<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: Cipe List <cipe-l,AT,inka,DOT,de>
Subject: Re: Cipe configuration error
From: Joachim Otahal <jou,AT,gmx,DOT,net>
Date: Thu, 04 Jan 2007 02:00:46 +0100
In-reply-to: <20070103171528.ef823567.skraw@ithnet.com>
References: <20070103183546.db162bc3.r.young@irl.cri.nz> <yu0slese37c.fsf@mesquite.charcoal.com> <20070103171528.ef823567.skraw@ithnet.com>

Stephan von Krawczynski wrote:
Please Karl, stop that. If you like OpenVPN more please go and read/write
their mailing-list.
Gibs auf, cipe is tot seit Mitte 2002. Gemäß deiner Homepage sollte man auch besser die Finger von cipe lassen, hat Security Probelme by design, es sollte nicht mehr genutzt werden. Grüße nach Bayern aus Württemberg! (ab jetzt auf englisch:)

The Problem with cipe is that the developer themself gave up the project since cipe has no real reason to continue, OpenVPN is more simple in config, uses existing kernel modules (tun/tap modules), and the link is more reliable. On top of that OpenVPN does not have "by design" weaknesses like the cipe protocol has. OpenVPN uses some parts of cipe-win for its Windows driver code stuff.
Check http://openvpn.net/static.html the config is sooo simple, I just suggest to add the line 'cipher AES-256-CBC'. Server and client side linux/windows mix is no problem, even mac osx clients exist.

You are free to continue developing cipe to work with the latest 2.4 and 2.6 kernels if you want to, cipe is somewhat dead since last code update was January 2002 (see http://sites.inka.de/bigred/devel/cipe.html and http://sourceforge.net/project/showfiles.php?group_id=66201 ).

The most common OpenVPN start problems are: forgotten tun/tap kernel modules in kernel (no prob in debian and other newer distros, just modprobe tun) and missing /dev/net/tun device. For the latter mkdir /dev/net and mknod /dev/net/tun c 10 200 should be sufficient (needed for the six years old RedHat Linux 7.1 as example).

IMHO Olaf Titz should give some big notes on the cipe homepage and the sourceforge-dl page that cipe will not be continued by him, since this mailing list ONLY wakes up due to allways the same reason, cipe in newer kernels/distros.

kind regards,

Joachim Otahal

what does "uname -r" say?


Message sent by the cipe-l,AT,inka,DOT,de mailing list.
Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
Other commands available with "help" in body to the same address.
CIPE info and list archive: <URL:http://sites.inka.de/~bigred/devel/cipe.html>

<< | Thread Index | >> ]    [ << | Date Index | >> ]