diff --git a/docs/tunneling/iptunnel.md b/docs/tunneling/iptunnel.md index 87ae34f..c7750a6 100644 --- a/docs/tunneling/iptunnel.md +++ b/docs/tunneling/iptunnel.md @@ -148,6 +148,57 @@ Here `` is the own port and `` is the port of the peer. `` Specifying the source IP address can prevent an attacker with a wrong source IP address from sending an encapsulated tunnel packet (e. g. GRE or SIT) that has the correct source address in the UDP tunnel. However, this procedure does not protect against IP spoofing. +## L2TPv3 + +L2TPv3 tunnels Layer 2 packets either via IP or UDP. + +The first step is to set up an L2TPv3 tunnel. Based on this, a session is created, which represents the actual Layer 2 tunnel. When creating the session, it is possible to specify the interface name. Several sessions can be created in one tunnel. The actual data can be tunneled via IP or UDP. +Each side defines a unique ID for both the tunnel and the session. In contrast to VXLAN, however, the other side can use a different ID. + +Tunneling over IP: +``` +ip l2tp add tunnel remote local tunnel_id peer_tunnel_id encap ip +``` + +The tunnel or session id can range from 1 to 4294967295 (2^32-1). + +Tunneling over UDP: +``` +ip l2tp add tunnel remote local tunnel_id peer_tunnel_id encap udp udp_sport udp_dport +``` +Where `` is the local listen port and `` is the port of the remote side. On the other side, the ports are configured the other way round. + +The following command can be used to remove a session: +``` +ip l2tp del session tunnel_id session_id +``` + +The following command can be used to remove a tunnel (all sessions in the tunnel are also removed): +``` +ip l2tp del tunnel tunnel_id +``` +Removal via `ip link del` is not possible. + +The following command can be used to display the currently configured tunnels: +``` +ip l2tp show tunnel +``` + +And to display the sessions, the following command can be used: +``` +ip l2tp show session +``` + +It is also possible to display a specific session or tunnel: +``` +ip l2tp show tunnel tunnel_id +ip l2tp show tunnel session_id +``` +``` +ip l2tp show session tunnel_id +ip l2tp show session session_id +``` + ## Further links - [An introduction to Linux virtual interfaces: Tunnels](https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels#)