Re: CIPE source code modifications|
"Damion K. Wilson" <dwilson,AT,ibl,DOT,bm>|
Tue, 25 Mar 2003 02:49:43 +0100|
I'm just now sorting out how to setup cipsrvr.exe to support a control
protocol instead of reading the registry itself. This way it may run and know
only that certain adapters exist but not how they are supposed to run until
an external application tells it too. I'm decidedly not in favor of using a
configuration file like on Linux, I didn't even really like using the
registry, though that's where the adapter information is. Are you reading the
config files and loading them into the registry, or have you hacked
cipsrvr.exe to read them ? Let me know, because if you are doing the former,
it'll be easier to integrate later.
The protocol approach also will allow individual links to be started and
stopped and configured on the fly. I also intend to use an encrypted Berkeley
DB as the storage for the configuration info as the registry replacement. The
manager application (or whatever had the right password) could then read the
database and then provide that info to the running cipsrvr.
Let me know what you guys think about all this. It's a major change in the
operation of the cipsrvr.
On Monday 24 March 2003 06:34 pm, Carsten Emde wrote:
> During the last couple of days, we have installed Windows CIPE VPN
> clients at two sites each of 10 users per server. After the installation
> was finished, everything worked quite well - no problems so far.
> We had a minor problem to get DNS of the VPN network right, but these
> were the usual Windows quirks. We found out that reverse IP must be
> setup and Windows wants the DNS suffixes to be specified at the
> interface section and not at the global TCPIP/Parameter section.
> Thereafter, we were even able to connect to a network share using the
> server name without the suffix (e.g. "\\HOST\share").
> However, we found our 2.0.pre-15.wa-12 CIPE panel still not powerful
> enough to permit a fast and straight-forward installation of this number
> of client systems. Although I liked your proposal to load the key from a
> file ("file:/a:\statickey.txt"), I am now thinking that we should be
> able to load (and save) all settings of a peer including a list of host
> and network target addresses that require individual routes. This makes
> it possible to distribute a disk with the CIPE client software and a
> (possibly automatically generated) configuration file that even the
> unexperienced Windows user can install.
> I have now finished cipe-2.0.pre-15.wa-15 that has all these features
> enabled. Our first tests show that it is now, in fact, possible to
> safely install a Windows CIPE client with a couple of clicks. You may
> download this version from
> and check it out. The sources are here:
> The syntax of the configuration file is exactly the same as on the Linux
> side, and Windows and Linux line delimiters are accepted so the Linux
> /etc/sysconfig/network-scripts configuration file can be used to
> configure the related Windows client without any change. Additional
> information can be stored using the keywords (not case sensitive) KEY,
> CIPHER, TIMEOUT, TARGETS, UP, DOWN - but this information, namely the
> key, can also reside in a different file. Space (' ') or equal sign
> ('=') are accepted between keyword and value so that the syntax used in
> the /etc/cipe/options.* file is also understood.
> These are the most recent changelog entries:
> #13 03/22/03 cbe
> Added "Load", "Load Remote" and "Save" buttons to load a local and a
> remote peer configuration from file, and to save the current peer
> configuration to a local file, respectively. Fixed a problem of the
> hostname verification that prevented not fully qualified host names
> from being successfully verified.
> #14 03/24/03 cbe
> Removed the "Load Remote" button and implemented automatic recognition
> of the settings file (based on the local PTP address). Added a new edit
> field to specify additional targets that will be included in the
> automatically generated routing script. At the end of the "Load"
> procedure, the routing script will be generated and saved, if the name
> of the startup script file and a target list are provided. The target
> list may contain IP addresses of hosts or networks. If a non-standard
> mask is used, it may be specified using the a.b.c.d/m.n.o.p notation.
> The usual white space delimiters (space, comma, colon etc.) are
> recognized to separate the various list elements from each other. If a
> key was specified, a dialog is started to optionally encrypt the key
> when it is written to the registry. If the CIPE panel is started but the
> local PTP address is not yet set, a message is displayed and the dialog
> will quit.
> #15 03/24/03 cbe
> Added verification step when a new passphrase is entered.