Welcome & Horas !!!!

There are 3 kinds of tunnels in Linux. There's IP in IP tunneling, GRE tunneling and tunnels that live outside the kernel (like, for example PPTP)

• A few general remarks about tunnels:

Tunnels can be used to do some very unusual and very cool stuff. They can also make things go horribly wrong when you don't configure them right. Don't point your default route to a tunnel device unless you know  EXACTLY what you are doing :−). Furthermore, tunneling increases overhead, because it needs an extra set of IP headers. Typically this is 20 bytes per packet, so if the normal packet size (MTU) on a network is 1500 bytes, a packet that is sent through a tunnel can only be 1480 bytes big. This is not necessarily a problem, but be sure to read up on IP packet fragmentation/reassembly when you plan to connect large networks with tunnels. Oh, and of course, the fastest way to dig a tunnel is to dig at both sides.

•  IP in IP tunneling

This kind of tunneling has been available in Linux for a long time. It requires 2 kernel modules, ipip.o and new_tunnel.o.

Let's say you have 3 networks: Internal networks A and B, and intermediate network C (or let's say, Internet). So we have network A:

network 10.0.1.0

netmask 255.255.255.0

The router has address 172.16.17.18 on network C.

and network B:

network 10.0.2.0

netmask 255.255.255.0

router 10.0.2.1

The router has address 172.19.20.21 on network C.

As far as network C is concerned, we assume that it will pass any packet sent from A to B and vice versa. You might even use the Internet for this.

Here's what you do:

First, make sure the modules are installed:

insmod ipip.o

insmod new_tunnel.o

Then, on the router of network A, you do the following

ifconfig tunl0 10.0.1.1 pointopoint 172.19.20.21

route add -net 10.0.2.0 netmask 255.255.255.0 dev tunl0

And on the router of network B:

ifconfig tunl0 10.0.2.1 pointopoint 172.16.17.18

route add -net 10.0.1.0 netmask 255.255.255.0 dev tunl0

And if you're finished with your tunnel:

ifconfig tunl0 down

Presto, you're done. You can't forward broadcast or IPv6 traffic through an IP−in−IP tunnel, though. You just connect 2 IPv4 networks that normally wouldn't be able to talk to each other, that's all. As far as compatibility goes, this code has been around a long time, so it's compatible all the way back to 1.3 kernels. Linux IP−in−IP tunneling doesn't work with other Operating Systems or routers, as far as I know. It's simple, it works. Use it if you have to, otherwise use GRE.

• GRE tunneling

GRE is a tunneling protocol that was originally developed by Cisco, and it can do a few more things than IP−in−IP tunneling. For example, you can also transport multicast traffic and IPv6 through a GRE tunnel.

Let's do IPv4 tunneling first:

Say you have 3 networks: Internal networks A and B, and intermediate network C (or let's say, Internet).

So we have network A:

network 10.0.1.0

netmask 255.255.255.0

router 10.0.1.1

The router has address 172.16.17.18 on network C. Let's call this network neta (ok, hardly original)

and network B:

network 10.0.2.0

netmask 255.255.255.0

router 10.0.2.1

The router has address 172.19.20.21 on network C. Let's call this network netb (still not original)

As far as network C is concerned, we assume that it will pass any packet sent from A to B and vice versa. How and why, we do not care.

On the router of network A, you do the following:

ip tunnel add netb mode gre remote 172.19.20.21 local 172.16.17.18 ttl 255

ip link set netb up

ip addr add 10.0.1.1 dev netb

ip route add 10.0.2.0/24 dev netb

In line 1, we added a tunnel device, and called it netb (which is kind of obvious because that's where we want it to go). Furthermore we told it to use the GRE protocol (mode gre), that the remote address is 172.19.20.21 (the router at the other end), that our tunneling packets should originate from 172.16.17.18 (which allows your router to have several IP addresses on network C and let you decide which one to use for tunneling) and that the TTL field of the packet should be set to 255 (ttl 255).

The second line enables the device.

In the third line we gave the newly born interface netb the address 10.0.1.1. This is OK for smaller networks, but when you're starting up a mining expedition (LOTS of tunnels), you might want to consider using another IP range for tunneling interfaces (in this example, you could use 10.0.3.0).

