bash nmcli create ssh tunnel ?

all without gui.

from my home:
Leap15.3 ( behind the nat )
to remote
Centos 7 ( , thi is exampl Public IP)

how to configure ssh tunnel to remote server from command line?

this is my steps:

  • configure /etc/ssh/sshd_conf on both
  • from Leap:
    ssh -w5:5 root@
  • after this on the remote Centos7 i can:
    ifconfig tun5
    (it’s - OK)
    ifconfig tun5 pointopoint
    ifup tun5
    (it’s -OK)

But - Leap without ifconfig ( only ip and nmcli )
How i can create/configure from nmcli ssh tunnel ?
Where i can read example or how to ?


to get ifconfig

sudo zypper in net-tools-depreciated

or learn the new ip command that replaced ifconfig for no good reason.


Is this a joke or a sad reality?

Just reality, ip tools going forward, like many other ones.

My personal impression.

They (whoever they are) thought it was eminent to go forward (do not know exactly in what expect). But instead of keeping to the good old GNU way of building upwards compatible upon what was already there, they decided to go for a new user interface.

Please remind that the “old” tools were “the good old GNU way” because they had the same interface and features (after backward engineering and writing it in different code) as the much older Unix variants of these tools. It is the basic idea behind GNU Linux: make something where one sees no difference with the Unix tools/OS.

Please also remind that deprecating these tools will make obsolete may scripts of many people that exist many years and that are based on using these tools. Indeed something of a sad reality.

in my Leap15.3 :

sudo su
ip a

and i see

8: tun5: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 500

it’s - ok.


nmcli con show

and result:
can’t see tun5 device ;(


ip address add dev tun5 peer
ip  link set dev tun5 up

After this(on both side “MyLeap” and “RemoteCentos7” ) allow INPUT and OUTPUT on tun5.
And all work.

+1 !
I agree with you

new and improved is not always better!!!

People left Microsoft because they kept making “new and improved” without fixing anything (2000, Vista, 8, 8.1, 11) Windows NT was NCR’s Lan Manager with Microsoft Windows as it’s GUI instead of Unix’s X - NCR could not sell anything software wise - if they sold sushi, the door would say “Cold Dead Fish served here”. NCR had Topend, Cooperation (given to Microsoft and renamed Object Embedding and Linking) to name a couple that I supported.

Does anyone use any new office extensions that were not in Office 97? Not me. Maybe some businesses might have a use.

Linux is heading for the same “new and improved” in my opinion. - the last real “new and improved” in Unix was streams (which broke the ethernet drivers I wrote in 1980 as part of the ethernet development consortium, for Convergent Technologies (Raytheon Data Systems rep). Bob Metcalfe is probably laughing about these improvements in “open source code” - this is exactly why he said open source will fail - too many changes that are not needed.)

Me - I used UNIX since 1973 (took to 1974 before it did anything other than use CPU cycles on the Universities PDP11 - 64K ram and 10 mb disk - and a Teletype for a console). The core instructions (programs) worked the same on all flavors. New file systems were created to match new technology. Knowing how to backup and restore was a given. Unix was like owning a car in 1900 - you had to be the mechanic and the driver.

Ironically, TCP/IP was on of many Ethernet protocols - XNS was Xerox’s, Uncle Sam had one OSI. Uncle Sam also created the POSIX standard at the same time as OSI - you had to do POSIX and OSI to sell to the Government. Unix was POSIX as is Linux. (It is said the the POS in POSIX stood for Post Office Standard and not for Portable Operating System as the first RFP’s were from the US Postal Service).

OSI fatal flaw was it could not route, XNS need 4MB of ram when computers has 128K of ram - Cisco Routers made all but TCP/IP impractical.

The Arpa Net decreed TCP/IP in 1981 and went 100% TCP/IP in 1983. I was busy updating computers at US Military Bases and configuring Thick Ethernet at that time. OSI that the Pentagon wanted lasted about 5 days when they said go back to TCP/IP. (Thick Ethernet cable had ringing issues and had to be tapped at specific intervals and could not be bent but so far or it would break, Thin Ethernet rapidly replace Thick Ethernet when card makers discovered they could sense how long the cable was and change the harmonics dynamically to compensate. Same thing was done for Twisted Pair Ethernet.

Sorry - did not mean to hijack this.

Please let us stay on-topic for the benefit of the OP.
(Yes, I know, I also contributed to this ChitChat).

Yes !
I/O registers and memory all in the same address space, efficient interrupt handling system. RT11, Assembler MACRO-11, 01ssdd ,…

To set up a tunnel using iproute2 see

I think it is not possible to use the NetworkManager as is to set up such a (simple) tunnel.

I would first create a script to set the tunnel and then use that as dispatcher script.