Linux网络工具学习之:IP命令学习15

leiiwang

Linux网络工具学习之:IP命令学习15

标签(空格分隔): 网络

本文旨在通过IP命令介绍和学习Linux网络的相关知识

1. 概述

3. ip addr

4 ip addrlabel

5 ip route

6 ip rule

7 ip neighbour

8 ip ntable

9 ip tunnel

10 ip tuntap

11 ip maddr/mroute/mrule

12 ip monitor

13 ip xfrm

14 ip netns

15 ip l2tp

15.1 概述

第二层隧道协议(英语:Layer Two Tunneling Protocol,缩写为L2TP)是一种虚拟隧道协议,通常用于虚拟专用网。L2TP协议自身不提供加密与可靠性验证的功能,可以和安全协议搭配使用,从而实现数据的加密传输。经常与L2TP协议搭配的加密协议是IPsec,当这两个协议搭配使用时,通常合称L2TP/IPsec。

Usage: ip l2tp add tunnel
          remote ADDR local ADDR
          tunnel_id ID peer_tunnel_id ID
          [ encap { ip | udp } ]
          [ udp_sport PORT ] [ udp_dport PORT ]
Usage: ip l2tp add session [ name NAME ]
          tunnel_id ID
          session_id ID peer_session_id ID
          [ cookie HEXSTR ] [ peer_cookie HEXSTR ]
          [ offset OFFSET ] [ peer_offset OFFSET ]
          [ l2spec_type L2SPEC ]
       ip l2tp del tunnel tunnel_id ID
       ip l2tp del session tunnel_id ID session_id ID
       ip l2tp show tunnel [ tunnel_id ID ]
       ip l2tp show session [ tunnel_id ID ] [ session_id ID ]

Where: NAME   := STRING
       ADDR   := { IP_ADDRESS | any }
       PORT   := { 0..65535 }
       ID     := { 1..4294967295 }
       HEXSTR := { 8 or 16 hex digits (4 / 8 bytes) }
       L2SPEC := { none | default }

参考:manual 参考:第二层隧道协议 参考:Layer 2 Tunneling Protocol

Tunnels 相关的知识: 参考:Types of Network Tunnels 参考:GRE vs IPIP Tunneling ipip tunnel 是端对端的,通信也就只能是点对点的,而 GRE tunnel 却可以进行多播。 参考:VPN 隧道协议PPTP、L2TP、IPSec和SSLVPN的区别 参考:技术点详解—L2TP VPN 参考:互联网安全协议

15.2 ip l2tp add/del/show tunnel

增删查tunnel

15.3 ip l2tp add/del/show session

增删查a new session to a tunnel

modprobe l2tp_eth
#Setup L2TP tunnels and sessions
ip netns exec net1 ip l2tp add tunnel tunnel_id 3000 peer_tunnel_id 4000 encap udp local 192.168.0.1 remote 192.168.0.2 udp_sport 5000 udp_dport 6000
ip netns exec net1 ip l2tp add session tunnel_id 3000 session_id 1000 peer_session_id 2000

ip netns exec net2 ip l2tp add tunnel tunnel_id 4000 peer_tunnel_id 3000 encap udp local 192.168.0.2 remote 192.168.0.1 udp_sport 6000 udp_dport 5000
ip netns exec net2 ip l2tp add session tunnel_id 4000 session_id 2000 peer_session_id 1000

ip netns exec net1 ip link set l2tpeth0 up mtu 1488
ip netns exec net2 ip link set l2tpeth0 up mtu 1488

#Notice that the IP addresses, UDP ports and tunnel / session ids are matched and reversed at each site.

#Configure as IP interfaces  The two interfaces can be configured with IP addresses if only IP data s to be carried. This is perhaps the simplest configuration.

ip netns exec net1 ip addr add 10.42.1.1 peer 10.42.1.2 dev l2tpeth0
ip netns exec net2 ip addr add 10.42.1.2 peer 10.42.1.1 dev l2tpeth0

ip netns exec net1 ping 10.42.1.2

另一个例子

comments powered by Disqus