Denotes the mode for this tunnel. Basically all tunnel modes supported by Linux / iproute2 are supported as well. This includes but is not limited to gre/gretap, ip6gre/ip6gretap, ipip/ip6ip/sit.

Denotes the IP address used as the local tunnel endpoint. According to the tunnel-mode an IPv4 or IPv6 address has to be given. For compatiblity to ifupdown1 local is an alias for this option.

When the local IP address the tunnel should be established from isn't static and therefore might change (e.g. configured by DHCP or PPP) it might be desireable to just use the address configured on interface. When tunnel-local-dev is given instead of tunnel-local ifupdown-ng will try to determine the IP address set on the given interface with respect to the address family required to set up a tunnel of the given mode and use this to set up the tunnel.

Denotes the IP address used as the remote tunnel endpoint. According to the tunnel-mode an IPv4 or IPv6 address has to be given. For compatiblity to ifupdown1 endpoint is an alias for this option.

Denotes the interface the encapsulated packets should be sent out by. This comes in handy when using VRFs to denote that the local tunnel endpoint should be terminated in VRF interface or the VRF associated with interface.

Note: Depending on the mode of the tunnel either the VRF interface or the real underlay interface may have to given as interface.

Denotes the TTL value to use in outgoing packets. ttl is a number in the range 1 - 255 whereas 0 is a special value meaning that packets inherit the TTL value. The default for IPv4 tunnels is to inherit the TTL, for IPv6 tunnels it's 64. For compatiblity to ifupdown1 ttl is an alias for this option.

Denotes the type of secondary UDP encapsulation to use for this tunnel if any. Supported encap values are fou, gue, and none. fou indicates Foo-Over-UDP, gue indicates Generic UDP Encapsulation.

Denotes the type of secondary UDP encapsulation to use for this tunnel if any. Supported encap values are fou, gue, and none. fou indicates Foo-Over-UDP, gue indicates Generic UDP Encapsulation.

Denotes the_key to used for keyed GRE to allow multiple tunnels between the same two endpoints. key is either a number or an IPv4 address- like dotted quad. The key parameter specifies the same key to use in both directions. The tunnel-ikey and tunnel-okey parameters specify different keys for input and output. For compatiblity to ifupdown1 key is an alias for this option.

Denotes the Hop Limit value to use in outgoing packets for ip6gre/ip6gretap tunnels.

Denotes wether to enable/disable IPv4 DF suppression on this tunnel. Normally datagrams that exceed the MTU will be fragmented; the presence of the DF flag inhibits this, resulting instead in an ICMP Unreachable (Fragmentation Required) message. Enabling this attribute causes the DF flag to be ignored.

Denotes the key to used for keyed GRE for packets received. See tunnel-key for details.

Denotes the key to used for keyed GRE for packets sent out. See tunnel-key for details.

Denotes wether to enable/disable Path MTU Discovery on this tunnel. It is enabled by default. Note that a fixed ttl is incompatible with this option: tunneling with a fixed ttl always makes pmtu discovery.

Denotes the TOS value to use in outgoing packets.

auto gre0
iface gre0
	tunnel-mode gre
	tunnel-remote 198.51.100.1
	tunnel-local 203.0.113.2
	#
	address 192.0.2.42/24
	address 2001:db8::42/64

auto gre1
iface gre1
	tunnel-mode gre
	tunnel-remote 198.51.100.1
	tunnel-local-dev eth0
	#
	address 192.0.2.42/24
	address 2001:db8::42/64

auto eth0
iface eth0
	address 203.0.113.2/24
	gateway 203.0.113.1
	vrf vrf_external
auto tun-vrf
iface tun-vrf
	tunnel-mode gre
	tunnel-remote 198.51.100.1
	tunnel-local 203.0.113.2
	tunnel-physdev eth0
	#
	address 192.0.2.42/24
	address 2001:db8::42/64
auto vrf_external
iface vrf_external
	vrf-table 1023