<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: cipe-l,AT,inka,DOT,de
Subject: CIPE 1.6.0 on Fedora Core 2 (Solution)
From: Edwin Overmeer <edwin,AT,overmeer,DOT,hn,DOT,org>
Date: Tue, 21 Dec 2004 13:02:21 +0100
Organization: Home

I have made a rough howto found on some incredible tips here!

Sorry for my terrible English... :-(

I spent a full 3 days to found all the puzzle pieces to compile and
configure CIPE on ClarkConnect 3.0. I have already running several CC
2.2 boxes with the CIPE 1.4.5 rpm without problems and therefore I was
searching for a CIPE vpn solution. A CIPE 1.4.5 connection with CIPE
1.6.0 gives no problems.

Howto compile and configure CIPE 1.6.0 on ClarkConnect 3.0 kernel 2.6.9
(Fedora Core 2)

1. Compile kernel with 'config REGPARM = disabled' (if not you got a
kernel panic on VPN connection)

# apt-get install kernel-sourcecode
# cd /usr/src
# ln -s /usr/src/linux-2.6.9-5.cc linux
# cd linux
# make menuconfig
# goto menu 'Processor type and features'
# disable 'Use register arguments (EXPERIMENTAL)' (This is the real
trick, THANKS Sascha Wuestemann !!!)
# exit and compile the kernel (that's another howto)

2. Compile source CIPE-1.6.0

# uname -r (= 2.6.9-5.cc)
# cd ~/tmp
# tar zxvf tar ../cipe-1.6.0.tar.gz
# ./configure --with-obj=/lib/modules/2.6.9-5.cc/build/
--with-linux=/usr/src/linux-2.6.9-5.cc/
# make
# make install

That's it if you know how to configure CIPE otherwise follow the (rough)
steps 3, 4 and 5

3. Configure CIPE

# ln -s /usr/local/sbin/ciped-cb /usr/sbin/ciped-cb
# cd /etc/cipe
# mv options options.cipcb0
# chmod 600 options.cipcb0 (important, otherwise you got an error in
/var/log/messages)

edit options.cipcb0 (Headquarter 192.168.1.0/24)

-- BOF --
# This is probably the minimal set of options that has to be set

# Without a "device" line, the device is picked dynamically
device cipcb0
# the peer's IP address
ptpaddr 192.168.254.2
# our CIPE device's IP address
ipaddr 192.168.254.1
# my UDP address. Note: if you set port 0 here, the system will pick
# one and tell it to you via the ip-up script. Same holds for IP 0.0.0.0.
me 80.138.60.135:6969
# ...and the UDP address we connect to. Of course no wildcards here.
peer acme.com:6969
# The static key. Keep this file secret!
# The key is 128 bits in hexadecimal notation.
key 6x2xy4vfg03gh6de454c3fhnkcic5a91
-- EOF --

edit options.cipcb0 on the other machine (Satellite 192.168.0.0/24)

-- BOF --
device cipcb0
me acme.com:6969
ipaddr 192.168.254.2
ptpaddr 192.168.254.1
peer 80.138.60.135:6969
key 6x2xy4vfg03gh6de454c3fhnkcic5a91
-- EOF --

# edit and configure /etc/cipe/options.cipcb0 (also another howto, but
that's very simple)
# edit /etc/init.d/ciped, /usr/local/sbin/ip-up, /usr/local/sbin/ip-down
and change all occurrences '/var/run' into '/var/run/cipe'

On the Headquarter machine
# add the local routes in seperate file /etc/cipe/ip-up.local
# cat /etc/cipe/ip-up.local
route add -net 192.168.0.0 netmask 255.255.255.0 gw $5
# add the local routes in seperate file /etc/cipe/ip-down.local
# cat /etc/cipe/ip-down.local
route del -net 192.168.0.0 netmask 255.255.255.0 gw $5

On the satellite machine
# add the local routes in seperate file /etc/cipe/ip-up.local
# cat /etc/cipe/ip-up.local
route add -net 192.168.1.0 netmask 255.255.255.0 gw $5
# add the local routes in seperate file /etc/cipe/ip-down.local
# cat /etc/cipe/ip-down.local
route del -net 192.168.1.0 netmask 255.255.255.0 gw $5

# edit /etc/cipe/ip-up
add these lines at the bottom

# execute anything local (ip-up.local)
[ -x /etc/cipe/ip-up.local ] && /etc/cipe/ip-up.local $*

# edit /etc/cipe/ip-down
add these lines at the bottom

# execute anything local (ip-down.local)
[ -x /etc/cipe/ip-down.local ] && /etc/cipe/ip-down.local $*

# you can ping the internal machines on both sites after adding the route's

4. Configure the firewalls (probably ClarkConnect) on both sides to
accept UDP 6969

5. Start CIPE interactive

# (interactive) /usr/local/sbin/ciped-cb -o /etc/cipe/options.cipcb0

Check and test your connection
# ifconfig cipcb0 (the headquarter cipe-address)
# ping 192.168.254.2 (the satellite machine cipe-address)

or run CIPE as daemon

# /etc/init.d/ciped start

or

# service ciped start (on Red Hat)


<< | Thread Index | >> ]    [ << | Date Index | >> ]