In the fourth line we set the route for network B. Note the different notation for the netmask. If you're not  familiar with this notation, here's how it works: you write out the netmask in binary form, and you count all the ones. If you don't know how to do that, just remember that 255.0.0.0 is /8, 255.255.0.0 is /16 and 255.255.255.0 is /24. Oh, and 255.255.254.0 is /23, in case you were wondering.

But enough about this, let's go on with the router of network B.

ip tunnel add neta mode gre remote 172.16.17.18 local 172.19.20.21 ttl 255

ip link set neta up

ip addr add 10.0.2.1 dev neta

ip route add 10.0.1.0/24 dev neta

And when you want to remove the tunnel on router A:

ip link set netb down

ip tunnel del netb

Of course, you can replace netb with neta for router B.  

• IPv6 Tunneling

See Section 6 for a short bit about IPv6 Addresses.

On with the tunnels.

Network 3ffe:406:5:1:5:a:2:1/96

Your IPv4 address is 172.16.17.18, and the 6bone router has IPv4 address 172.22.23.24.

ip tunnel add sixbone mode sit remote 172.22.23.24 local 172.16.17.18 ttl 255

ip link set sixbone up

ip addr add 3ffe:406:5:1:5:a:2:1/96 dev sixbone

ip route add 3ffe::/15 dev sixbone

In the first line, we created a tunnel device called sixbone. We gave it mode sit (which is IPv6 in IPv4 tunneling) and told it where to go to (remote) and where to come from (local). TTL is set to maximum, 255. Next, we made the device active (up). After that, we added our own network address, and set a route for 3ffe::/15 (which is currently all of 6bone) through the tunnel.

GRE tunnels are currently the preferred type of tunneling. It's a standard that is also widely adopted outside the Linux community and therefore a Good Thing.

This Script how to send an backup of the Mikrotik Via email and can be use also to backup the RouterOS and the configuration on the Mikrotik Wirelless.

 /system script add name=e-backup source={
  /system backup save name=email
  /tool e-mail send \
    to="abc@kkk.ggg.com" server="xxx.xxx.xxx.xxx" \
    subject=([/system identity get name] . "Backup") \
    file=email.backup
  }

After that you must set the schedule when th backup will do and send it to your email...

/system scheduler add interval=7d name="email-backup" on-event=e-backup

This is the Script for mikrotik for collect data on transmit and receive on the interface and send the data to the email.

/system script add name="record" source={
  :global tmp
  :global tx
  :global rx
  :foreach i in [/interface find] do={
    /interface monitor-traffic $i once do={
      :set tx ($sent-bits-per-second/1048576)
      :set rx ($received-bits-per-second/1048576)
      :if ([/system scheduler get record run-count]=1) do={
        :global ttx
        :set ttx $tx
        :global trx
        :set trx $rx
        }
      :if ($tx>$ttx) do={
        /tool e-mail send subject="Script message" \
          to=abc@kkk.ggg.com \
          server="xxx.xxx.xxx.xxx" \
          body=("The transmission traffic on " . \
          [/interface get $i name] . " got up to " . $tx . "Mbps")
        :set ttx $tx
        }
      :if ($rx>$trx) do={
        /tool e-mail send subject="Script message" \
          to=abc@kkk.ggg.com \
          server="xxx.xxx.xxx.xxx" \
          body=("The receiving traffic on " . \
          [/interface get $i name] . " got up to " . $rx . "Mbps")
        :set trx $rx
        }
      }
    }
  }

Router>enable

Password:

Password:

Password:

% Bad secrets

Router>show version

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)

Copyright (c) 1986-1999 by cisco Systems, Inc.

Compiled Tue 07-Dec-99 02:21 by phanguye

Image text-base: 0x80008088, data-base: 0x80C524F8

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes

System returned to ROM by abort at PC 0x802D0B60

System image file is "flash:c2600-is-mz.120-7.T"

cisco 2611 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of memory.

Processor board ID JAB031202NK (3878188963)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

Basic Rate ISDN software, Version 1.1.

