<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: CIPE source code modifications
From: Carsten Emde <ce,AT,ceag,DOT,ch>
Date: Mon, 24 Mar 2003 23:56:13 +0100
In-reply-to: <3E62A96A.9080905@ceag.ch>


During the last couple of days, we have installed Windows CIPE VPN 
clients at two sites each of 10 users per server. After the installation 
was finished, everything worked quite well - no problems so far.

We had a minor problem to get DNS of the VPN network right, but these 
were the usual Windows quirks. We found out that reverse IP must be 
setup and Windows wants the DNS suffixes to be specified at the 
interface section and not at the global TCPIP/Parameter section. 
Thereafter, we were even able to connect to a network share using the 
server name without the suffix (e.g. "\\HOST\share").

However, we found our 2.0.pre-15.wa-12 CIPE panel still not powerful 
enough to permit a fast and straight-forward installation of this number 
of client systems. Although I liked your proposal to load the key from a 
file ("file:/a:\statickey.txt"), I am now thinking that we should be 
able to load (and save) all settings of a peer including a list of host 
and network target addresses that require individual routes. This makes 
it possible to distribute a disk with the CIPE client software and a 
(possibly automatically generated) configuration file that even the 
unexperienced Windows user can install.

I have now finished cipe-2.0.pre-15.wa-15 that has all these features 
enabled. Our first tests show that it is now, in fact, possible to 
safely install a Windows CIPE client with a couple of clicks. You may 
download this version from


and check it out. The sources are here:


The syntax of the configuration file is exactly the same as on the Linux 
side, and Windows and Linux line delimiters are accepted so the Linux 
/etc/sysconfig/network-scripts configuration file can be used to 
configure the related Windows client without any change. Additional 
information can be stored using the keywords (not case sensitive) KEY, 
CIPHER, TIMEOUT, TARGETS, UP, DOWN - but this information, namely the 
key, can also reside in a different file. Space (' ') or equal sign 
('=') are accepted between keyword and value so that the syntax used in 
the /etc/cipe/options.* file is also understood.

These are the most recent changelog entries:

#13 03/22/03  cbe
Added "Load", "Load Remote" and "Save" buttons to load a local and a
remote peer configuration from file, and to save the current peer
configuration to a local file, respectively. Fixed a problem of the
hostname verification that prevented not fully qualified host names
from being successfully verified.

#14 03/24/03  cbe
Removed the "Load Remote" button and implemented automatic recognition
of the settings file (based on the local PTP address). Added a new edit
field to specify additional targets that will be included in the
automatically generated routing script. At the end of the "Load"
procedure, the routing script will be generated and saved, if the name
of the startup script file and a target list are provided. The target
list may contain IP addresses of hosts or networks. If a non-standard
mask is used, it may be specified using the a.b.c.d/m.n.o.p notation.
The usual white space delimiters (space, comma, colon etc.) are
recognized to separate the various list elements from each other. If a
key was specified, a dialog is started to optionally encrypt the key
when it is written to the registry. If the CIPE panel is started but the
local PTP address is not yet set, a message is displayed and the dialog
will quit.

#15 03/24/03  cbe
Added verification step when a new passphrase is entered.


<< | Thread Index | >> ]    [ << | Date Index | >> ]