# dladm create-iptun [-t] -T type -a [local|remote]=addr,... tunnel-link
Creates a temporary tunnel. By default, the command creates a persistent tunnel.
If you want to configure a persistent IP interface over the tunnel, then you must create a persistent tunnel and not use the –t option.
Specifies the type of tunnel you want to create. This argument is required to create all tunnel types.
Specifies literal IP addresses or host names that correspond to the local address and the remote tunnel address. The addresses must be valid and already created in the system. Depending on the type of tunnel, you specify either only one address, or both local and remote addresses. If specifying both local and remote addresses, you must separate the addresses with a comma.
IPv4 tunnels require local and remote IPv4 addresses to function.
IPv6 tunnels require local and remote IPv6 addresses to function.
6to4 tunnels require a local IPv4 address to function.
Specifies the IP tunnel link. With support for meaningful names in a network-link administration in this release, tunnel names are no longer restricted to the type of tunnel that you are creating. Instead, you can assign any administratively chosen name to a tunnel. Tunnel names consist of a string and the physical point of attachment (PPA) number, for example, mytunnel0. For rules governing the assignment of meaningful names, refer to Rules for Valid Link Names in Configuring and Administering Network Components in Oracle Solaris 11.2 .
# dladm set-linkprop -p [hoplimit=value] [encaplimit=value] tunnel-link
Specifies the number of levels of nested tunneling that are allowed for a packet. This option applies only to IPv6 tunnels.
The values that you set for the hoplimit and encaplimit properties must remain within acceptable ranges. The hoplimit and encaplimit properties are tunnel link properties. Thus, these properties are administered by the same dladm subcommands as other link properties. The subcommands that you use are dladm set-linkprop, dladm reset-linkprop, and dladm show-linkprop.
# ipadm create-ip tunnel-interface
where tunnel-interface uses the same name as the tunnel link.
# ipadm create-addr [-t] -a local=address,remote=address interface
where interface specifies the tunnel interface.
For more information, see the ipadm (1M) man page and Configuring and Administering Network Components in Oracle Solaris 11.2 .
# ipadm show-addr interface
# dladm create-iptun -T ipv4 -a local=192.0.2.23,remote=203.0.113.14 private0 # dladm set-linkprop -p hoplimit=200 private0 # ipadm create-ip private0 # ipadm create-addr -T addrconf private0 private0/v6 # ipadm show-addr private0/ ADDROBJ TYPE STATE ADDR private0/v6 addrconf ok fe80::c000:217->fe80::cb00:710e
To add alternative addresses, use the same syntax. For example, you can add a global address as follows:
# ipadm create-addr -a local=2001:db8:4728::1,remote=2001:db8:4728::2 private0 private0/v6a # ipadm show-addr private0/ ADDROBJ TYPE STATE ADDR private0/v6 addrconf ok fe80::c000:217->fe80::cb00:710e private0/v6a static ok 2001:db8:4728::1->2001:db8:4728::2
Note that the prefix 2001:db8 for the IPv6 address is a special IPv6 prefix that is used specifically for documentation examples.Example 5-2 Creating an IPv4 Interface Over an IPv4 Tunnel
# dladm create-iptun -T ipv4 -a local=192.0.2.23,remote=203.0.113.14 vpn0 # ipadm create-ip vpn0 # ipadm create-addr -a local=10.0.0.1,remote=10.0.0.2 vpn0 vpn0/v4 # ipadm show-addr vpn0/ ADDROBJ TYPE STATE ADDR vpn0/v4 static ok 10.0.0.1->10.0.0.2
You can further configure IPsec policy to provide secure connections for the packets that flow over this tunnel. For information, see Chapter 7, Configuring IPsec, in Securing the Network in Oracle Solaris 11.2 .Example 5-3 Creating an IPv6 Interface Over an IPv6 Tunnel
# dladm create-iptun -T ipv6 -a local=2001:db8:feed::1234,remote=2001:db8:beef::4321 tun0 # ipadm create-ip tun0 # ipadm create-addr -T addrconf tun0 tun0/v6 # ipadm show-addr tun0/ ADDROBJ TYPE STATE ADDR tun0/v6 addrconf ok fe80::1234->fe80::4321
To add addresses, for example, a global address or alternative local and remote addresses, use the ipadm command as follows:
# ipadm create-addr -a local=2001:db8:cafe::1,remote=2001:db8:cafe::2 tun0 tun0/v6a # ipadm show-addr tun0/ ADDROBJ TYPE STATE ADDR tun0/v6 addrconf ok fe80::1234->fe80::4321 tun0/v6a static ok 2001:db8:cafe::1->2001:db8:cafe::2