Skip to main content

MKTUN Module Overview

MKTUN Overview

MKTUN is a module used to manage tunnel configurations on AIX systems. It allows for the creation, activation, deactivation, and removal of tunnels. The module can also export and import tunnel definitions, supporting both IPv4 and IPv6 tunnels. It requires AIX version 7.1 TL3 or higher and Python 3.6 or higher. Additionally, it requires a privileged user with specific authorizations.

Commands Used in MKTUN

The module uses various commands to perform its operations:

  • gentun: Creates tunnel definitions.
  • lstun: Lists tunnel definitions from the tunnel database.
  • mktun: Manages tunnel configurations.
  • rmtun: Removes tunnel configurations.
  • exptun: Exports tunnel definitions.
  • imptun: Imports tunnel definitions.

Main Functions

There are several main functions in this module, including gentun, lstun, make_devices, and main. We will dive into gentun and lstun.

gentun

The gentun function creates a manual tunnel definition in the tunnel database and returns the tunnel ID. It constructs a command using various tunnel options and executes it. If the command fails, it logs the error and fails the module execution.

def gentun(module, vopt, tun):
    """
    Create the manual tunnel definition in the tunnel database
    with gentun and return the tunnel id.
    """
    cmd = [gentun_path, vopt, '-t', 'manual', '-s',
           tun['src']['address'], '-d', tun['dst']['address']]

    # gentun options that use lowercase letters for source and uppercase for destination
    gentun_opts = {
        'ah_algo': '-a',
        'enc_mac_algo': '-b',
        'enc_mac_key': '-c',
        'esp_algo': '-e',
        'ah_key': '-h',
        'esp_key': '-k',
        'esp_spi': '-n',
        'ah_spi': '-u'
    }
    for key, opt in gentun_opts.items():
        if tun['src'][key]:

lstun

The lstun function lists manual tunnel definitions from the tunnel database. It constructs a command to retrieve tunnel definitions and parses the output to build a dictionary of tunnel information. If the command fails, it logs the error and fails the module execution.

def lstun(module):
    """
    List manual tunnel definitions from tunnel database.

    Fields returned by lstun -O for manual tunnels:
        tunnel|source|dest|policy|dpolicy|mask|fw|emode|tunlife|
        sspia|dspia|aalgo|daalgo|sakey|dakey|
        sspie|dspie|ealgo|dealgo|sekey|dekey|
        eaalgo|deaalgo|seakey|deakey|
        replay|header
    """
    tunnels = {}
    for version in ['ipv4', 'ipv6']:
        tunnels[version] = {}

        vopt = '-v4' if version != 'ipv6' else '-v6'

        # List tunnel definitions in tunnel database
        cmd = [lstun_path, vopt, '-p', 'manual', '-O']
        rc, stdout, stderr = module.run_command(cmd)

Example Usage of MKTUN

This example demonstrates how to create and activate a manual IPv4 tunnel using the MKTUN module. The source and destination addresses, authentication and encryption algorithms, and other tunnel parameters are specified.

Example of creating and activating a manual IPv4 tunnel using the MKTUN module.

- name: Create and activate a manual IPv4 tunnel
  mktun:
    manual:
      ipv4:
        - src:
            address: 10.10.11.72
            ah_algo: HMAC_MD5
            esp_algo: DES_CBC_8
          dst:
            address: 10.10.11.98
            esp_spi: 12345

 

This is an auto-generated document by Swimm 🌊 and has not yet been verified by a human