Linux的ipip隧道实验
--发布于 2022-04-06 15:38:51
拓扑图
这次用的是两台vultr的CentOS 7.6主机,分别叫做机器A和机器B
机器A位于东京,公网IP 108.61.246.21
[root@vultr ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 108.61.246.21 netmask 255.255.254.0 broadcast 108.61.247.255
inet6 fe80::5400:2ff:fee8:5d69 prefixlen 64 scopeid 0x20<link>
ether 56:00:02:e8:5d:69 txqueuelen 1000 (Ethernet)
RX packets 298779157 bytes 258990468161 (241.2 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 284550797 bytes 300810391170 (280.1 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0机器B位于洛杉矶,公网IP 149.28.67.97
[root@vultr ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 149.28.67.97 netmask 255.255.254.0 broadcast 149.28.67.255
inet6 fe80::5400:3ff:feef:6892 prefixlen 64 scopeid 0x20<link>
inet6 2001:19f0:6001:1b5f:5400:3ff:feef:6892 prefixlen 64 scopeid 0x0<global>
ether 56:00:03:ef:68:92 txqueuelen 1000 (Ethernet)
RX packets 33886 bytes 69175449 (65.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 28588 bytes 1898699 (1.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0在这两台机器之间架设一条ipip隧道
首先,在两台机器上,卸载CentOS 7自带的firewalld,安装iptables防火墙
# 先卸载firewalld防火墙安装iptables
systemctl stop firewalld
systemctl disable firewalld
yum -y install iptables-services
systemctl enable iptables.service然后,在两台机器上,看是否有加载ipip模块(默认是没有加载的)。如果没有,则运行modprobe ipip进行加载
[root@vultr ~]# lsmod | grep ipip # 查看是否有加载ipip模块
[root@vultr ~]# modprobe ipip # 加载ipip模块
[root@vultr ~]# lsmod | grep ipip # 再一次查看,有内容输出表明加载了ipip模块
ipip 13465 0
tunnel4 13252 1 ipip
ip_tunnel 25163 1 ipip在机器A上,执行如下代码
ip tunnel add tunnel0 mode ipip remote 149.28.67.97 local 108.61.246.21
ip addr add 10.42.1.1/24 dev tunnel0
ip link set tunnel0 up
ip route add 10.42.2.0/24 dev tunnel0 # 添加发往对端的路由在机器B上,执行如下代码
ip tunnel add tunnel0 mode ipip remote 108.61.246.21 local 149.28.67.97
ip addr add 10.42.2.1/24 dev tunnel0
ip link set tunnel0 up
ip route add 10.42.1.0/24 dev tunnel0 # 添加发往对端的路由然后,在机器A上ping机器B
[root@vultr ~]# ping -c 4 10.42.2.1
PING 10.42.2.1 (10.42.2.1) 56(84) bytes of data.
64 bytes from 10.42.2.1: icmp_seq=1 ttl=64 time=99.0 ms
64 bytes from 10.42.2.1: icmp_seq=2 ttl=64 time=99.1 ms
64 bytes from 10.42.2.1: icmp_seq=3 ttl=64 time=99.1 ms
64 bytes from 10.42.2.1: icmp_seq=4 ttl=64 time=99.2 ms
--- 10.42.2.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 99.080/99.151/99.208/0.388 ms然后,在机器B上ping机器A
[root@vultr ~]# ping -c 4 10.42.1.1
PING 10.42.1.1 (10.42.1.1) 56(84) bytes of data.
64 bytes from 10.42.1.1: icmp_seq=1 ttl=64 time=98.9 ms
64 bytes from 10.42.1.1: icmp_seq=2 ttl=64 time=99.1 ms
64 bytes from 10.42.1.1: icmp_seq=3 ttl=64 time=99.3 ms
64 bytes from 10.42.1.1: icmp_seq=4 ttl=64 time=99.1 ms
--- 10.42.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 98.958/99.144/99.327/0.340 ms互ping都通,表明搭建成功了。
附录
ipip隧道的网络协议号为4,TCP的为6,UDP的为17
查看帮助的命令 ip tunnel help
--更新于 2023-03-09 10:51:41