# tun command (tunnels building)

### Description <a href="#id-tuncommand-tunnelsbuilding-description" id="id-tuncommand-tunnelsbuilding-description"></a>

Tunnels are used to merge two remote and physically not connected networks into one logical structure. Tunnels are widely used to create corporate networks or the so-called virtual private networks (VPN): several remote offices, connected to the network through the same or different providers, are connected to the company headquarters or to each other by tunnels, thus forming one corporate structure. Common IP address space and registration/accounting policy can be used throughout the whole VPN-based corporate network, independently of network provider(s) used. Tunnels also solve the problem of using common transport media in a public network so that different clients could be provided with services by several providers. It means that a client can be connected by a tunnel to a specific provider, to be serviced by that provider, irrespective of the client's connection point to a common transport network.

**Syntax:**

```
tun N mode {ipip | gre}
tun N src ADDR dst ADDR [mtu N] [clear]
```

Four parameters are necessary to configure a tunnel:

1. The internal IP-address of the local end of the P2P link
2. The internal IP-address of the remote end of the P2P link
3. Real source IP-address to be specified in the outgoing packets
4. Real destination IP-address to be specified in the outgoing packets.

### Parameters <a href="#id-tuncommand-tunnelsbuilding-parameters" id="id-tuncommand-tunnelsbuilding-parameters"></a>

<table><thead><tr><th width="187">Parameter</th><th>Description</th></tr></thead><tbody><tr><td><em><strong>N mode</strong></em></td><td><p>Allows to select type of encapsulation for tunnel "<em>N</em>".</p><ul><li><em>"ipip"</em> – IP into IP encapsulation (described in RFC 2003).</li><li><em>"gre"</em> – generic routing encapsulation.</li></ul></td></tr><tr><td><em><strong>N src ADDR dst ADDR</strong></em></td><td>Assigns the source (<em>src</em>) and destination (<em>dst</em>) real IP-addresses to a tunnel specified by its logical number "<em>N"</em> which has been created by an "<em>ifconfig</em>" command.</td></tr><tr><td><em><strong>[mtu N]</strong></em></td><td>Allows to set the Maximum Transfer Unit size for packets going through the tunnel. Default value is 1480 bytes.</td></tr><tr><td><em><strong>[clear]</strong></em></td><td>Disabling the tunnel number "<em>N".</em></td></tr></tbody></table>

### Examples <a href="#id-tuncommand-tunnelsbuilding-examples" id="id-tuncommand-tunnelsbuilding-examples"></a>

Use the "*ifconfig*" command to define internal IP-addresses for both ends of a tunnel "*0*" as addresses for an interface denoted as "*tun0*".

```
ifconfig tun0 1.1.1.1 1.1.1.2
```

Outgoing packets are encapsulated into IP datagrams and sent to the "*194.34.34.34*" address.

{% hint style="warning" %}
**NOTE**

The "*194.34.34.34*" address shall also be attainable through an interface of the router different from that used to access the tunnel. This can be done, for example, by using explicit static routing (the route add command), or by prohibiting importation of some of the RIP protocol route descriptors arriving to that interface. If this condition is not satisfied, a looping may happen, when already encapsulated packets come back to the tunnel entrance, and so on, causing system overload. The system watches over such situations, and when discovering a loop, drops erroneous packets and writes a message into the system log.

*tunX: looping...*
{% endhint %}

The "*195.23.23.23*" address is inserted into the datagram as source address.

The "*195.23.23.23*" address must be a real IP-address for one of the router's interfaces; for the same reason, it shall be attainable from the router at the tunnel's remote end through the existing network (and not only through this tunnel).

At the opposite side of the tunnel this would look as follows.

```
ifconfig tun0 1.1.1.2 1.1.1.1
tun 0 src 194.34.34.34 dst 195.23.23.23
```

If you use a Cisco Systems router at the remote end, you may configure it as follows.

```
interface Tunnel0
 ip address 1.1.1.2 255.255.255.252
 tunnel source 195.34.34.34
 tunnel destination 195.23.23.23
 tunnel mode ipip
!
```

Disabling the tunnel number 0.

```
tun 0 clear
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wiki.astrawireless.net/astra-wireless-documentation/technical-documentation/astraflex-technical-user-manual/layer-3-command-set-ip-networking/tun-command-tunnels-building.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.