunnel 2>/dev/null`" ]; then
do_stop
fi
echo "Adding $tunnel"
case $tunnel_type in
gre)
ip tunnel add $tunnel mode gre remote $gateway local $myrealip ttl 255
;;
*)
ip tunnel add $tunnel mode ipip remote $gateway
;;
esac
echo "Starting $tunnel"
ip link set dev $tunnel up
case $tunnel_type in
gre)
ip addr add $myip dev $tunnel
;;
*)
ip addr add $myip peer $hisip dev $tunnel
;;
esac
#
# As with all interfaces, the 2.4 kernels will add the obvious host
# route for this point-to-point interface
#
if [ -n "$subnet" ]; then
echo "Adding Routes"
case $tunnel_type in
gre)
ip route add $subnet dev $tunnel
;;
ipip)
ip route add $subnet via $gateway dev $tunnel onlink
;;
esac
fi
}
case "$1" in
start)
do_start
;;
stop)
do_stop
;;
restart)
do_stop
sleep 1
do_start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
|