2 Ethernet/IEEE 802.3 interface(s)

2 Serial(sync/async) network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash partition 1 (Read/Write)

8192K bytes of processor board System flash partition 2 (Read/Write)

Configuration register is 0x2102

Router>

!--- The router was just powercycled, and during bootup a

!--- break sequence was sent to the router.

!

*** System received an abort due to Break Key ***

signal= 0x3, code= 0x500, context= 0x813ac158

PC = 0x802d0b60, Vector = 0x500, SP = 0x80006030

rommon 1 > confreg 0x2142

You must reset or power cycle for new config to take effect

rommon 2 > reset

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Copyright (c) 1999 by cisco Systems, Inc.

TAC:Home:SW:IOS:Specials for info

C2600 platform with 32768 Kbytes of main memory

program load complete, entry point: 0x80008000, size: 0x6fdb4c

Self decompressing the image : ###############################

##############################################################

##############################################################

##############################################################

############################### [OK]

 Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

 cisco Systems, Inc.

 170 West Tasman Drive

 San Jose, California 95134-1706

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)

Copyright (c) 1986-1999 by cisco Systems, Inc.

Compiled Tue 07-Dec-99 02:21 by phanguye

Image text-base: 0x80008088, data-base: 0x80C524F8

cisco 2611 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of memory.

Processor board ID JAB031202NK (3878188963)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

Basic Rate ISDN software, Version 1.1.

2 Ethernet/IEEE 802.3 interface(s)

2 Serial(sync/async) network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash partition 1 (Read/Write)

8192K bytes of processor board System flash partition 2 (Read/Write)

 --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

00:00:19: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up

00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up

00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up

00:00:19: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down

00:00:19: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down

00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0,

changed state to down

00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,

 changed state to up

Router>

00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1,

changed state to up

00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0,

changed state to down

00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1,

changed state to down

00:00:50: %SYS-5-RESTART: System restarted --

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)

Copyright (c) 1986-1999 by cisco Systems, Inc.

Compiled Tue 07-Dec-99 02:21 by phanguye

00:00:50: %LINK-5-CHANGED: Interface BRI0/0,

changed state to administratively down

00:00:52: %LINK-5-CHANGED: Interface Ethernet0/0,

changed state to administratively down

00:00:52: %LINK-5-CHANGED: Interface Serial0/0,

changed state to administratively down

00:00:52: %LINK-5-CHANGED: Interface Ethernet0/1,

changed state to administratively down

00:00:52: %LINK-5-CHANGED: Interface Serial0/1,

changed state to administratively down

00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,

changed state to down

00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1,

changed state to down

Router>

Router>enable

Router#copy startup-config running-config

Destination filename [running-config]?

1324 bytes copied in 2.35 secs (662 bytes/sec)

Router#

00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1,

changed state to down

00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:2,

changed state to down

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#enable secret < password>

Router(config)#^Z

00:01:54: %SYS-5-CONFIG_I: Configured from console by console

Router#show ip interface brief

Interface   IP-Address        OK?  Method     Status                   Protocol

Ethernet0/0 10.200.40.37      YES  TFTP       administratively down    down

Serial0/0   unassigned        YES  TFTP       administratively down    down

BRI0/0      193.251.121.157   YES  unset      administratively down    down

BRI0/0:1    unassigned        YES  unset      administratively down    down

BRI0/0:2    unassigned        YES  unset      administratively down    down

Ethernet0/1 unassigned        YES  TFTP       administratively down    down

Serial0/1   unassigned        YES  TFTP       administratively down    down

Loopback0   193.251.121.157   YES  TFTP       up                       up

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#interface Ethernet0/0

Router(config-if)#no shutdown

Router(config-if)#

00:02:14: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up

00:02:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,

changed state to up

Router(config-if)#interface BRI0/0

Router(config-if)#no shutdown

Router(config-if)#

00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down

00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to down

00:02:26: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up

00:02:115964116991: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0,

TEI 68 changed to up

Router(config-if)#^Z

Router#

00:02:35: %SYS-5-CONFIG_I: Configured from console by console

Router#copy running-config startup-config

Destination filename [startup-config]?

Building configuration...

[OK]

Router#show version

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)

Copyright (c) 1986-1999 by cisco Systems, Inc.

