What does ip addr add dev tun1 local 192.168.69.0 remote 192.168.69.1 mean? [closed]

ubuntu iptables tun

Solution 1:

In simple terms, you can distingush between two types of links (this is simplification, but enough for this question):

  • peer-to-peer links, where each side of a link is a single peer. Each peer knows that there is just one other peer behind the link and everybody else is routed. Example is a serial link (via the PSTN modem)
  • multiple access links, where there may be more than one other peer behind the link. There are multitude of examples, like Ethernet, WiFi, and some obsolete ones

When you configure address to an interface in the (usual) form of "address and netmask" via ip address add x.y.z.t/n dev eth, you essentially do the following things:

  • tell kernel it should recognize an x.y.z.t as its own address, so it adds a scope local route into local routing table
  • tell kernel that addresses like x.y.z.00...0÷x.y.z.11...1 are directly accessible behind the link, so it adds a scope link route via this interface into the main routing table (/n specifies actually how many bits of address are common for all host on that network)
  • tell kernel x.y.z.11...1 is the "broadcast" address of the link, so it adds a broadcast route into the local table (and will consider packets destined to that address, in addition to the "node personal" address x.y.z.t)

But there is no "network" behind the peer-to-peer link, there is nobody to broadcast to, there may be only one other peer. When you add address to the link in the form ip address add local x.y.z.t remote b.c.d.e dev tun, you essentially do the following:

  • tell the kernel it should recognize an x.y.z.t as its own address, so it adds a scope local route into local routing table
  • tell the kernel the address b.c.d.e is directly accessible through that link, so it adds a route to that address via this interface to the main routing table.

E.g. the command ip address add local 10.0.1.0 remote 10.0.1.1 dev tun0 simply creates the following routes:

  • local 10.0.1.0 dev tun0 proto kernel scope host src 10.0.1.0 (in the local table)
  • 10.0.1.1 dev tun0 proto kernel scope link src 10.0.1.0 (in the main table)

Check routing tables before and after issuing "ip address add" commands in both cases.

Notice you may add peer-to-peer style config to the multiple access inteface and vice versa; you even can add a single "/32" address and then add routing "via the interface" by hand, and that will work exactly as if you set a meaningful netmask or remote address in the command. You can even add several types of configuration to the single interface and all of them could work simultaneously! So don't take all of these parameters too serously, think of them as the way to automatically add necessary routes when you configure an address.

Related

cp from shell (Terminal) or Finder: "Operation not supported"
How do you disable VI-like behavior in macOS terminal?
Booting to Recovery Mode won't work anymore
How do I remove search suggestions from iOS Safari?
Turning of indexing on Time Machine Volumes
Hiding the quoted messages in Mail? [duplicate]
How to repair time machine after it loses its history
Poor quality font when connecting MBP 2016 to external 27 inch full HD monitor
macOS catalina, Apache Benchmark (ab) not working, dyld library not loaded
How do I search by multiple tags?
How to 'reconnect' an Apple pencil 2 to iPad pro?
ios https incommunicado: Installing PEM certificate