Re: CIPE for Windows 2K|
"Damion K. Wilson" <dkw,AT,rcm,DOT,bm>|
Thu, 15 Mar 2001 22:59:16 +0100|
Gee, I thought with a title like "Internet Consultant", you'd at least have
written some Perl code or something !
The static key is simply a 128 bit number given as 16 hexadecimal digits
These "static" keys are used to encrypt the initial communication between
the peers. They must be identical for each pair of hosts. You can generate
the 128 bit value any way you like but you must type it in in hex.
There is a slight conceptual difference between the two setups, this having
to do more with how Windows wants its network interfaces setup. On Linux, a
single adapter instance is setup for each peer on the fly. Windows prefers
an interface to exist at boot unless it's a RAS device (and even then it
still invisibly exists). Also, Linux CIPE has a process to handle each
peer. On Windows, too many processes is a no no, so I handle everything in
one "service". Because of these two factors, I let a single adapter handle
whichever peers the subnet mask allows.
This requires that you setup zero or more peers per adapter, and thus, the
user interface. All that aside, the peer configuration information in
CIPE-Win32 is the same as that found in an options-cipcb[n] in CIPE.
*********** REPLY SEPARATOR ***********
On 3/15/01 at 3:00 PM Tim Kowalsky wrote:
>I'm not a programmer, but if I can get this up and running I'd be happy to
>write up the details of how it worked. I'd certainly be happy to run it
>through it's paces because our company has been looking for a VPN solution
>that wouldn't require buying new routers or expensive hardware to put
>existing routers that wouldn't do anything except add VPN capability.
>My questions at this point are pretty basic (you did a good job of making
>the interface simple).
>Do I need to generate the key somewhere/how? (If so... ?)
>Does the key need to be the same on both ends? (How does that part work?)
>Once I've entered the key on each end and told each end to look for the
>other on the correct port, should I be all set?
>The difficulty with trying to go from the Linux CIPE documentation to your
>Win32 port (from my perspective) is that the interface on your end looks
>much simpler to setup than all the options that are discussed in the Linux
>docs for CIPE. It doesn't even look like the same program anymore
>I'm not sure that's a bad thing.)