IPIP - tst-amo

Два маршрутизатора (Net-R0 и Net-R2) на базе Linux CentOS 7 с такими вводными:

Net-R0:

WAN enp0s3 192.168.113.63
LAN enp0s8 10.0.0.1

Net-R2:

WAN enp0s3 192.168.113.65
LAN enp0s8 172.16.8.1

Поднять тонель и получить доступ к внутренним сетям.

# sysctl net.ipv4.ip_forward=1

Net-R0:

[root@Net-R0 network-scripts]# cat ifcfg-ipip1
DEVICE=tun0
BOOTPROTO=none
ONBOOT=no
TYPE=IPIP

## Addr Srv Net-R0
MY_OUTER_IPADDR=192.168.113.63
MY_INNER_IPADDR=172.17.254.1

PEER_OUTER_IPADDR=192.168.113.65
PEER_INNER_IPADDR=172.17.254.2

Net-R2:

[root@Net-R2 network-scripts]# cat ifcfg-ipip1
DEVICE=tun0
BOOTPROTO=none
ONBOOT=no
TYPE=IPIP

## Addr Srv Net-R2
MY_OUTER_IPADDR=192.168.113.65
## Addr Srv in a tonnel
MY_INNER_IPADDR=172.17.254.2

# Addr Peer (other side Net-R0)
PEER_OUTER_IPADDR=192.168.113.63
PEER_INNER_IPADDR=172.17.254.1

Теперь посмотрим IPIP пакеты. Видно, что пакеты IPIP энкапсулируют заголовок IP (192.168.113.65 > 192.168.113.63) во внутренний IP заголовок (172.17.254.2 > 10.0.0.1).

[root@Net-R2]# ping 10.0.0.1 -c2
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.863 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.522 ms

[root@Net-R0]# tcpdump -vvnneSs 0 -i any port not ssh
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
04:55:26.814714 In 08:00:27:5b:03:19 ethertype IPv4 (0x0800), length 120: (tos 0x0, ttl 64, id 12468, offset 0, flags [DF], proto IPIP (4), length 104)
    192.168.113.65 > 192.168.113.63: (tos 0x0, ttl 64, id 31918, offset 0, flags [DF], proto ICMP (1), length 84)
    172.17.254.2 > 10.0.0.1: ICMP echo request, id 25063, seq 1, length 64
04:55:26.814828 In ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 31918, offset 0, flags [DF], proto ICMP (1), length 84)
    172.17.254.2 > 10.0.0.1: ICMP echo request, id 25063, seq 1, length 64
04:55:26.814877 Out ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 22476, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.0.1 > 172.17.254.2: ICMP echo reply, id 25063, seq 1, length 64
04:55:26.814886 Out 08:00:27:5c:5e:08 ethertype IPv4 (0x0800), length 120: (tos 0x0, ttl 64, id 63103, offset 0, flags [DF], proto IPIP (4), length 104)
    192.168.113.63 > 192.168.113.65: (tos 0x0, ttl 64, id 22476, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.0.1 > 172.17.254.2: ICMP echo reply, id 25063, seq 1, length 64