Manual Page




ethtun - EtherTunnel, an Ethernet LAN-to-LAN VPN Tunnel


ethtun [ options ] start | stop | restart | status | control


EtherTunnel connects pairs of Ethernet LANs transparently from one site to another without requiring network configuration, MTU or MSS changes on any participating device. If needed, the tunnel is secured with ChaCha20-HMAC-SHA256 authentication and encryption rotating 2^32 keys and HMAC secrets from preshared random material. ethtun is the name of the EtherTunnel binary.

For further information please consult the EtherTunnel web site:

The following commands are available, all of them requiring super user / root privileges:

ethtun [ options ] start

This command starts EtherTunnel either as a Tunnel Endpoint or as a Registry depending on the configuration.

ethtun [ options ] stop

This stops a running EtherTunnel immediately.

ethtun [ options ] restart

This performs a ethtun stop operation followed by an ethtun start.

ethtun [ options ] status

This shows if EtherTunnel is running in the background or not.

ethtun [ options ] control
ethtun [ options ] ctl
ethtun [ options ] c

This command enters the EtherTunnel control CLI (ethtun ctl or ethtun c are shortcuts for convenience).

A typical ethtun control dialog may start like this:

$ sudo ethtun ctl
connected to PID 6856
ethtun - EtherTunnel 1.119 Debian12-amd64
00:15:17:7e:26:16 << H3E3 >> --:--:--:--:--:--
> help
  the following commands are available:
    a | aset           show atomic sets ("forwarding tables")
    C | configuration  show configuration as loaded
    c | counters       show atomic counters
    e | ethertypes     show ethertype counters
    f | filters        show active filters
    h | help           show this information
    i | interfaces     show interfaces
    L | license        show licensing information
    l | log            show current log
    r | release        show release
    S | startuplog     show startup log
    s | status         show general status
        stop           stop immediately
  type EOF to exit.
00:15:17:7e:26:16 << H3E3 >> --:--:--:--:--:--



Shows the EtherTunnel specific machine ID, everything else is ignored. On Linux this application specific machine ID is derived (“hashed”) from /etc/machine-id with SHA-256, on macOS the MAC address of interface en1 is used instead as an unique input identifier.

-c config-file

Specifies to load a specific configuration file instead of /etc/ethtun.conf. This is effective for ethtun start and ethtun restart and ignored otherwise.

-s interface

Scans the Ethernet LAN connected to the specified interface for other active EtherTunnel endpoints. Everything else is ignored.

Such a scanning dialog could look like this:

$ sudo ethtun -s en1
scanning on en1 (00:3e:e1:c0:f0:9c) ... done:
one active EtherTunnel endpoint found.


Shows a brief usage information, everything else is ignored.


Enables debug mode, an invocation that would operate otherways in background stays in foreground connected to the controlling TTY.


Outputs release and subrelease on stdout, everything else is ignored.


ethtun exits with value 0 (EXIT_SUCCESS) on success, and with EXIT_FAILURE otherwise.


$ sudo ethtun start
$ sudo ethtun stop

Copyright (C) 2024 by Inlab Networks, Gruenwald, Germany. All rights reserved.