<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: CIPE: a step-by-step example
From: Keith Smith <keith,AT,ksmith,DOT,com>
Date: Tue, 22 Jan 2002 00:12:39 +0100
In-reply-to: <9097D3905570D111947E00207810DFE1625C78@WINTRIX.thermeon.com>

Someone had asked for this and since I was putting it together for myself
as a guide, I'll pass it on for what little it may be worth.

With a lot of help from the people on this list I was able to step by
step get CIPE working.  I thought I would try and connect the dots on
some of the documentation and drive an example from start to finish.
This is by no means meant to be definitive.

CIPE: step-by-step

For this example we will have two machines wilma.bedrock.com, and
pebbles.bedrock.com.  Wilma will be the "host" site.  It should have a
statically reachable address, visible from the web.  Pebbles can be
behind a firewall, or at least a linux firewall :), masqueraded even.
(Special thanks to Duane Drake!) For this discussion wilma's "real" ip
will be 100.100.100.1.  We don't care about pebbles.

WILMA

1) On Wilma, Get and compile the source.  I had trouble with the module
on a 2.2.17 kernel.  This setup is 2.4.17 on both ends YMMV.  The kernel
source will need to be configured on the machine.

2) run ./configure, make, make install

3) Check the permissions on the /etc/cipe directory.  CIPE will quietly
not complain but not run.  I used 0700, apparently it cannot be
group/world readable.

4) Copy the ip-up and ip-down scripts from the samples directory into
/etc/cipe.

5) run ps -ax | md5sum to generate a key:

[wilma]<310>ps -ax | md5sum
59035b564be142472d8f1a278d249a3e  -

6) create your options file for pebbles, pasting in the goofy sum from
above.  Place the file in /etc/cipe/pebbles:

------------------- cut --------------------
#
# pebbles / CIPE options file
#
debug 1
device cipcb0
# My VPN Address
ipaddr          192.168.254.1
# Remote VPN Address
ptpaddr         192.168.254.2
# My IP and Port *** MUST BE STATIC ***
me              100.100.100.1:4600
# Hold tight to nowhere
peer            0.0.0.0:0
# Just stay out there, don't exit
maxerr -1
# pebbles will know this key also
key     59035b564be142472d8f1a278d249a3e
------------------- cut --------------------

*** Make sure the perms on this file are 0600 !!!

7) edit modules.conf add the following 2 lines:

alias cipcb0 cipcb
options cipcb0 -o cipcb0

8) run depmod -a

9) modprobe cipcb0

PEBBLES

10) On pebbles, repeat steps 1-4 above and get the application compiled
and installed.

11) Create your options file for wilma, pasting in the same goofy sum
from above.  Place the file in /etc/cipe/wilma:

------------------- cut --------------------
#
# wilma / CIPE options file
#
debug 1
device cipcb0
# My VPN Address
ipaddr      192.168.254.2
# Remote VPN Address
ptpaddr     192.168.254.1
# My IP and Port *** MUST BE STATIC ***
peer        100.100.100.1:4600
# We are not static
dynip       1
# Try twice to connect
maxerr      2
# Keep-alives every 10 seconds
ping        10
# wilma will know this key also
key     59035b564be142472d8f1a278d249a3e
------------------- cut --------------------

*** Make sure the perms on this file are also 0600 !!!

12) edit modules.conf add the following 2 lines:

alias cipcb0 cipcb
options cipcb0 -o cipcb0

13) run depmod -a

14) modprobe cipcb0

Now the fun.  lsmod should show cipcb0 on both machines so we will fire
it up:

15) On *Wilma* AS ROOT run:

/usr/local/sbin/ciped-cb -o /etc/cipe/pebbles

Copious output should appear, and then stop waiting.

16) On 'pebbles' AS ROOT run:

/usr/local/sbin/ciped-cb -o /etc/cipe/wilma

Again output to the max but you should start seeing the dialog on *both*
screens and the keepalive conversation.

17) Thats all there is to it.

Running ifconfig cipcb0 on both boxes should show the interfaces with
the appropriate point to point IP's.  You should be able to ping/telnet
whatever.

If it doesn't fly look in your syslog file (/var/log or wherever), along
with the screen output.

18) Hit ctrl-c on both and tear down the tunnel

remove/comment out the 'debug 1' line on both.  This will cause ciped-cb
to fork itself into the background, and get rid of all the output.  Also
you can comment out your 'ping' or set it to a higher value.

shell wrapping or inittab running is left as an excercise for the reader
:).  One should be able to put -1 for maxerrs and just let the thing
hammer away, I haven't got that far yet (yucky grammer).

-- 
Keith Smith                 keith,AT,ksmith,DOT,com
655 W Fremont Dr
Tempe AZ 85282              it's hot





<< | Thread Index | >> ]    [ << | Date Index | >> ]