Compiled Tue 07-Dec-99 02:21 by phanguye

Image text-base: 0x80008088, data-base: 0x80C524F8

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes

System returned to ROM by abort at PC 0x802D0B60

System image file is "flash:c2600-is-mz.120-7.T"

cisco 2611 (MPC860) processor (revision 0x202)

with 26624K/6144K bytes of memory.

Processor board ID JAB031202NK (3878188963)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

Basic Rate ISDN software, Version 1.1.

2 Ethernet/IEEE 802.3 interface(s)

2 Serial(sync/async) network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash partition 1 (Read/Write)

8192K bytes of processor board System flash partition 2 (Read/Write)

Configuration register is 0x2142

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#config-register 0x2102

Router(config)#^Z

00:03:20: %SYS-5-CONFIG_I: Configured from console by console

Router#show version

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)

Copyright (c) 1986-1999 by cisco Systems, Inc.

Compiled Tue 07-Dec-99 02:21 by phanguye

Image text-base: 0x80008088, data-base: 0x80C524F8

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes

System returned to ROM by abort at PC 0x802D0B60

System image file is "flash:c2600-is-mz.120-7.T"

cisco 2611 (MPC860) processor (revision 0x202)

with 26624K/6144K bytes of memory.

Processor board ID JAB031202NK (3878188963)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

Basic Rate ISDN software, Version 1.1.

2 Ethernet/IEEE 802.3 interface(s)

2 Serial(sync/async) network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash partition 1 (Read/Write)

8192K bytes of processor board System flash partition 2 (Read/Write)

Configuration register is 0x2142 (will be 0x2102 at next reload)

Router#

(from Cisco page...it's works great thx)

Follow these steps in order to recover your password:

1. Attach a terminal or PC with terminal emulation to the console port of the router.

   Use these terminal settings:

   • 9600 baud rate

   • No parity

   • 8 data bits

   • 1 stop bit

   • No flow control

2. If you can access the router, type show version at the prompt, and record the configuration register setting.

   Note: The configuration register is usually set to 0x2102 or 0x102. If you can no longer access the router (because of a lost login or TACACS password), you can safely assume that your configuration register is set to 0x2102.

3. Use the power switch in order to turn off the router, and then turn the router back on.

   Important Notes:

   • In order to simulate this step on a Cisco 6400, pull out and then plug in the Node Route Processor (NRP) or Node Switch Processor (NSP) card.

   • In order to simulate this step on a Cisco 6x00 with NI-2, pull out and then plug in the NI-2 card.

4. Press Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON.

5. Type confreg 0x2142 at the rommon 1> prompt in order to boot from Flash.

   This step bypasses the startup configuration where the passwords are stored.

6. Type reset at the rommon 2> prompt.

   The router reboots, but ignores the saved configuration.

7. Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure.

8. Type enable at the Router> prompt.

   You are in enable mode and should see the Router# prompt.

9. Type configure memory or copy startup-config running-config in order to copy the nonvolatile RAM (NVRAM) into memory.

   Important: Do not type copy running-config startup-config or write. These commands erase your startup configuration.

10. Type show running-config.

    The show running-config command shows the configuration of the router. In this configuration, the shutdown command appears under all interfaces, which indicates all interfaces are currently shut down. In addition, the passwords (enable password, enable secret, vty, console passwords) are in either an encrypted or unencrypted format. You can reuse unencrypted passwords. You must change encrypted passwords to a new password.

11. Type configure terminal.

    The hostname(config)# prompt appears.

12. Type enable secret <password> in order to change the enable secret password. For example:

                    hostname(config)#enable secret cisco                                                              
                    
    

13. Issue the no shutdown command on every interface that you use.

    If you issue a show ip interface brief command, every interface that you want to use should display up up.

14. Type config-register <configuration_register_setting>. Where configuration_register_setting is either the value you recorded in step 2 or 0x2102 . For example:

                    hostname(config)#config-register 0x2102                                                           
                    
    

15. Press Ctrl-z or end in order to leave the configuration mode.

    The hostname# prompt appears.

16. Type write memory or copy running-config startup-config in order to commit the changes.

(from Cisco Page)