Add L2TPv3

This commit is contained in:
Marek Küthe 2024-07-27 15:53:56 +00:00
parent 743a0277d1
commit e820a83c89
No known key found for this signature in database
GPG Key ID: 7E869146699108C7
1 changed files with 51 additions and 0 deletions

View File

@ -148,6 +148,57 @@ Here `<lport>` is the own port and `<rport>` is the port of the peer. `<local>`
Specifying the source IP address can prevent an attacker with a wrong source IP address from sending an encapsulated tunnel packet (e. g. GRE or SIT) that has the correct source address in the UDP tunnel. However, this procedure does not protect against IP spoofing. Specifying the source IP address can prevent an attacker with a wrong source IP address from sending an encapsulated tunnel packet (e. g. GRE or SIT) that has the correct source address in the UDP tunnel. However, this procedure does not protect against IP spoofing.
## L2TPv3
L2TPv3 tunnels Layer 2 packets either via IP or UDP.
The first step is to set up an L2TPv3 tunnel. Based on this, a session is created, which represents the actual Layer 2 tunnel. When creating the session, it is possible to specify the interface name. Several sessions can be created in one tunnel. The actual data can be tunneled via IP or UDP.
Each side defines a unique ID for both the tunnel and the session. In contrast to VXLAN, however, the other side can use a different ID.
Tunneling over IP:
```
ip l2tp add tunnel remote <remote> local <local> tunnel_id <tunnel id> peer_tunnel_id <remote tunnel id> encap ip
```
The tunnel or session id can range from 1 to 4294967295 (2^32-1).
Tunneling over UDP:
```
ip l2tp add tunnel remote <remote> local <local> tunnel_id <tunnel id> peer_tunnel_id <remote tunnel id> encap udp udp_sport <lport> udp_dport <rport>
```
Where `<lport>` is the local listen port and `<rport>` is the port of the remote side. On the other side, the ports are configured the other way round.
The following command can be used to remove a session:
```
ip l2tp del session tunnel_id <tunnel id> session_id <session id>
```
The following command can be used to remove a tunnel (all sessions in the tunnel are also removed):
```
ip l2tp del tunnel tunnel_id <tunnel id>
```
Removal via `ip link del` is not possible.
The following command can be used to display the currently configured tunnels:
```
ip l2tp show tunnel
```
And to display the sessions, the following command can be used:
```
ip l2tp show session
```
It is also possible to display a specific session or tunnel:
```
ip l2tp show tunnel tunnel_id <tunnel id>
ip l2tp show tunnel session_id <session id>
```
```
ip l2tp show session tunnel_id <tunnel id>
ip l2tp show session session_id <session id>
```
## Further links ## Further links
- [An introduction to Linux virtual interfaces: Tunnels](https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels#) - [An introduction to Linux virtual interfaces: Tunnels](https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels#)