<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Newbie CIPE Questions
From: Josef Drexler <jdrexler,AT,josefsbox,DOT,cjb,DOT,net>
Date: Thu, 13 Dec 2001 22:43:37 +0100
In-reply-to: <Pine.LNX.4.33.0112131608060.17875-100000@rneily.dyndns.org>

On Thu, 13 Dec 2001, Ryan Neily wrote:

> I am very new to CIPE, and I have the following questions:
> 1) Is it possible to have CIPE run of TCP ports instead of UDP ports?  (In
> my environment, UDP in from the Internet is NOT allowed)

That is neither possible nor a good idea, for the reason please read

It is however possible to do this by running pppd over ssh.  There are
many documents on the net that describe how to do this.

Your best bet is to try and talk to your firewall admin and ask for a
specific port from a specific host to be allowed through.

> 2) With the CIPE connection up and running, and the proper routing rules,
> will both UDP and TCP traffic be passed through the CIPE VPN tunnel?

All IP traffic will be tunneled, including UDP and TCP.

> 3) In a star configuration, with many CIPE clients connecting to a CIPE
> server, what is a good start for 6 concurrent connections from remote
> networks?  Is CIPE a good VPN solution for this big of a VPN?  What type
> of hardware are we talking on the server side to keep up with this task?

I have no idea about this.  I would imagine that you don't need a lot of
hardware (a low-speed pentium should be fine unless you have a huge amount
of traffic).

> 4) What kind of overhead does the CIPE protocol take away from the actual
> traffic?

It increases the size of every packet by 45 to 52 bytes (the tunneled
UDP/IP header and the encryption IV and P values).  Whether or not this
makes a difference depends on what kind of traffic you have, but unless
you have lots of very small packets it should not matter.

Additionally there are some control messages like key negotiation, but
those are negligible.

   Josef Drexler                 |    http://publish.uwo.ca/~jdrexler/
 Please help Conserve Gravity    | Email address is *valid*.
 Use tape&glue, no paperweights  | Don't remove the "nospam" part.

<< | Thread Index | >> ]    [ << | Date Index | >> ]