HOMECOURSESSTUDENTSDONATIONSVIDEOSEVENTSTUTORIALSLINKSNEWSCONTACT


TUTORIALS 》 IP-in-IP Tunneling Demystified - VPN Tunnels

There can be many ways one can architect VPN Networks. The end objective is to tunnel private IP (typically LAN subnets) within public IP Networks (such as Internet). You can establish such a tunnel in various creative ways, such as Transport Mode, Tunnel Mode, IP-in-IP tunneling, etc. Also you can choose any transport layer protocol of your choice such as send VPN traffic via TCP, or via UDP and so on.

Sometimes since our objective is to just create a tunnel on public Internet (i.e L3 Routed Network), we may never need a transport layer. In such cases, we can just tunnel via IP-in-IP alone as shown below:
ip in ip scenarios VPN Tunnels
Since the routers operate in Layer-3, such VPN packets in theory will perfectly work and will reach the intended destination. From there the VPN server(s) or an app can recreate original LAN packets.

So if you see that way we can compare the VPN packet encapsulation differences between just IP-in-IP vs via added Transport Layer (either TCP or UDP).
IP in IP vs TCP UDP tunnels

In some weird situation if this VPN data (in this case IP-in-IP) is encapsulated inside another VPN Network (again IP-in-IP), then you can get into a weird scenario like this as shown below. Although it is perfectly fine to do as per the IPv4 routed network standards, we should know the fact that each VPN tunnel/layer will reduce the MTU of the actual application payload due to all those extra added headers and as well performance due to encapsulation as well possibly VPN tunnel compression.
Nested IP in IP VPN Tunnels

For VPNs which are built via Transport Layer network sockets (such as TCP/ UDP), one can choose either of the protocols. Since what we send the LAN data itself could be end-to-end TCP sessions which has reliability in place, we don't need strictly VPNs with TCP as its Transport Layer protocol such as TCP. Instead we can use UDP itself. Which is why I say always UDP is nothing but Layer-2 on IPv4 Networks.
VPN Tunnel Reliability

Refer:
PacketLife.net Packet Captures - https://packetlife.net/captures/category/tunne ...
IP in IP tunneling - https://en.wikipedia.org/wiki/IP_in_IP

Here is an extensive Youtube video of mine on the same with a deeper insight on the same with some live packet analysis:

I would also recommend this below Youtube video episode of mine shot long ago before I published my earlier video. In which I discussed overall VPN architecture, design possibilities and compared the architecture with live real-world examples:

Also recommend to watch:


Featured Video:



Suggested Topics:


☆ Tutorials :: Arduino UNO Projects ↗


☆ Tutorials :: Network Software Development ↗


☆ Tutorials :: Research and Projects ↗


☆ Tutorials :: Linux (user-space), Systems Architecture ↗


☆ Tutorials :: Linux Kernel Software Development ↗


☆ Tutorials :: Linux Kernel Internals (PDFs) - by Ramin Farajpour ↗


☆ Tutorials :: Software Development (Programming) Tools ↗


☆ Tutorials :: Embedded Projects ↗

Join The Linux Channel :: Facebook Group ↗

Visit The Linux Channel :: on Youtube ↗


💗 Help shape the future: Sponsor/Donate


Recommended Topics:
Featured Video:
Watch on Youtube - x20f Code with Kiran - Live Coding | Linux Kernel Programming | Kernel Libraries | Part 1 ↗

Multi-Client TCP Server with pthreads Mutex Synchronized - Code-walk of viewer code - Sekhar Pariga ↗
Monday' 28-Sep-2020
Here is a code-walk of a git-hub source submitted by a viewer Sekhar Pariga, which is a Multi-client TCP Server with pthreads Mutex synchronized. Basically it is a Directory Listing Server, that serves ls, cd, pwd of directory functions to connecting TCP clients which are remotely (locally) executed by the server. Server is implemented using multi-thread pthread library, to serve multiple clients simultaneously. Server keeps the each accepted client session details in the queue data structure. Client session queue contains each clients socket-fd and present working directory as a queue node.

Adding your own Kernel Modules into Linux Kernel Source | Linux Kernel Programming ↗
Monday' 28-Sep-2020
Whenever you do custom kernel modules, you can optionally make it a part of existing Linux Kernel source. This does not mean you are submitting your kernel module to the mainline kernel source (i.e kernel.org Linux Kernel Foundation). What I meant is, you can make your kernel module(s) part of Linux Kernel source so that when you compile your kernel you can automatically compile your kernel module(s) too. As well when you create/modify kernel .config configuration file (such as via make menuconfig, etc), you can enable or disable your kernel module(s) too.
To do the same you have to register (and include) your custom Kernel Module's Kconfig and Makefile to the existing Kconfig and Makefile of the Linux Kernel source Here is a detailed multi-episode video of mine which gives the overall idea and the big-picture.

Roadmap - How to become Linux Kernel Developer - Device Drivers Programmer and a Systems Software Expert ↗
Monday' 28-Sep-2020
Many viewers and even sometimes my students ask me how I can become a kernel programmer or just device driver developer and so on. So I shot this video (and an add-on video) where I summarized steps and a roadmap to become a full-fledged Linux Kernel Developer.

Weekly News Digest - Week 03 - July 2020 ↗
Monday' 28-Sep-2020
The Linux Channel :: Weekly News Digest - Week 03 - July 2020
> Linux founder tells Intel to stop inventing 'magic instructions' and 'start fixing real problems'
> QNAP launches its first 2.5GbE network switch - QSW-1105-5T
> Japan's ARM-based Fugaku is the world's fastest supercomputer
> FreeBSD Back To Seeing Progress On 802.11ac WiFi Support, Ath10k Driver
> Sparkfun Launches the ZED-F9R GPS Dead Reckoning Raspberry Pi pHAT for Mobile Robots
> ODROID-N2 Plus SBC Gets Amlogic S922X Rev. C Processor Clocked at up to 2.4 GHz
> Rock Pi E SBC Comes with WiFi, Bluetooth, Two Ethernet Ports, and Optional PoE

Nmap Network Scanning ↗
Monday' 28-Sep-2020

Slow RGB Fade via Arduino UNO ↗
Monday' 28-Sep-2020

PHP installation ↗
Monday' 28-Sep-2020

Layer-2 (L2) Multicast Frame Deep Analysis ↗
Monday' 28-Sep-2020

Management ↗
Monday' 28-Sep-2020

IP-in-IP Tunneling Demystified - VPN Tunnels ↗
Monday' 28-Sep-2020
There can be many ways one can architect VPN Networks. The end objective is to tunnel private IP (typically LAN subnets) within public IP Networks (such as Internet). You can establish such a tunnel in various creative ways, such as Transport Mode, Tunnel Mode, IP-in-IP tunneling, etc. Also you can choose any transport layer protocol of your choice such as send VPN traffic via TCP, or via UDP and so on.


Trending Video:
Watch on Youtube - x20f Code with Kiran - Live Coding | Linux Kernel Programming | Kernel Libraries | Part 1 ↗

Online Course - Linux TUN/TAP virtual network interfaces ↗
Monday' 28-Sep-2020



Recommended Video:
Watch on Youtube - x20f Code with Kiran - Live Coding | Linux Kernel Programming | Kernel Libraries | Part 1 ↗